Privacy is a hot topic in the realm of smart speakers, fromemployees listening in on recordingsand auditorsaccessing user locations. Now, another issue regarding speakers has been raised, after security researchers revealed that apps accepted by the Amazon Alexa and Google Home platforms could be used to phish users and to eavesdrop on them. Learn more in an interesting Engadget article:
Researchers from the firmSecurity Research Labscreated the apps, known as Skills for Alexa and Actions for Google Home, which exploited security vulnerabilities to hack devices, as reported byArs Technica. SRL created several apps for each platform which appeared to be legitimate skills like a horoscope app, but which actually hid malicious code.
The apps were able to collect personal data including passwords, and also to eavesdrop on users even after they thought that the speaker was no longer listening. This worked by the app giving a fake error message which sounded as if it had closed, while it actually it continued operating and taking down a transcript of everything the user said after that point.
The link for this article located at Engadget is no longer available.