Team of 'white hat' hackers found bugs in Amazon Echo and Galaxy S10

amazon echo

A team of leading security researchers was recently crowned top hackers after finding vulnerabilities across multiple devices including an Alexa-powered Amazon Echo and a Samsung Galaxy S10.

Amat Cama and Richard Zhu, who go by Team Fluoroacetate, compromised the devices at an international bug bounty event called Pwn2Own in Tokyo late last week. The event, hosted by Zero Day Initiative, is home to "white hat" hackers who are paid top dollar if they find previously unknown bugs in gadgets supplied by big tech companies.

The vulnerability Cama and Zhu found in the Echo allowed them to "take control" of the gadget, according to Pwn2Own. And finding the bug earned them $60,000. Amazon told Tech Crunch the is "investigating this research" and will take action to correct its devices if necessary.

Amazon didn't offer a timeline for getting the bug patched.

The hackers used a bug in Java Script to gain access to a photo on the Samsung Galaxy S10, earning them $30,000. In total, they took home $195,000 after targeting a Samsung television and a Xiaomi laptop.

For the third year in a row, Team Fluoroacetate was awarded the top "Master of Pwn" title.

Now, the companies that offer the devices have 90-days to fix the vulnerabilities through before details are shared with the public.

After Cama and Zhu executed code on Tesla Model 3 software earlier this year, they were awarded $375,000. Tesla fixed the issue soon after via an over-the-air update.


Explore further

Samsung says it's fixing Galaxy software that hackers could breach

Citation: Team of 'white hat' hackers found bugs in Amazon Echo and Galaxy S10 (2019, November 11) retrieved 14 December 2019 from https://techxplore.com/news/2019-11-team-white-hat-hackers-bugs.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
2 shares

Feedback to editors

User comments