The major privacy concern that could slow smart speaker growth
Owners of Amazon Echo and Google Home smart speakers may have been spied on by third-party apps which had been approved by the tech companies.
Berlin-based Security Research Labs (SRL) approached the technology giants with eight apps that deliver horoscopes and generate random numbers.
As with most speakers, everything that their voice identification services are ordered to do is taped and kept for employees to listen to recordings to train its artificial intelligence.
Once approved, the Echo Skills and Home Actions apps were reportedly modified to eavesdrop and steal passwords.
Consumers who used Alexa or Google to link with the horoscopes would not have realised that when they finished and heard a “goodbye” message, the microphone would, after a long pause, carry on recording for a few seconds.
Or the malicious app would command, “An important security update is available for your device. Please say, ‘Start update,’ followed by your password.”
Whatever else the user said would be transcribed and sent back to the hackers.
The software has now been deactivated by the companies, which say they have included more processes to ensure spying does not occur in the future.
“Smart spies undermine the assumption that voice apps are only active as long as they are in dialogue with the user,” Karsten Nohl, SRL’s chief scientist, told BBC News. “Users should be very suspicious when any smart speaker asks for a password, which no regular app is supposed to do.”
Apple stated its HomePod is safe because the company doesn’t allow third-party access.