What is voice SQL injection and how Alexa was hacked with it?

  • The expert tried to access an administrator account for which he did not have authorization with the name and identification of the account
  • Alexa originally denied the expert’s request
  • The expert tried to dodge Alexa’s refusal by calling a random number with syntax that would trigger SQL injection
  • When the system requested an account ID, the expert only said a random number and added another command, which gave him access to any line in the database
  • In the end, Alexa provided the expert with the balance information of the unauthorized administrator account

--

--

Knowledge belongs to the world

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store