Google and Amazon smart speakers can be leveraged to record user conversation or to phish for passwords through malicious voice apps, security researchers warn.
Unless the two companies take measures to improve the review process and the restrictions for apps integrating with their smart devices, malicious developers could exploit the weakness to capture audio from users.
Called ‘skills’ for Amazon Alexa and ‘actions’ for Google Home, voice apps for these smart speakers are activated using a phrase (‘invocation name’) designated by the developer to start the app, which is typically the name of the app.
Read more…
Source: Bleeping Computer