Tag Archives: Amazon

Posted on Author Atlantic Computer Services Categories Blog

Cashless Shopping Could Get Easier In the Future

For decades, futurists have been promising a cashless society and all the convenience that comes with it. So far though, the technology we have available hasn’t lived up to the promise.

Sure, we’re moving inexorably in the direction of a cashless society, but we’re doing so at a snail’s pace. We’re moving in such tiny increments that it sometimes seems that the day will never arrive.

Fortunately, that’s changing, at least if Amazon has anything to say about it. Recently, the US Patent and Trademark Office published a patent application from Amazon detailing a touchless scanning system. If the company moves forward with the development of the technology described in the patent application, the future could see Amazon customers to pay at the checkout counter simply by swiping their hand.

In the here and now, visitors to ‘Amazon Go Cashierless Stores’ need to scan an app to get in and check out, but that could change markedly in the years ahead.

Granted, filing a patent application and actually creating a viable technology around it are two very different things. However, if this technology makes it into the real world, it stands to change the face of shopping forever.

According to the application filed, Amazon’s vision for the technology would be the development of “a scanner device that is used to obtain raw images of a user’s palm that is within a field of view of the scanner…the first set of images depict external characteristics, such as lines and creases in the user’s palm while the second set of images depict internal anatomical structures, such as veins, bones, soft tissue, or other structures beneath the epidermis of the skin.”

Based on the early read, the technology sounds as ambitious as it is amazing. However, Amazon has pulled off larger miracles than this. We admire the vision and look forward to seeing how things develop from here.

0
Posted on Author Atlantic Computer Services Categories Blog

Update Amazon Blink Cameras To Fix Security Vulnerabilities

Do you have a home security system that incorporates Amazon’s Blink XT2 cameras?

If so, be advised that researchers at Tenable Security recently identified several serious security flaws that would allow an attacker to take control of the cameras remotely and use them to spy on you and your family.

The security issues are centered in the cameras’ Sync Module. It acts as a bridge between the camera itself and the cloud and allows users to divide their camera suite into discrete zones that cover different parts of the home. It also allows them to activate the cameras located in various zones at different times throughout the day and night.

Unfortunately, these vulnerabilities allow an attacker to selectively activate or deactivate cameras and view archived footage.

The researchers had this to say about the issue:

“When checking for updates, the device first obtains an update helper script (sm_update) from the web, and then immediately runs the content of this script with zero sanitation.  If an attacker is able to MitM this request (either directly or indirectly – through some sort of DNS poisoning or hijacking) they can modify the contents of this response to suit their own needs or desires.

The most obvious attack scenario for this flaw would be some sort of insider threat – babysitters, house or pet sitters, Airbnb guests, or anyone else with somewhat privileged access to your home.”

The good news is that Amazon has moved quickly to address the issue and has already issued a firmware update.  All you need to do at this point is check your Blink XT2 cameras to be sure they’re running firmware version 2.13.11 or later.

However, there’s a caveat. If your camera has already been compromised, it won’t automatically receive the firmware update. In that case, you’ll likely need to hire an expert to manually force the update.  Be sure to check the firmware version of your cameras as soon as possible.  You don’t want your security system to be used against you.

0
Posted on Author Atlantic Computer Services Categories Blog

Are Hackers Using Popular Assistant Devices To Listen To Users?

The utility of virtual assistants like Amazon’s Alexa and Google Home are undeniable.  They’re just genuinely handy devices to have around.

Unfortunately, they’re also prone to abuse and exploits by hackers and unsavory developers. They can be used to spy on and even steal sensitive information from unsuspecting users.

This is not new in and of itself.  Security researchers around the world have, at various points over the last couple of years, sounded the alarm about weaknesses and exploits.  To the credit of both companies, any time this has happened, both Amazon and Google have responded promptly, plugging gaps and shoring up the security of their devices.

Unfortunately, every few months or so, new exploits are discovered.  The two companies are essentially playing Whack-A-Mole with security flaws, which appear to have no end.

Recently, security experts published two videos, one for Alexa and one for Google Home. Each demonstrated a simple back-end exploit that anyone with a DevKit could employ.  The exploits revolve around inserting a question character (U+D801, dot, space) to various locations in the code. Then they introduce a long pause during which the assistant remains active and listening.

To give you an idea of how this could be exploited, one of the example videos shows a horoscope app triggering an error, but the presence of the special character introduces a long pause during which the app is still active.

During the long pause, the app asks the user for their Amazon/Google password while faking a convincing looking update message from Amazon or Google itself.  Given the long pause, few users associate the poisoned horoscope app with the password request.  It seems like it’s coming from the device itself.

It’s both sneaky and troublesome, and worst of all, even when both companies move to address this issue. By this time next month if history is a guide, there will be others.  We’re not saying not to use them, but when you do, be very mindful.

0
Posted on Author Atlantic Computer Services Categories Blog

Backup Still Necessary Even When Using Cloud Services

Do you keep all of your data on the cloud?  If so, you’re certainly not alone.  The past few years have seen a massive migration away from storing critical files locally to placing them on the cloud, where they’re more secure and accessible from anywhere you can get internet.  In fact, many people are so comforted by the amorphous nature of the cloud that they use mass file storage there as a substitute for making regular backups.

If you’re one of the millions of people doing exactly that, you may want to rethink.  Recently, author and programmer Andy Hunt tweeted about an Amazon outage that cost him the files he had stored on the cloud when the company experienced an outage.  His tweet reads as follows:

“Amazon AWS had a power failure, their backup generators failed, which killed their EBS servers, which took all of our data with it.  Then it took them four days to figure this out and tell us about it. Reminder:  The cloud is just a computer in Reston with a bad power supply.”

Cloud based companies often tout their virtually bullet proof up-time and the low failure rates as big selling points for their services.  While those things are undeniably true and accurate, what Andy said is also true.  At the end of the day, what we blithely call ‘The Cloud’ is just a series of computers located somewhere else. Unfortunately, those computers like the one on your desk are prone to catastrophic hardware failures.

That’s why it’s important that even if you’re using the cloud extensively for your most important files, you also take the time to make backups on a regular basis.  Cloud storage isn’t the best solution, and it certainly shouldn’t be seen as a substitute for robust backups.

0
Posted on Author Atlantic Computer Services Categories Blog

New Phishing Scam Targets Your Amazon Account

McAfee researchers have discovered a new version of the 16Shop phishing kit in use by hackers around the world. According to the latest research, there are now more than 200 URLs currently being used by hackers to collect login information from Amazon customers. The methodology the hackers are using is simple. The hackers craft an email that appears to come from Amazon that indicates a problem with the user’s account.

Ironically, most of the emails claim that an unauthorized login was attempted on the user’s account and the email recommends that the user log in immediately to check and make sure nothing has been tampered with.

The email “helpfully” includes a link that appears to point to an Amazon login page, but of course, it’s actually one of the aforementioned hacker-controlled URLs.  If a user enters their login credentials, they’re simply handing those details to the hackers. They can then log into the user’s account at their leisure, make any changes they like, and order products or steal data at will.

16Shop is a sophisticated product that has been used in a variety of ways.  A previous variant was discovered in late 2018, which targeted Apple users via emails that contained a PDF attachment.  The PDF was poisoned, of course. If the links it contained were clicked on, they would direct the recipient of the email to a URL controlled by the hackers. That URL would ask for the recipient’s Apple account information, including payment card details.

These kinds of attacks are notoriously difficult to stop.  Vigilance and mindfulness are the keys to keep from being taken in.  A good policy to adopt is simply this:  Any time you get an email that appears to come from a company, don’t click the link.  Open a browser tab yourself and manually type the address in.

 

0
1 2 3 4