Vulnerability in Alexa Google Can Be Exploited To Eavesdrop

Walden Systems Geeks Corner News Vulnerability in Alexa Google Can Be Exploited To Eavesdrop Rutherford NJ New Jersey NYC New York City North Bergen County
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

esearchers found new ways that hackers can exploit Alexa and Google Home smart speakers to spy on users. The hack can eavesdrop and voice-phish by using people's voice cues to determine passwords. The vulnerability is in small apps created by developers for the devices to extend their capability, Skills for Alexa and Actions on Google Home.

There are many other ways researchers already found for hackers to access or record personal information of people using digital home assistants. Through the standard development interfaces provided to third parties to extend functionality of the devices, Researchers at SRLabs found two ways to compromise data privacy. One to request and collect personal data, including user passwords. And a second, to eavesdrop on users after they think the smart speakers are no longer listening.


The hack has three steps. First, they leverage something called fallback intent, “which is what a voice app defaults to when it can't assign the user's command to any other intent and offers help. The typical response is "I'm sorry, I did not understand that. Can you please repeat it?" The second step is for eavesdropping on Alex users. In this step, hackers can exploit the built-in stop intent of the devices, which reacts to a user saying "stop" by leveraging the capability to change an intent's functionality after the application had already passed the platform's review process. Lastly, hackers can leverage a quirk in Alexa's and Google's text-to-speech engine that allows for the insertion of long pauses in the speech output.

To help better protect users against Smart Spies attacks, Amazon and Google should implement better protections as soon as possible, starting with a more thorough review process of third-party Skills and Actions that are released through their voice-app stores. The privacy implications of an internet-connected microphone listening in to what we say are far reaching. Users need to be more aware of the potential of malicious voice apps that abuse smart speakers.