Amazon ALEXA and Google Speakers are not privacy-friendly at all. Yes, you’ve read it right! The apps that are used to control and connect with Alexa and Google Home are ‘Skills’ and ‘Actions’ which exploit user’s privacy and could be used to cause phishing and other fraudulent activities through eavesdropping.
Privacy is a very debated and sensitive topic in the online realm. And everyone wants to keep themselves far away from any kind of phishing and fraudulent acts. The danger of being hacked or becoming a target of any phishing activities are way higher in this age and era. And to avoid becoming one such target, we put our trust in promising companies like that of Google and Amazon.
But reports say that, security researchers from the firm, Security Research Lab created the apps ’Skills’ for Google smart speakers and for Amazon smart speaker ‘Actions’ which exploits security vulnerabilities to hack devices. These apps that are created by the Security Research Lab have different legitimate skills but hid malicious code in them.
For example, if I tell Alexa to add some products to my cart from any online app or store. The app would first check my order history for accurate details on the product. Then, Alexa would confirm the product with me and add it to my cart. It will then activate the Echo Dot’s microphone for a short while and then wait for me to reply and confirm the product that is whether ‘yes’ or ‘no’. If I don’t reply to them, the microphone is switched off again.
Nevertheless, the malicious apps can leave the microphone switched on and record what the users speak for much longer. But this is not the case with Apple’s HomePod. As the only way to do so would be direct interaction of the third party with Siri is through Apple’s APIs. APIs stands for Application program interface. Therefore Apple HomePod is a very safe option if one were to own a smart speaker.
“To prevent ‘Smart spies’ attacks, Amazon and Google need to implement better protection, starting with a more thorough review process of third-party Skills and Actions made possible in their voice app stores,” said one of the researchers from the Security Research Lab.
Now, both the companies are working on this aspect and are strengthening their procedures for reviewing their apps. But the existence of such fraudulent and malicious smartphones apps on the Google play store platform proves the difficult task of security vetting apps are. Therefore, the users must be more aware of such apps and must approach the installation of new voice app with caution just like installing a new app for your smartphone.
As just like there is various personal information saved on your smartphones the same may be true for your Smart speaker, malicious voice can eavesdrop on your conversation and may pass it on to God knows ‘who’. As the apps can potentially collect all your information and data, including your passwords, even though the speakers may no longer sound speaking.