- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
Hackers show how insecure Alexa/Google Home are, create apps to listen for passwords
Posted on 10/21/19 at 7:50 am
Posted on 10/21/19 at 7:50 am
quote:
Whitehat hackers at Germany's Security Research Labs developed eight apps—four Alexa "skills" and four Google Home "actions"—that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. Behind the scenes, these "smart spies," as the researchers call them, surreptitiously eavesdropped on users and phished for their passwords.
...The eavesdropping apps responded with the requested information while the phishing apps gave a fake error message. Then the apps gave the impression they were no longer running when they, in fact, silently waited for the next phase of the attack.
As the following two videos show, the eavesdropping apps gave the expected responses and then went silent. In one case, an app went silent because the task was completed, and, in another instance, an app went silent because the user gave the command "stop," which Alexa uses to terminate apps. But the apps quietly logged all conversations within earshot of the device and sent a copy to a developer-designated server.
...SRLabs privately reported the results of its research to Amazon and Google. In response, both companies removed the apps and said they are changing their approval processes to prevent skills and actions from having similar capabilities in the future.
LINK /
I hope some of the open source efforts for home voice assistants work out. They're a useful tool if they are properly secured.
2
Posted on 10/21/19 at 8:47 am to TigerinATL
We've started looking at IoT devices a lot more in the last year or so during audits
Posted on 10/21/19 at 11:19 am to GrammarKnotsi
yeah you definitely have to be careful installing those stupid skills that randos make.
Posted on 10/21/19 at 11:23 am to Dam Guide
you can pry my alexa tigerbot skills from my cold dead hands
Posted on 10/21/19 at 11:39 am to TigerinATL
This is why I’m not crazy about smart homes and having everything connected. I knows it takes a sophisticated and smart individual to do these things, but they do exist.
Page 1 of 1
Popular
Back to top
Follow TigerDroppings for LSU Football News