Amazon And Google Allowed Malicious Apps To Eavesdrop On Recordings

Smart speakers now have to face a lot of criticism when they’re becoming a hot topic for those who are worried about their privacy (of course, most of us are included). Whatever kinds of ways they do, either listening in on users’ recordings or giving auditors the ability to access location data, they draw a slew of both worries and angriness from us. Ironically, a team of security experts has just revealed that Google Home and Amazon Alexa did approve risky apps to be installed, meaning that they could easily turn into cyber thieves.

Known as Skills and Actions for respectively Amazon Alexa and Google Home, a firm called Security Researcher Labs reportedly stood behind them. According to Ars Technica, they were able to exploit security vulnerabilities to hack users’ devices. SRL also wrote a bunch of apps for other platforms, which weren't as what it appeared to be. For example, a horoscope app promoted with legitimate skills actually kept malicious code behind the closed door.

The apps were used to phish users to harvest their personal data such as passwords, alongside eavesdropping on them even when the speaker seemed to listen to nothing else. Those malicious apps were accepted by moderation teams until the researchers disclosed such issues to both Google and Amazon. As per researchers from SLR, both Google and Amazon need to deploy a better protecting solution to prevent such attacks. Of course, this should be first done during the review process.

Meanwhile, both tech giants apparently never stop lifting up their app-reviewing processes, but there are still so many malicious apps that are prevailing and polluting Google’s Play Store. Needless to say, we should be more aware of such potential threats to self-defense our privacy fortress.