Amazon and Google approved home speaker apps that eavesdrop and steal passwords

There has been a widely talked about conspiracy theory that the Amazon Alexa and Google Home can listen in on intimate conversations. This claim is looking to be looking true as researchers have revealed that two brands approved apps that eavesdropped on their users. 

Amazon Echo Dot & Google Home Mini
Amazon and Google both allowed their users’ privacy to be compromised according to research. Photo: Mack Maleing via Flickr

Private affair

ARS Technica reports that the smart speakers’ third-party apps, published under Skills for Alexa and Actions on Google Home can create concerning privacy issues. These apps are supposed to extend the capability of the speakers but they have created further problems for users. They can be manipulated to listen in on users’ conversations. Along with this, they can vish (voice-phish) for passwords. 

These findings were discovered by Security Research Labs, which shared how the information can be compromised. The group tested the privacy breaches by testing both phishing and eavesdropping scenarios. 

Google Home Mini
Those with a Google Home device need to be careful about the apps that they install. Photo: Mack Male via Wikimedia Commons

Put to the test

The first test was for phishing with Google Home.

The second test, phishing with Amazon Alexa.

The group then moved onto eavesdropping. Firstly by looking at Alexa.

Lastly, another eavesdropping test but with Google Home.

All four videos confirmed the apps’ infiltration capabilities, creating potentially serious situations for users.

Security Research Labs’ senior security consultant, Fabian Bräunlein spoke the prospective security risks.

“It was always clear that those voice assistants have privacy implications—with Google and Amazon receiving your speech, and this possibly being triggered on accident sometimes,” Bräunlein told ARS Technica.

“We now show that not only the manufacturers but… also hackers can abuse those voice assistants to intrude on someone’s privacy.”

Amazon Echo
Those with an Amazon Echo also need to be careful about its third-party apps. Photo: Pexels

Security needed

These smart speakers are powerful devices but they are often in private homes. Therefore, manufacturers have a responsibility to ensure that their products are not compromised by third-party companies. 

Along with this, users need to be aware of the potential of harmful voice apps that could abuse their smart speakers. Ultimately, using a new voice app should be treated in the same way as installing a program or app on a laptop or mobile device. There needs to be safety checks.

Google and Amazon are both market leaders within the smart home market. Amazon’s Echo and Dot can play music and control other Amazon devices such as the Amazon Smart Plug. These products can also collaborate with other smart home technologies such as video doorbells.

Additionally, Google Home combines with the Google assistant for a well-rounded home hub experience. security cameras such as the Nest Cam IQ and speakers such as the Nest Mini partner with the Nest Hub to deliver an all-encompassing security network.

Therefore, with access to all corners of a user’s home, sonically and visually, there needs to be proper checks done to ensure security is delivered, not compromised.

What do you think of these privacy concerns? Let us know your thoughts on the research in the comment section.

2 Shares:
avatar
  Subscribe  
Notify of
You May Also Like