How could Amazon allow Apple AirPods listings to be hijacked by racist imagery?

Source: TechRadar

When you’re looking to buy a new pair of headphones from Amazon, hate speech is probably the last thing that you’d expect to see. Unfortunately, that’s exactly what happened when, in the early hours of May 3, Amazon users in the UK discovered product listings riddled with racist abuse, including listings for the Apple AirPods and other Bluetooth headphones.

Nadine White, a news reporter for the Huffington Post, took to Twitter to express her dismay at seeing the hijacked product listings while browsing Amazon, saying that the racist imagery "needs to be acknowledged, removed, explained, apologized for asap. Being Black right now is hard enough; we don't need to be called the N- word while shopping online, to boot". 

Despite calls for Amazon to remove the listings – which appeared in the first page of results for the AirPods – they remained in place long enough for screenshots to begin trending on Twitter.

In an email to The Verge, Amazon said that “Our store maintains content guidelines which third party sellers are required to follow.” 

“As soon as this issue was raised, we investigated, removed the images in question and took action against the bad actor,” the company explained. 

Hack or payback?

So, how were these images allowed to be uploaded to Amazon in the first place? And to appear in the coveted first page of results for search terms like ‘Apple AirPods’ and ‘Bluetooth headphones’?

Hacktivism could be the answer. Lotem Finkelstein, manager of threat intelligence at Check Point told TechRadar: “As Amazon is not sharing details of the attack specifics, it is hard to tell exactly how hackers were able to deface so many products at once."

"Looking at the characteristics of the defaced listings, offering the same products having small number to no reviews or sales, one possible explanation can be hacking into accounts of a single owner and defacing its external images. This is a common way for hacktivists to spread their messages," he explained.  

It’s not clear whether the ‘bad actor’ was a hacker, a disgruntled former employee, or a rogue third-party seller – but the likelihood is that the perpetrator had insider access to Amazon’s back end, says Jake Moore, Cyber Security Specialist at ESET.

“For Amazon to be hacked would be quite a feat but not impossible," Moore explained. "They have many layers of security ring-fencing all possibilities to defend a multitude of different threats that are inevitable. Clearly, however, no company is un-hackable and we mustn’t become complacent to the fact that bad actors come in all varieties with different skill sets.

“For an image change to occur, it is most likely someone had back-end access and to only change one image suggests to me that this is an inside job where a begrudged employee, third party or otherwise, has had full access to the image library and decided to change a popular product in high demand to get maximum reach,” he continued.  

“Insider threats are notoriously difficult to stamp out as the suspects need such access to carry out their roles and therefore a level of trust is adhered to. This simple little trick will most likely be traceable to whomever did it but although embarrassing to Amazon, I would be surprised if this was any more sinister.”

So what can be done?

Whoever was behind the attack, it’s clear that Amazon needs to do more to ensure that browsing its listings is safe and secure for every user – and it needs to do it quickly. 

It could be that Amazon needs to improve its vetting process for third-party vendors, which could prove a huge undertaking. 

As Moore explains, “vetting employees is difficult to do for any large company but when employees start spilling out into third party vendors it becomes an even bigger management task”.

Difficult or not, a company with the wealth of Amazon should be able to enact change fairly rapidly, particularly if it turns to image recognition software to prevent the uploading of offensive imagery to its listings. 

It’s likely that Amazon already has something like this in place, and might have image recognition software in place to mitigate the risk of an indecent image being uploaded, but Moore thinks the offensive text was an oversight in the algorithm.

“This is likely to be a big learning curve for the tech giant and won’t be taken lightly." 

TechRadar has reached out to Amazon, asking how the company intends to prevent this kind of thing happening in the future, however it declined to expand on its previous statement.

"This is likely to be a big learning curve for the tech giant and won’t be taken lightly."

Jake Moore, Cyber Security Specialist

Waning trust

It’s not the first time that Amazon has come under fire for the way it handles its third-party sellers, some of which have recently been accused of price-gouging – in other words, raising the price of items far beyond what is reasonably fair. 

Price-gouging has become a big problem for the retailer in the wake of the Covid-19 pandemic, with unscrupulous vendors selling products like face masks and hand sanitizer at enormously inflated prices.

For its part, Amazon says it has “zero tolerance” for price-gouging and that it strictly prohibits sellers from “charging excessively high prices of products and shipping”. Even so, the practice continues.

Not only that, but the US recently added five of Amazon’s websites (including Amazon UK) to its “notorious markets” list, citing the presence of counterfeit and pirated goods among genuine listings – something Amazon dismissed as a “purely political act”. 

Politically-motivated or not, Amazon clearly needs to address a number of issues that could undermine its reputation as a trusted online retailer, particularly with Amazon Prime Day reportedly going ahead in September. 

First and foremost however, it needs to ensure that shoppers aren’t subjected to hate speech when they’re simply looking to purchase a new pair of headphones. 

When you’re looking to buy a new pair of headphones from Amazon, hate speech is probably the last thing that you’d expect to see. Unfortunately, that’s exactly what happened when, in the early hours of May 3, Amazon users in the UK discovered product listings riddled with racist abuse, including listings for the Apple AirPods and other Bluetooth headphones.

Nadine White, a news reporter for the Huffington Post, took to Twitter to express her dismay at seeing the hijacked product listings while browsing Amazon, saying that the racist imagery "needs to be acknowledged, removed, explained, apologized for asap. Being Black right now is hard enough; we don't need to be called the N- word while shopping online, to boot". 

Despite calls for Amazon to remove the listings – which appeared in the first page of results for the AirPods – they remained in place long enough for screenshots to begin trending on Twitter.

In an email to The Verge, Amazon said that “Our store maintains content guidelines which third party sellers are required to follow.” 

“As soon as this issue was raised, we investigated, removed the images in question and took action against the bad actor,” the company explained. 

Hack or payback?

So, how were these images allowed to be uploaded to Amazon in the first place? And to appear in the coveted first page of results for search terms like ‘Apple AirPods’ and ‘Bluetooth headphones’?

Hacktivism could be the answer. Lotem Finkelstein, manager of threat intelligence at Check Point told TechRadar: “As Amazon is not sharing details of the attack specifics, it is hard to tell exactly how hackers were able to deface so many products at once."

"Looking at the characteristics of the defaced listings, offering the same products having small number to no reviews or sales, one possible explanation can be hacking into accounts of a single owner and defacing its external images. This is a common way for hacktivists to spread their messages," he explained.  

It’s not clear whether the ‘bad actor’ was a hacker, a disgruntled former employee, or a rogue third-party seller – but the likelihood is that the perpetrator had insider access to Amazon’s back end, says Jake Moore, Cyber Security Specialist at ESET.

“For Amazon to be hacked would be quite a feat but not impossible," Moore explained. "They have many layers of security ring-fencing all possibilities to defend a multitude of different threats that are inevitable. Clearly, however, no company is un-hackable and we mustn’t become complacent to the fact that bad actors come in all varieties with different skill sets.

“For an image change to occur, it is most likely someone had back-end access and to only change one image suggests to me that this is an inside job where a begrudged employee, third party or otherwise, has had full access to the image library and decided to change a popular product in high demand to get maximum reach,” he continued.  

“Insider threats are notoriously difficult to stamp out as the suspects need such access to carry out their roles and therefore a level of trust is adhered to. This simple little trick will most likely be traceable to whomever did it but although embarrassing to Amazon, I would be surprised if this was any more sinister.”

So what can be done?

Whoever was behind the attack, it’s clear that Amazon needs to do more to ensure that browsing its listings is safe and secure for every user – and it needs to do it quickly. 

It could be that Amazon needs to improve its vetting process for third-party vendors, which could prove a huge undertaking. 

As Moore explains, “vetting employees is difficult to do for any large company but when employees start spilling out into third party vendors it becomes an even bigger management task”.

Difficult or not, a company with the wealth of Amazon should be able to enact change fairly rapidly, particularly if it turns to image recognition software to prevent the uploading of offensive imagery to its listings. 

It’s likely that Amazon already has something like this in place, and might have image recognition software in place to mitigate the risk of an indecent image being uploaded, but Moore thinks the offensive text was an oversight in the algorithm.

“This is likely to be a big learning curve for the tech giant and won’t be taken lightly." 

TechRadar has reached out to Amazon, asking how the company intends to prevent this kind of thing happening in the future, however it declined to expand on its previous statement.

"This is likely to be a big learning curve for the tech giant and won’t be taken lightly."

Jake Moore, Cyber Security Specialist

Waning trust

It’s not the first time that Amazon has come under fire for the way it handles its third-party sellers, some of which have recently been accused of price-gouging – in other words, raising the price of items far beyond what is reasonably fair. 

Price-gouging has become a big problem for the retailer in the wake of the Covid-19 pandemic, with unscrupulous vendors selling products like face masks and hand sanitizer at enormously inflated prices.

For its part, Amazon says it has “zero tolerance” for price-gouging and that it strictly prohibits sellers from “charging excessively high prices of products and shipping”. Even so, the practice continues.

Not only that, but the US recently added five of Amazon’s websites (including Amazon UK) to its “notorious markets” list, citing the presence of counterfeit and pirated goods among genuine listings – something Amazon dismissed as a “purely political act”. 

Politically-motivated or not, Amazon clearly needs to address a number of issues that could undermine its reputation as a trusted online retailer, particularly with Amazon Prime Day reportedly going ahead in September. 

First and foremost however, it needs to ensure that shoppers aren’t subjected to hate speech when they’re simply looking to purchase a new pair of headphones. 

Read more at TechRadar

Latest Gadgets