The researchers found that the device uses an older version of Chromium, Google’s open-source browser projects, which had been forked some time during its development. The bug allowed them to take “full control” of the device if connected to a malicious Wi-Fi hotspot, said Brian Gorenc, director of Trend Micro’s Zero Day Initiative, which put on the Pwn2Own contest…
When reached, Amazon said it was “investigating this research and will be taking appropriate steps to protect our devices based on our investigation,” but did not say what measures it would take to fix the vulnerabilities — or when.
The same researchers also compromised Sony and Samsung smart TVs, and the Xiaomi Mi9 smartphone, according to ZDNet, which also reports that “Nobody wanted a piece of the Facebook Portal, and nor did they want to hack Google’s Home assistant.
“Security researchers chose to go after the easier targets, like routers and smart TVs, known for running weaker firmware than what you’d usually find on a smart speaker or home automation hub.”