Alexa, Google Home approved apps allow eavesdropping on users

California [USA], October 21, 2019

Apps approved by Amazon and Google for their voice-controlled smart devices could allow spying on users, according to a security report.

The smart speaker voice apps called Skills for Alexa and Actions on Google Home contain vulnerabilities that can be abused to listen in on users or voice-phish their passwords, Security Research Labs (SRLabs) notes in its official blog. The researchers found two possible hacking scenarios that allow a hacker to phish for sensitive information and eavesdrop on users, turning the assistants into ‘Smart Spies’. The security loopholes have been disclosed to Amazon and Google.