Audio Signal Command Injection in Amazon Echo Devices
CVE-2023-33248

7.6HIGH

Key Information:

Vendor: Amazon
Status: Alexa
Vendor: CVE Published:; 24 May 2023

What is CVE-2023-33248?

The Amazon Alexa software in Echo Dot 2nd and 3rd generation devices is vulnerable to a sophisticated form of command injection that exploits audio signals within the 16 to 22 kHz frequency range. This range often goes unheard by the average human, allowing attackers to issue security-relevant commands that typically would not be communicated by legitimate users. Due to the nature of these commands and the lack of audible detection, a significant portion of these attacks can succeed without detection, posing a serious security risk to users reliant on these smart devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://cios2023.org/papers

https://www.usenix.org/system/files/sec23fall-prepub-261-...

https://sites.google.com/view/nuitattack/home

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2023
Vulnerability Reserved
May 21, 2023

JSON

Amazon

What is CVE-2023-33248?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.