Home » News » Audio Video » Fresh Google Assistant, Amazon Alexa vulnerabilities exposed for allowing eavesdropping, phishing

Fresh Google Assistant, Amazon Alexa vulnerabilities exposed for allowing eavesdropping, phishing

By Digit NewsDesk | Updated on 23-Oct-2019
Fresh Google Assistant, Amazon Alexa vulnerabilities exposed for allowing eavesdropping, phishing
Digit NewsDesk Digit NewsDesk
23 Oct 2019 14:23
HIGHLIGHTS

Security researchers expose new vulnerabilities with Google Assistant, Amazon Alexa

They allow attackers to eavesdrop on your commands, pose as the service provider

Virtual assistant services have been called out in the past for weak links in their security and privacy policies. In May this year, Amazon was found retaining copies of users’ transcripts in its servers even after users deleted their interactions with Alexa. Now, however, a new report from Security Research Labs suggests that Google Assistant and Amazon Alexa possess vulnerabilities that can potentially allow online attackers to eavesdrop on the user and pose as the service provider (phishing as Google or Amazon). The vulnerabilities are detailed in a long article and explained in brief in a few short videos.

According to the two videos that talk about eavesdropping, one of the vulnerabilities opens the door for online attackers to listen in on the user after they have finished giving a command. Apparently, the vulnerability could give an attacker up to thirty seconds to eavesdrop on the user after the command is received. During this period, the user is unaware that the device is still listening to them. Any words uttered by the user during this period could be used against them without their knowledge in the future.

The two videos that cover the phishing vulnerability suggest an even more dangerous scenario where the user unknowingly discloses their password to the attacker. We see in the videos that the vulnerability, when exploited, informs the user that the device has a software update ready but needs the user’s account password to proceed. The device then listens for the user’s password and transmits it to the attacker, which could then be a key to the user’s credit card information.

While both vulnerabilities seem complicated to exploit, it’s not impossible for an attacker to get a smart speaker or smart display to ask for the user’s password. With the account password, it’s easy to obtain information like the user’s home and work address. The videos posted by Security Research Labs act as a reminder for all of us to never share one’s account password with anyone or anything, including the device itself. Google Assistant or Amazon Alexa will never ask its users to speak their account password openly.

Digit NewsDesk

Digit NewsDesk

Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo