Smart Speakers Accused of Voice Phishing

Smart Speakers Accused of Voice Phishing

Dennis Snider

263 Posts




Smart speakers such as Google Home or Amazon Echo are unquestionably handy in the home, but concerns are being raised that their security could use a little boost.

Such concerns have been around since the speakers were first introduced, and Security Research Labs, based in Berlin, have been investigating claims that the devices can be employed for eavesdropping on users or harvesting personal information.

The researchers have demonstrated that it is indeed possible to use different applications to undertake attacks on users through these devices and they have shown the ways in which hackers can circumvent the security processes put in place by Google and Amazon.

One of the attacks sends fake update alerts to users in order to gain their password. This attack uses the fact that having approved an app, neither Google nor Amazon require further approval even if the nature of the app changes.

Having had an app approved, the researchers changed it so that when users attempted to access it through the speakers, they were told that it was not working. The app would then go silent, making users believe that it was turned off and the device was no longer working. The app then imitates the Google or Alexa user voice, saying that a software update is available and encouraging users to speak out a password to download it.
The same ability to change an approved app without needing further approval is used in an even more insidious manner in another attack.

The fake app stays open when the user thinks it is been shut down, and listens out for trigger words such as “I”; when it hears them it starts sending everything the user says to the attackers, so they can not only hear private conversations but all fresh instructions issued to the device, raising the potential for intervention attacks, e.g. pretending to be the user’s bank and accessing financial details by doing so.

The researchers have passed on their findings to both Google and Amazon, with the recommendation that the approval process for apps should be tightened up.

It is also recommended that both companies should check for companies using secret characters in their apps that can trigger eavesdropping, and that any app which mentions the word “password” should be banned, as no app should need to request a password through a speaker.

In the meantime, it is recommended that caution should be applied when using these devices and that under no circumstances should users speak their passwords into them.

10 thoughts on “Smart Speakers Accused of Voice Phishing

  1. Berniece

    Hi there, I enjoy reading through your article. I wanted to write a little comment to support you.

    Feel free to surf to my site :: best web hosting 2020

    August 11, 2020 at 4:05 am Reply
  2. Walter

    I’m curious to find out what blog system you’re working with?

    I’m experiencing some small security problems
    with my latest site and I would like to find something more risk-free.

    Do you have any suggestions? adreamoftrains best website hosting hosting

    August 11, 2020 at 6:13 pm Reply
  3. Bryan

    Terrific post however , I was wondering if you
    could write a litte more on this topic? I’d be very thankful if you could elaborate a little bit further.
    Appreciate it!

    Take a look at my blog; web hosting services

    August 13, 2020 at 11:28 pm Reply
  4. Remona

    Yes! Finally someone writes about best web hosting company hosting.

    August 25, 2020 at 8:25 am Reply
  5. Maura

    It’s truly a nice and useful piece of information. I’m glad that you simply shared this helpful information with us.
    Please keep us informed like this. Thanks for sharing. y2yxvvfw cheap flights

    August 25, 2020 at 2:05 pm Reply
  6. Kimber

    Pretty section of content. I just stumbled upon your website and in accession capital to claim that I acquire in fact loved account your blog
    posts. Anyway I’ll be subscribing to your feeds or even I success you
    get admission to consistently fast.

    Feel free to surf to my blog post – cheap flights

    August 26, 2020 at 7:05 pm Reply
  7. Maurine

    Great post. I used to be checking constantly this blog and
    I am impressed! Very helpful info specially the ultimate section 🙂 I
    deal with such info a lot. I was seeking this particular information for a long time.
    Thank you and good luck.

    Here is my web page … cheap flights

    August 27, 2020 at 11:38 pm Reply
  8. Ngan

    I constantly emailed this webpage post page to all my friends, for the reason that if like to read it
    afterward my links will too.

    My web blog black mass

    August 28, 2020 at 7:27 am Reply
  9. Jetta

    I relish, lead to I discovered exactly what I used to be having
    a look for. You’ve ended my 4 day lengthy hunt!
    God Bless you man. Have a nice day. Bye

    Also visit my web-site; website hosting companies

    August 31, 2020 at 12:17 pm Reply
  10. Zachary

    I’m really enjoying the design and layout of your website hosting companies.

    It’s a very easy on the eyes which makes it much more pleasant for me
    to come here and visit more often. Did you hire out a developer to
    create your theme? Fantastic work!

    September 5, 2020 at 6:00 am Reply

Leave a Reply

Your email address will not be published. Required fields are marked *