Another wave of security flaws has hit Alexa and Google Home as researchers found out that these smart devices can be tricked and exploited. They could even be used to eavesdrop on users.
A team of Berlin-based researchers from Security Research Labs called their exploit “Smart Spies” and had developed a collection of applications that helped demonstrate how they attacked these devices and extracted information out of it. They could even bypass all security restrictions that Google or Amazon had placed.
Primarily, Smart Spies hack focuses on phishing a user’s password using a bogus update event. The exploit is mainly based out of a fact that once a skill or app is approved by Google or Amazon, altering its functionality doesn’t require a second review.
Through this flaw, the research team was able to exploit both smart devices and made them listen longer than usual. They did this by using a character that the speakers can’t pronounce, which means they don’t say anything but can continue to listen to further commands. Thus, whatever the user says after, can be transcribed and sent directly to the hacker.
Some videos revealed how both speakers can be tricked into giving out fake error messages and later ask the user for passwords.
Both Amazon and Google have confirmed that they’ll be taking down these skills from any third-party application whenever found. They also said that they have removed actions created by the aforementioned security researchers.