October 24, 2019

Hey Google and Alexa, how easy is it to take control?

by Jefferson Graham, Usa Today

amazon alexa
Credit: CC0 Public Domain

Hey, Google and Alexa—say it ain't so.

Berlin-based researchers Security Research Labs have published their latest findings online, showing how the Google Home and Nest speakers, as well as Amazon's Echo products, could be taken over by hackers. Once there, they could listen to your conversations, steal your passwords and more.

"As the functionality of smart speakers grows, so too does the attack surface for hackers to exploit them," the company noted, in a blog post.

The seemingly innocuous little speakers that only come to life after hearing the "wake" word ("Alexa" or "Hey, Google"), in fact, listen in way more often.

By default, Amazon records every interaction with Alexa, and Google also records you, after getting you to grant it permission. Both hold onto your recordings unless you go into Settings and make a change.

Amazon, Google and Apple say they keep the recordings, and monitor them, to improve the accuracy of the assistants.

Beyond the snooping, consumers should also be concerned about adding the third-party Alexa "skills" and Google "actions," to do more things with the speakers.

SRLabs developed eight bogus ones to show how easy it would be to exploit the speakers, calling them "smart spies" and posted several videos on YouTube to demonstrate.

Amazon and Google both say they have updated their processes for publishing new Alexa skills and Google actions to prevent this from happening.

"We have put mitigations in place to prevent and detect this type of skill behavior and reject or take them down when identified," Amazon said in a statement. Said Google: "We are putting additional mechanisms in place to prevent these issues from occurring in the future."

In the videos, a researcher shows the bogus horoscope apps SRLabs created and how it could be tweaked with a bogus error message, followed by silence. The user thinks the app has stopped working, when in fact, it has taken control of the speaker and began recording.

In another example, the app says it needs to update and asks the user for a password (which Amazon and Google would never do) to complete the process.

(c)2019 U.S. Today
Distributed by Tribune Content Agency, LLC.

Citation: Hey Google and Alexa, how easy is it to take control? (2019, October 24) retrieved 19 April 2024 from https://techxplore.com/news/2019-10-hey-google-alexa-easy.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

The corporate spat is over between Google and Amazon: YouTube is again available on Amazon Fire TV
0 shares

Feedback to editors
Team develops a way to teach a computer to type like a human

9 hours ago
Universal 'cocktail electrolyte' developed for 4.6 V ultra-stable fast charging of commercial lithium-ion batteries

9 hours ago
Garbage could replace a quarter of petroleum-based jet fuel every year

10 hours ago
For more open and equitable public discussions on social media, try 'meronymity'

12 hours ago
Mess is best: Disordered structure of battery-like devices improves performance

12 hours ago
Meta's newest AI model beats some peers. But its amped-up AI agents are confusing Facebook users

13 hours ago
An ink for 3D-printing flexible devices without mechanical joints

13 hours ago
Floating solar's potential to support sustainable development

14 hours ago
Harvesting vibrational energy from 'colored noise'

14 hours ago
New understanding of energy losses in emerging light source

14 hours ago
Load comments (0)