Security researchers at Germany’s Security Research Labs have revealed that an app can eavesdrop and continue listening through your Google Home and/or Alexa. Malicious apps behaving this way can receive the approval stamp from both Google and Amazon putting user’s privacy at risk. How it happens is by using silence as their weapon. Developers leave codes that can’t be pronounced or said by Alexa or Google Home’s AI, so as it attempts to process it, it only leaves a gap of silence while still actively listening.
Google and Amazon have adjusted their privacy settings to prevent malicious apps like these from reaching the market. When these malicious apps will be eavesdropping or listening, they will send all the information they collected to a third-party server including Amazon’s and Google’s. This will enable the mal-intent users listening from the other side use your information however they please. If you’re thinking, “Well, what possible information could they gain from me speaking?” Well, if you purchase anything through your Google Home or Alexa, you may need to give out your card’s numbers, you may need to answer some security questions, or you may give out your password.
Google Home or Alex would never ask for you to say your password or any other sensitive information out-loud, and if so, you can always go to the app and input the information through there.
Google and Alexa have addressed these issues by removing apps that are secretly eavesdropping and by strengthening their review processes to prevent similar apps from becoming available. There’s little or no evidence third-party apps are actively threatening Alexa and Google Home users now, but it always good to remain cautious of the apps you download/link with your devices.
To read more of the researchers from SRLab’s Smart Spies, follow the link below.
Malicious Apps on Alexa or Google Home Can Spy or Steal Passwords