Jump to content
  • Sign Up
×
×
  • Create New...
New feature: 1 Vote = 0.10€ for server Owner!

Alexa, Google Assistant Smart Speakers Can be Exploited for Phishing, Eavesdropping: Researchers

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted



Alexa,
This is the hidden content, please
Assistant Smart Speakers Can be Exploited for Phishing, Eavesdropping: Researchers

There has been a lot of debate lately regarding the privacy aspect when it comes to smart home devices, but it appears that the concerns are not unwarranted. Experts at Security Research Labs have uncovered vulnerabilities associated with Alexa and

This is the hidden content, please
Assistant voice app backend systems that can be exploited to eavesdrop on users and for phishing out a password with ease. The security experts demonstrated the vulnerabilities in proof-of-concept videos and revealed how easy it is trick users into giving up sensitive information such as passwords and account details.

Security Research Labs

This is the hidden content, please
in its report that malicious parties can use non-readable characters like a “�” in the code of voice apps for
This is the hidden content, please
’s Alexa assistant called Skills, or Actions in the case of
This is the hidden content, please
Assistant. When such a character is encountered in the course of an ongoing interaction between users and the virtual assistant, it prompts a long pause, which tricks users into believing that the app has malfunctioned.

 

In such a scenario, users might think that the interaction has stopped and they need again to say a hotword like “Ok

This is the hidden content, please
” or “Hey Alexa” to initiate an action. But in reality, the malicious party can use this pause to listen to whatever the user has said in the meanwhile, and can send the voice transcript of everything they said in a short duration to a dedicated server belonging to hackers.

Similarly, when the unreadable “�” character induces a short pause, say for 30 seconds to trick users into believing that something has malfunctioned, the malicious party can follow that up in their voice app with a code that reads a fake update message. In such cases, the false update voice prompt may ask users to say their password to install the update, and might also ask for more information such as the linked account. With this info, one can take control of an unsuspecting user’s

This is the hidden content, please
or
This is the hidden content, please
account.

 

The eavesdropping and phishing vulnerabilities can be exploited via the backend that

This is the hidden content, please
and
This is the hidden content, please
provide to developers of Alexa skills and
This is the hidden content, please
Assistant actions. And in the absence of stringent vetting protocols, malicious parties can gain access to functions that provide them access to critical commands and subsequently control how the virtual assistants behave. Security Research Labs reported the vulnerability to
This is the hidden content, please
and
This is the hidden content, please
months ago, but they are yet to be patched. Moreover, since
This is the hidden content, please
and
This is the hidden content, please
do not vet the code of app updates, malicious parties have a free hand here.

“All Actions on

This is the hidden content, please
are required to follow our developer policies, and we prohibit and remove any Action that violates these policies. We have review processes to detect the type of behaviour described in this report, and we removed the Actions that we found from these researchers”, a
This is the hidden content, please
spokesperson was
This is the hidden content, please
as saying by ZDNet regarding the issue, but
This is the hidden content, please
is yet to issue a statement.
This is the hidden content, please
also wants to spread awareness that the
This is the hidden content, please
Assistant won’t ask them for sensitive information such as a password via a voice skill, with the intention of keeping them aware of such deception.





This is the hidden content, please

alexa

This is the hidden content, please
assistant action skill phishing eavesdropping vulnerability research
This is the hidden content, please
,alexa,
This is the hidden content, please
assistant,
This is the hidden content, please
assistant actions,alexa skills,phishing,eavesdropping
#Alexa #
This is the hidden content, please
#Assistant #Smart #Speakers #Exploited #Phishing #Eavesdropping #Researchers

This is the hidden content, please

0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept