Fresh Google Assistant, Amazon Alexa vulnerabilities exposed for allowing eavesdropping, phishing

Amazon Alexa and Google Assistant could have potentially dangerous vulnerabilities that allow eavesdropping and phishing.

By Digit NewsDesk | Published 23 Oct 2019 14:23 IST
HIGHLIGHTS
  • Security researchers expose new vulnerabilities with Google Assistant, Amazon Alexa

  • They allow attackers to eavesdrop on your commands, pose as the service provider

Fresh Google Assistant, Amazon Alexa vulnerabilities exposed for allowing eavesdropping, phishing
Fresh Google Assistant, Amazon Alexa vulnerabilities exposed for allowing eavesdropping, phishing

Virtual assistant services have been called out in the past for weak links in their security and privacy policies. In May this year, Amazon was found retaining copies of users’ transcripts in its servers even after users deleted their interactions with Alexa. Now, however, a new report from Security Research Labs suggests that Google Assistant and Amazon Alexa possess vulnerabilities that can potentially allow online attackers to eavesdrop on the user and pose as the service provider (phishing as Google or Amazon). The vulnerabilities are detailed in a long article and explained in brief in a few short videos.

According to the two videos that talk about eavesdropping, one of the vulnerabilities opens the door for online attackers to listen in on the user after they have finished giving a command. Apparently, the vulnerability could give an attacker up to thirty seconds to eavesdrop on the user after the command is received. During this period, the user is unaware that the device is still listening to them. Any words uttered by the user during this period could be used against them without their knowledge in the future.

The two videos that cover the phishing vulnerability suggest an even more dangerous scenario where the user unknowingly discloses their password to the attacker. We see in the videos that the vulnerability, when exploited, informs the user that the device has a software update ready but needs the user’s account password to proceed. The device then listens for the user’s password and transmits it to the attacker, which could then be a key to the user’s credit card information.

While both vulnerabilities seem complicated to exploit, it’s not impossible for an attacker to get a smart speaker or smart display to ask for the user’s password. With the account password, it’s easy to obtain information like the user’s home and work address. The videos posted by Security Research Labs act as a reminder for all of us to never share one’s account password with anyone or anything, including the device itself. Google Assistant or Amazon Alexa will never ask its users to speak their account password openly.

Digit NewsDesk
Digit NewsDesk

Email Email Digit NewsDesk

Follow Us Facebook Logo Facebook Logo Facebook Logo

About Me: Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. Read More

Advertisements

Trending Articles

Advertisements

LATEST ARTICLES View All

Advertisements

Hot Deals View All

Blaupunkt BTW07 ANC Moksha-30db, True Wireless Earbuds, Flip top Rotatory Design, 40H Playtime, TurboVolt Fast Charging, CRISPR ENC Tech Quad Mics, GameOn with 80ms Low Latency(Black)
Blaupunkt BTW07 ANC Moksha-30db, True Wireless Earbuds, Flip top Rotatory Design, 40H Playtime, TurboVolt Fast Charging, CRISPR ENC Tech Quad Mics, GameOn with 80ms Low Latency(Black)
₹ 2299 | $hotDeals->merchant_name
Sony WF-1000XM3 Industry Leading Active Noise Cancellation True Wireless (TWS) Bluetooth 5.0 Earbuds with 32hr Battery Life, Alexa Voice Control & mic for Phone Calls Suitable for Workout, WFH (Black)
Sony WF-1000XM3 Industry Leading Active Noise Cancellation True Wireless (TWS) Bluetooth 5.0 Earbuds with 32hr Battery Life, Alexa Voice Control & mic for Phone Calls Suitable for Workout, WFH (Black)
₹ 9949 | $hotDeals->merchant_name
JBL Go 3, Wireless Ultra Portable Bluetooth Speaker
JBL Go 3, Wireless Ultra Portable Bluetooth Speaker
₹ 3252 | $hotDeals->merchant_name
Zebronics Zeb-Bellow Portable Speaker
Zebronics Zeb-Bellow Portable Speaker
₹ 646 | $hotDeals->merchant_name
DMCA.com Protection Status