Google and Amazon have approved and made malicious apps available for their smart speakers. The eight apps four skills that worked with Amazon Alexa and four actions for Google Home were developed by Security Research Labs, as well as a digital security research firm, said to be horscope programs or number generators. The goal was precisely to test the vulnerability of smart devices.
The apps went unnoticed by the security controls of the online stores and were only removed after the study was released. The researchers divided the programs into two types: spying to record user audio without their consent, and phishing to collect passwords with the promise of a device upgrade.
Amazon Alexa arrives in Brazil fully adapted to the Portuguese
Malicious apps record audio and passwords from Amazon Alexa and Google Home users Photo: Divulgao / Amazon
Want to buy a cell phone, TV and other discounted products? Meet the Compare TechTudo
In the videos released by Security Research LabsYou can see that the spy apps went silent after answering the user's question. This occurred after the task was completed or when the person gave the "stop" command. However, the programs recorded the conversations and sent them to the developer's server without the victim's consent.
Phishing apps revealed an error message stating that they were not available in that region. After a brief silence, they mimic the voice of Alexa and Google Home and say there is an update available for the device. The programs then asked for the user's password.
In response, Amazon said consumer confidence is important and will take steps to detect this behavior in their skills. Google said smart box actions should follow its development policy and will create mechanisms to prevent these problems.