Security researchers have revealed that apps accepted by the Amazon Alexa and Google Home platforms could be used to phish users and to eavesdrop on them. Researchers from the firm, Security Research Labs (SRL) created two voice apps - Skills for Alexa and Actions for Google Home, in order to demonstrate the security vulnerabilities. SRL created several apps for each platform which appeared to be legitimate skills like a horoscope app, but which actually hide malicious code.
The apps were able to collect personal data including passwords, and also eavesdrop on users even after they thought that the speaker was no longer listening. This worked even after the app sounded as if it had closed, while it actually continued operating and took down a transcript of everything the user said after that point.
All of the malicious apps were approved by moderation teams, and were only removed when the researchers disclosed the issue to Amazon and Google.
SLR researchers have asked Amazon and Google to implement better protection, starting with a more thorough review process of third-party Skills and Actions made available in their voice app stores to prevent 'Smart Spies' attacks.
Both companies demand to strengthen their processes for reviewing apps, but the prevalence of malicious smartphone apps on platforms like the Google Play Store demonstrates how difficult the task of security vetting apps is.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
