The digital assistant and connected speaker does not come out of the negative headlines: in August it became known that the devices that transmit often-sensitive data to the manufacturer, revealed this week, a Berlin-based security firm, as with the Google-Home-assistant, and with Amazon’s Alexa, the personal data can be stolen. The process is called “Vishing”, short for “Voice Fishing”: a voice connection is to be tapped confidential data.
The attack comes in the App Stores, with which the functions of the wizard to expand. In the case of Google Apps Third-party Actions hot, Amazon Skills. Accessed via a key word, and read, for example, horoscopes, from to announce the sports results or play the radio messages.
spying Apps on Amazon and Google
The security company Security Research Labs has now managed to place both Google as well as Amazon “Vishing”-Apps in the Store. The work as follows: First, after the call by the user, the App returns an error message, for example: “sorry, this action is not available in your country.” It brings the user to accept the action have not worked and the App become inactive. But actively, by silence again – the Trick is that you can be the wizard, a space is “read”.
After a certain period of time, the actual data starts theft: The App says an important Update and for the Installation the user needs to utter the command, “Update”, and his password. This can then be used, possibly also with the E-Mail address, tap.
Also eavesdropping are possible
With a variant of the Tricks Lauscha is also a handle on the users. Also, since the App misleads the user, by remaining after the actual action in operation, and the conversations in the room transmitted to the attacker.
The security experts will give the users the advice to install new Skills and Actions with caution and restraint. In addition, you should keep the speaker in the use of new Skills in the eye: Both Google and Amazon, a light indicates when the speaker is listening. This is apparent when an App is active and recording cut, though, you must terminate your use of is actually would have.
The manufacturer asked in turn to improve the review process for Third-party Apps: in Particular, the issue of space should be prevented, and the Apps should also be able to ask for passwords.
Created: 22.10.2019, 13:27 PM