Recently known that Google Speakers and Amazon Alexa are not privacy-friendly. ‘Skills’ and ‘Actions’ are the applications that control and connect with Alexa and Google Home that exploit the privacy of users. They could be used to make fraudulent activities by eavesdropping or cause phishing.
In the online realm, Privacy is a very sensitive and debated topic. From such kind of fraudulent acts and phishing, everyone wants to keep themselves far away. The danger of becoming target to such phishing activities or being hacked are way more in this age and era. We put trust in big companies like Google and Amazon to avoid such targets.
But according to the reports, the apps ‘Skills’ for Google home and ‘Actions’ for Amazon Alexa that are created by Security Research Lab have various legitimate skills but they hide malicious code in them.
For eg, if you tell Alexa to add products to cart on any online store, the app will check your order history for exact product details. Then, it will confirm that product with you and add it to your cart. It will then enable the microphone of Echo Dot for some time and then waits for your reply to confirm that the product is yes or no. If you haven’t replied, then the microphone will be switched off.
However, the microphone will be left switched on by the malicious apps and it record what the users speak. This is not the case with Apple HomePod. Because there would be direct interaction of third party with Siri through Apple APIs (Application Program Interfaces). So, if you want to own a smart speaker, then Apple HomePod is a safe option.
“To prevent ‘Smart spies’ attacks, Amazon and Google need to implement better protection, starting with a more thorough review process of third-party Skills and Actions made possible in their voice app stores,” said one of the researchers from the Security Research Lab.
For reviewing their apps, both the companies are working to strengthen their procedures in this aspect. But Google Play Store having such malicious apps proves the difficulty of security vetting apps are. This is the reason why users must be alert while installing such apps. You need to approach the new voice app with caution just like how you check everything while installing any app on your phone.
Just like how you save the personal info in your smartphone, it is same for your smart speaker. Malicious apps can hear your conversation and may send it to some other. Such apps can collect all you data including passwords. So, be careful while using such apps.