Beware of exploits attacking Google Home and Amazon Echo for spying and phishing on end-users
The Google Home and Amazon Echo like smart speakers are indeed useful devices; however, they come accompanied with several security concerns. Researchers on cyber-security have issued an alert about a pair of exploits, which target Amazon Echo and Google Home appliances, as their creators employ them for either phishing Internauts off their personal information or eavesdropping on people online.
Security Research Labs situated in Berlin thoroughly enumerates the two exploits within an extensive report posted onto its site. It has named the twin exploits "Smart Spies" hacks, while the lab has created some apps for demonstrating the attacks' execution as well as how apps and dexterity employed for effective working of the exploits can counteract the approval processes of Google and Amazon. www.slashgear.com posted this dated October 20, 2019.
Through one set of videos, SRLabs' researcher team depicts the working of the hacks. According to one method, a move on Google Home enables end-users to request the generation of an arbitrary number. And as the move actually happens, the software, however, keeps on listening over an overtly lengthy period even after it has given its first commands. The other method involves an apparently harmless horoscope skill to operate Alexa as it bypasses a 'halt' command from the end-users while keeps on quietly listening.
For each of the cases, the researchers managed abusing vulnerability within the two voice assistants that let the team continue listening for an unusually long time. For this, the researchers fed the assistants several characters that the assistants couldn't pronounce, implying they remain mute, and still go on listening for more commands.
Evidently, mediums for eavesdropping and phishing in the cases can be abused through the backend which Google as well as Amazon provide to custom app developers for Google Home and Alexa devices. The backend enables accessing utilities which developers can resort to for tailoring the commands that any smart assistant would accept as also respond to, including the manner of replying.
The bottom line: end-users should handle software of intermediate voice assistants with caution such as allow software to enter their homes that solely come from trustworthy companies.
» SPAMfighter News - 10/25/2019
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!