Article 4SX7Q Alexa and Google Home abused to eavesdrop and phish passwords

Alexa and Google Home abused to eavesdrop and phish passwords

by
Dan Goodin
from Ars Technica - All content on (#4SX7Q)
alexa-eavesdrop-ears-800x450.jpg

Enlarge (credit: Aurich Lawson / Amazon)

By now, the privacy threats posed by Amazon Alexa and Google Home are common knowledge. Workers for both companies routinely listen to audio of users-recordings of which can be kept forever-and the sounds the devices capture can be used in criminal trials.

Now, there's a new concern: malicious apps developed by third parties and hosted by Amazon or Google. The threat isn't just theoretical. Whitehat hackers at Germany's Security Research Labs developed eight apps-four Alexa "skills" and four Google Home "actions"-that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. Behind the scenes, these "smart spies," as the researchers call them, surreptitiously eavesdropped on users and phished for their passwords.

"It was always clear that those voice assistants have privacy implications-with Google and Amazon receiving your speech, and this possibly being triggered on accident sometimes," Fabian Briunlein, senior security consultant at SRLabs, told me. "We now show that, not only the manufacturers, but... also hackers can abuse those voice assistants to intrude on someone's privacy."

Read 13 remaining paragraphs | Comments

index?i=4ttXquY0ii4:HMdXqs0nbho:V_sGLiPB index?i=4ttXquY0ii4:HMdXqs0nbho:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments