October 22, 2019
Researchers successfully sneaked malicious apps behind the defenses of two major smart speaker companies in a test on their security practices.
Experts at Security Research Labs say the apps were design to target personal data like voice-recordings and passwords of both Google Home and Amazon Echo users by posing as software that reads horoscopes through voice-commands.
The apps were only removed once researchers made the company aware of their test.
All eight of the apps designed by the researchers were able to bypass Amazon and Google defenses and were approved by the companies’ moderation teams – a lapse that experts say invites even greater scrutiny on smart devices’ privacy and safety standards.
‘As the functionality of smart speakers grows so too does the attack surface for hackers to exploit them,’ write the researchers in their report.
‘The flaws allow a hacker to phish for sensitive information and eavesdrop on users. We created voice applications to demonstrate both hacks on both device platforms, turning the assistants into “Smart Spies”.’
This article was posted: Tuesday, October 22, 2019 at 3:48 am