Excursions by Amit Gawande

Alexa and Google Home abused to eavesdrop and phish passwords

By now, the privacy threats posed by Amazon Alexa and Google Home are common knowledge. Workers for both companies routinely listen to audio of users—recordings of which can be kept forever—and the sounds the devices capture can be used in criminal trials.

Now, there’s a new concern: malicious apps developed by third parties and hosted by Amazon or Google. The threat isn’t just theoretical. Whitehat hackers at Germany’s Security Research Labs developed eight apps—four Alexa skills” and four Google Home actions”—that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. Behind the scenes, these smart spies,” as the researchers call them, surreptitiously eavesdropped on users and phished for their passwords.

These horror stories of privacy violations on smart speakers are unending. There are just a few options here.

  1. Don’t have anything, that has a mic or camera and is connected to the internet, around you.
  2. If that’s too much for you, don’t have any smart speakers in your home. Use your smartphone to connect to a good old Bluetooth speaker.
  3. If you do want a smart speaker around, learn you to use it cautiously. Switch it off when not needed. Use the mute option. Do not, do not install any third-party skill on the device. Let only Google and Amazon track you. At the very least, they can be held accountable.
replies links
Have you posted a response to this? Provide the URL.