Connect with us


Google and Amazon allowed creepy eavesdropping apps to its smart speakers


Amazon alexa whisper mode

Voice assistants are everywhere nowadays, and the conversation around them currently is all about privacy, naturally.

Now there’s a new issue to add to the growing list: Both Google and Amazon were caught lazily approving suspicious apps onto their platforms. A major vulnerability was discovered by whitehat hackers over at Germany’s Security Research Labs.

The apps accepted by both Google and Amazon were created by the researchers to test a couple of potential attack vectors, which could eavesdrop on the unsuspecting user, or be used to phish for their credentials. Yikes. Basically, the apps are trained to listen in on you and lift your passwords somehow.

Just great, both Amazon and Google were allowing apps to be used as spies, with eavesdropping and phishing capabilities

To test their exploits, the security researchers created eight innocent-looking apps, consisting of seven Horoscope apps and one random-number generator. Four were uploaded to Amazon Alexa’s platform and another four Google Home.

In these seemingly-innocent apps, they planted the ability to extend the recording time, turning them into eavesdropping tools, or ways to phish for the user’s password. So instead of listening to just a two-second window, the researches extended that time to whatever they want. Basically creating a mic in your home with the sole purpose of extracting sensitive data. The video above outlines one of these attacks on a Google Home device.

Alexa devices could be turned into eavesdropping, credential-phishing tools as well, like in this next video:

Both Google and Amazon have put out statements since the security researchers presented their findings, stating that mitigations have been put in place for these types of attacks and that the app review process has been strengthened. You can read the full statements here.

Still, the fact that the researchers could get these onto the platforms in the first place is worrying. How many unknown apps have similar hacks in them? There’s no concrete evidence saying that third-party apps have been stealing information, but it’s possible. Next time you want to add a third-party app to your voice assistant, maybe do a little research first.

Yikes. Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere. His hobbies include photography, animation, and hoarding Reddit gold.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in News