Som old Amazon devices contain an even older Wi-Fi vulnerability that can be exploited in man-in-the-middle attacks.
The vuln - KRACK, or Key Reinstallation Attack - is a flaw in the four-way WPA2 handshake that begins the protected transaction. The vulnerability leaves the wireless traffic encrypted, but routed through a malicious middle actor that decrypts the data, stores it for use, and then re-encrypts the stream and sends it on its way.
The ESET Smart Home Research Team discovered that first-generation Amazon Echo devices remain subject to the vulnerability, designated CVE-2017-13077, as do Kindle 8th generation e-book readers.
Amazon has issued and distributed a new version of the wpa_supplicant — the vulnerable part of the operating environment. Both Amazon and the researchers strongly suggest that all users make s ..