Amazon Alexa, Google Home approved malicious apps that eavesdropped, phished

Security researchers are saying that the companies need to implement better protection

Security researchers have revealed that they were able to create apps accepted by Google and Amazon to eavesdrop through the companies’ smart speakers.

Researchers at Security Research Labs determined that malicious apps were able to make it through Amazon’s and Google’s app vetting processes.

Through the apps, the researchers were able to hack devices by exploiting security flaws. Although the apps appeared to be legitimate, they hid malicious code.

The apps collected personal information such as passwords. They were also able to eavesdrop even when they thought the speaker wasn’t listening anymore.

This was possible because the apps would give a fake error message that made it seem that it has been turned off. However, the apps continued to listen and create a transcript of what the smart speakers heard.

“To prevent ‘Smart Spies’ attacks, Amazon and Google need to implement better protection, starting with a more thorough review process of third-party Skills and Actions made available in their voice app stores,” the researchers stated.

Amazon and Google removed the apps once the researchers disclosed the issue. Both companies have said they are improving their vetting processes.

Source: Security Research Labs Via: Engadget