Last week Codelearn students worked on a new special week – this time dedicated to hacking and cybersecurity. Beside the common contents about the subject which we learned in all our centres, we also organised some activities related to this field.
«Hacking Alexa»: How safe are smart devices at home?
Hacking is the set of techniques which are used to access into a computer system by violating its security measures. About this subject, Codelearn organised in Barcelona the workshop «Hacking Alexa», with Xavier Marrugat as lecturer. Around the question «How safe are smart devices at home?», this teacher from Codelearn explained his analysis about the security of the popular device from Amazon.
The vulnerabilities detected in Alexa can be classified into three types: the physical hacking, which means the physical modification of some parts of the device in order to have control over it; the ones related to the use of some Skills, which are simple programs that can be used with Alexa for specific actions, and its vulnerabilities related to the use of the voice.
From here, the first step of Marrugat was to analyse the device activity during the day, that is to say, understanding how it works and which actions it executes: who is Alexa talking to, what does the speaker do, in which moment all this is done and what are Alexa and the computer servers talking about. The second part of the analysis is related to security: which connections have been established, which data has been shared and how, which certificates are used in connections and how is the access to cookies and the information they keep. Lastly, smart devices security can also be analysed from the perspective of privacy.
While in the case of activity it seems that everything has a justification and in the case of security there are lots of measures that can be adopted by the users, such as keeping the browser updated, delete cookies daily, remember to log out and keeping our computers and smartphones protected against malware (even if we will have to keep a look out of new Skills that could be suspicious, as well as voice hacking that could give orders to Alexa without users permission), from the point of view of privacy there are some aspects that can be dangerous for the security of the device: placing a microphone at home that can record our conversations at any time, the fact that some messages sent through Alexa Messages are not totally encrypted (also we can’t delete all these messages history) or Amazon’s confirmations about their developers listening to conversations.
The conclusions of the workshop «Hacking Alexa» forced us to think about the security of smart devices at home and highlighted the need to be aware about the importance of our personal information as users. In this sense, we have to think twice before giving our information to tech devices because sometimes it is not necessary and it could be a risk for our privacy.
Cybersecurity: How can we contribute to a safer Internet?
Accordingly, Codelearn organised another lecture to raise awareness amongst young people about the risks of giving too much information on the Internet, especially on social media and mobile apps, which tend to ask for access to our smartphones’ microphone, camera or geolocation even if it is not necessary for those apps purpose.
This lecture was intended for both parents and children, so it became an interesting meeting point where adults asked a lot of questions and teenagers shared lots of personal experiences on social media. Either way, they all were given essential recommendations in order to protect their privacy: creating different users for each platform instead of logging in via a unique email or a Facebook account, creating long passwords and change them regularly, avoid public WiFi connections in restaurants or airports and thinking carefully about the contents we post on social media because a simple comment or video can affect our future both personally and professionally.
For that matter, we could note that we all share too much information on social media and it is not something that only teenagers do, since there are practices everyday more extended amongst adults that we should also avoid, such as «sharenting», which means sharing our parenting on social media and posting images of our kids.
What is more, we must start being more responsible and assuring the Internet becomes a safer place, which demands not only the meeting of standards individually but also the mutual respect between users and the need of reporting all the inappropriate content or abusive behaviours we find on the Internet.