Amazon & Google Accidentally Approved Apps that Spy on Users Via Home Speakers

Malicious code disguised as regular apps.

By
Tech
7,040 Hypes 8 Comments

Research has revealed that some third party apps for Amazon Alexa and Google Home can be used to secretly eavesdrop on users, obtaining personal information about them. According to Ars Technica, researchers from German firm Security Research Labs created eight different Skills for Amazon Alexa and Actions for Google Home, all of which appear to be normal but have been confirmed as malicious.

Disguised as regular apps like horoscope readers and random number generators, the Skills and Actions hack home speakers to collect personal data like passwords, as well as spy on users even after they think the speaker is finished listening. The apps give a fake error message to give the impression that they have ended their sessions, however they actually continue listening while taking down a transcript of everything the user says. Soon after, the apps mimic the Voices of Amazon Alexa and Google Home to offer users a false update, prompting them to provide their password for it to be installed.

All of the malicious apps were approved by Amazon and Google, but they were removed once SRLabs privately shared its findings with both companies. As a result, Amazon and Google state that they are revising their app reviewal process to prevent similar cases from happening in the future.

“The privacy implications of an internet-connected microphone listening in to what you say are further reaching than previously understood,” SRLabs said in a recent statement, according to Engadget. “Users need to be more aware of the potential of malicious voice apps that abuse their smart speakers. Using a new voice app should be approached with a similar level of caution as installing a new app on your smartphone.”

Watch the malicious apps in action via the clip below.

Meanwhile, Amazon is continuing to dabble in user experience programs, rolling out a new “Watch Party” feature for Twitch.

Read Full Article
Source
Ars Technica

Join Our Discussions on Discord

The HYPEBEAST Discord Server is a community where conversations on cultural topics can be taken further.

851 Users Online

What to Read Next

The GOAT App Now Offers Apparel and Accessories
Fashion

The GOAT App Now Offers Apparel and Accessories

The platform is moving beyond sneaker resale.

The Stairs From 'Joker' Film Have Become a Tourist Attraction
Entertainment

The Stairs From 'Joker' Film Have Become a Tourist Attraction

Bronx residents hope ill will on the so-called clout chasers.

The Nike Air Fear of God 1 Is Returning in "Oatmeal"
Footwear

The Nike Air Fear of God 1 Is Returning in "Oatmeal"

A brand-new colorway for the popular silhouette.


24hrs Taps DMX, Wiz Khalifa, MadeinTYO & More for 'World on Fire'
Music

24hrs Taps DMX, Wiz Khalifa, MadeinTYO & More for 'World on Fire'

24hrs compiles 11 new songs for his latest album.

Estate of Legendary Artist DONDI & 1xRUN Release 'Iron Man Lives' Skateboard Decks
Arts

Estate of Legendary Artist DONDI & 1xRUN Release 'Iron Man Lives' Skateboard Decks

A hand-numbered and signed edition of 50 screen-printed decks.

Stadium Goods Opens Sneaker & Streetwear Pop-Up Inside Fred Segal
Footwear

Stadium Goods Opens Sneaker & Streetwear Pop-Up Inside Fred Segal

Featuring items from Stadium Goods’ inventory and exclusive capsule collections.

More ▾
 
Subscribe to our Newsletter

Gain access to exclusive interviews with industry creatives, think pieces, trend forecasts, guides and more.

By subscribing, you agree to our Terms of Use and Privacy Policy.

Help us serve you better

We appreciate your support in allowing HYPEBEAST ads, where we can share contents from the latest fashion, to those culturally relevant. In adding HYPEBEAST to your ad blocker's whitelist, ads on our sites will show while you continue to browse.