Smart Spies eavesdropping & phishing Alexa and Google Home

“Smart speakers from Amazon and Google offer simple access to information through voice commands. The capability of the speakers can be extended by third-party developers through small apps. These smart speaker voice apps are called Skills for Alexa and Actions on Google Home. The apps currently create privacy issues: They can be abused to listen in on users or vish (voice-phish) their passwords.”

“As the functionality of smart speakers grows so too does the attack surface for hackers to exploit themSRLabs research found two possible hacking scenarios that apply to both Amazon Alexa and Google Home. The flaws allow a hacker to phish for sensitive information and eavesdrop on users. We created voice applications to demonstrate both hacks on both device platforms, turning the assistants into ‘Smart Spies’.”

SRLabs is a hacking research collective and think tank working on consultancy and in-house projects as well as tools at the cutting edge of security research

Smart Spies: Amazon Alexa Phishing

Smart Spies: Google Home Phishing

Latest articles

Related articles

Leave a reply

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.