Fresh Google Assistant, Amazon Alexa vulnerabilities exposed for allowing eavesdropping, phishing

By Digit NewsDesk | Published on 23 Oct 2019
HIGHLIGHTS
  • Security researchers expose new vulnerabilities with Google Assistant, Amazon Alexa

  • They allow attackers to eavesdrop on your commands, pose as the service provider

Fresh Google Assistant, Amazon Alexa vulnerabilities exposed for allowing eavesdropping, phishing
Fresh Google Assistant, Amazon Alexa vulnerabilities exposed for allowing eavesdropping, phishing

Virtual assistant services have been called out in the past for weak links in their security and privacy policies. In May this year, Amazon was found retaining copies of users’ transcripts in its servers even after users deleted their interactions with Alexa. Now, however, a new report from Security Research Labs suggests that Google Assistant and Amazon Alexa possess vulnerabilities that can potentially allow online attackers to eavesdrop on the user and pose as the service provider (phishing as Google or Amazon). The vulnerabilities are detailed in a long article and explained in brief in a few short videos.

According to the two videos that talk about eavesdropping, one of the vulnerabilities opens the door for online attackers to listen in on the user after they have finished giving a command. Apparently, the vulnerability could give an attacker up to thirty seconds to eavesdrop on the user after the command is received. During this period, the user is unaware that the device is still listening to them. Any words uttered by the user during this period could be used against them without their knowledge in the future.

The two videos that cover the phishing vulnerability suggest an even more dangerous scenario where the user unknowingly discloses their password to the attacker. We see in the videos that the vulnerability, when exploited, informs the user that the device has a software update ready but needs the user’s account password to proceed. The device then listens for the user’s password and transmits it to the attacker, which could then be a key to the user’s credit card information.

While both vulnerabilities seem complicated to exploit, it’s not impossible for an attacker to get a smart speaker or smart display to ask for the user’s password. With the account password, it’s easy to obtain information like the user’s home and work address. The videos posted by Security Research Labs act as a reminder for all of us to never share one’s account password with anyone or anything, including the device itself. Google Assistant or Amazon Alexa will never ask its users to speak their account password openly.

logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

email

Advertisements

Trending Articles

Advertisements

LATEST ARTICLES View All

Advertisements

Hot Deals View All

Audio-Technica QuietPoint Active Noise-Cancelling ATH-ANC40BT in-Ear Earphones Neck Band (Black)
Audio-Technica QuietPoint Active Noise-Cancelling ATH-ANC40BT in-Ear Earphones Neck Band (Black)
₹ 5168 | $hotDeals->merchant_name
Sony WH-1000XM3 Industry Leading Wireless Noise Cancelling Headphones, Bluetooth Headset with Mic for Phone Calls, 30 Hours Battery Life, Quick Charge, Touch Control & Alexa Voice Control – (Black)
Sony WH-1000XM3 Industry Leading Wireless Noise Cancelling Headphones, Bluetooth Headset with Mic for Phone Calls, 30 Hours Battery Life, Quick Charge, Touch Control & Alexa Voice Control – (Black)
₹ 20852 | $hotDeals->merchant_name
realme Buds Wireless in-Ear Bluetooth with mic (Yellow)
realme Buds Wireless in-Ear Bluetooth with mic (Yellow)
₹ 1599 | $hotDeals->merchant_name
OPPO ENCO Free True Wireless Headphone (White)
OPPO ENCO Free True Wireless Headphone (White)
₹ 5990 | $hotDeals->merchant_name
Mi Original Bluetooth Headset (Black)
Mi Original Bluetooth Headset (Black)
₹ 899 | $hotDeals->merchant_name
DMCA.com Protection Status