Because we don't have hd animal dog video sexenough concerns about our digital privacy these days, it seems Amazon's Alexa and Google Home both gave thumbs up to apps that could be used to eavesdrop on users and phish for their passwords.
As reported by Ars Technica, whitehat hackers at Germany's Security Research Labs developed four apps, called "smart spies," for each device that passed muster with Amazon and Google's respective vetting processes, meaning they were approved for public use.
SRLabs disguised these malicious apps as useful tools like horoscope apps and random number generators. They were even given vague, generic names like "Skills" (for Alexa) and "Actions" (on Google Home).
The researchers developed two kinds of apps, one for eavesdropping and another for phishing.
The eavesdropping apps work just fine, but here's the scary part: After they share a message that makes it seem like they are no longer running, they still record everything a user says.
Here is the Alexa skill in action.
And the random number generator created for Google Home.
Pretty damn creepy, right? And cause for concern, especially given what we've learned in recent months about the conversations that Alexa, Google Assistant, and Apple's Siri record. And while those companies have all sworn to improve their respective systems and offer opt-outs, it's the phishing apps from SRLabs that are reallydisconcerting.
In each case, the digital assistant responds to a user request with an error message and seems to quit. But the malicious app is actually waiting for a few moments before claiming an update for the device is available. It then requests a password so it can install the update.
Smart, security conscious users should be alarmed by this, knowing you should never be asked for a password in this way. But, chances are, people who aren't as tech savvy, like your relatives who believe everything they read on Facebook, might be fooled.
In a blog post, SRLabs shares some interesting tidbits about how they got the hacks to work. For instance, with the Alexa eavesdropping app, after it gives its false closing message, the app needs a trigger word to being recording again. It's not that hard to pull off with a generic trigger word like, "I."
But SRLabs reveals that the same hack for the Google Home is far easier to trigger: "For Google Home devices, the hack is more powerful: There is no need to specify certain trigger words and the hacker can monitor the user’s conversations infinitely."
Again, this is incredibly alarming given that all of these apps were approved by moderation teams for both Amazon and Google. According to Ars Technica, the original four apps demoed in the videos above were taken down by SRLabs themselves while four similar, German-language apps were taken down only afterSRLabs disclosed the vulnerabilities to both companies.
SEE ALSO: A fake Amazon Alexa app somehow got into the iOS App StoreAn Amazon rep told Ars Technica, "Customer trust is important to us, and we conduct security reviews as part of the skill certification process. We quickly blocked the skill in question and put mitigations in place to prevent and detect this type of skill behavior and reject or take them down when identified."
Meanwhile, a Google rep told them, "All Actions on Google are required to follow our developer policies, and we prohibit and remove any Action that violates these policies. We have review processes to detect the type of behavior described in this report, and we removed the Actions that we found from these researchers. We are putting additional mechanisms in place to prevent these issues from occurring in the future."
We reached out to Amazon and Google for further comment on the report.
And, as always, trust no one.
Topics Amazon Alexa Cybersecurity Google Assistant Google Home
Brown Appoints Three to CCLPEP Advisory Panel
iPad Air 2024: No OLED, but it’s tipped to get this big display upgrade
Twitch will roll out its TikTok
Amazon deals of the day: Samsung Galaxy Tab A9+, Echo Pop bundle, and more
Poll Monitors Mobilized to Protect Rights of Limited
GT vs. DC 2024 livestream: Watch IPL for free
Manchester City vs. Chelsea 2024 livestream: Watch FA Cup for free
Apple quiet about its iPhone 'spyware attack' warnings — but the mystery may be solved
JANM Recognizes Two ‘Woman Warriors’
Tesla cars are getting a massive software update. Here's everything we know.
JANM Receives 3 Grants to Support 2 New Projects
'Shōgun's writers love all the Blackthorne and Yabushige memes
How to turn off location on iPhone
How to mirror iPhone to TV
Poll: 72% of JAs Disapprove of Trump
How to turn off your PS5
'Shōgun's writers love all the Blackthorne and Yabushige memes
Amazon deals of the day: Apple Watch Series 9, Samsung The Frame TV, Amazon Echo Buds, and more
DMV Director Shiomoto Retiring at End of Year
Best smartphone deal: Get the Google Pixel 7 Pro smartphone for $499.99
Female Referee at Men's World Cup Wants the Game to ShineTokyo Warned of Power Crunch as Japan Endures Heat WaveChinese defense ministry warns 'Taiwan independence' attempt leads nowhereLai's separatist agenda makes dialogue impossible, mainland spokesman saysThink tank launched in Taiwan to promote peaceful reunification of motherlandTaiwan separatists not allowed to profit from mainland: spokespersonAuthor Yamashita Wins Lifetime Achievement AwardPassenger ferry services across Taiwan Strait surge during holiday: spokespersonLai's confrontational approach making dialogue impossibleEXPLAINER: What Is Title IX and What Impact Has It had? Timothée Chalamet brilliantly responds to John Mulaney's standup comedy bit about him People are gluing tiny flowers to their faces for this new eyebrow trend Why it's so hard to determine if mobile phone radiation is safe Will Ferrell is the latest public figure to delete Facebook This is what happens when you make an owl your ring bearer Here's a running list of all the Scott Pruitt scandals Mysterious Instagram account only follows people named Paul Williams, and people want answers Heroic stranger saves Chrissy Teigen from being hit by cyclist Arnold Schwarzenegger comes back from heart surgery with a Tweet for the ages Casey Neistat shares heartfelt video on YouTube shooting
0.1406s , 8458.2734375 kb
Copyright © 2025 Powered by 【hd animal dog video sex】Enter to watch online.Creepiest Alexa and Google Assistant security fail yet,Global Perspective Monitoring
