Smart Spies: Alexa and Google Home expose users to vishing and eavesdropping

30 comments

  1. outgoinghermit

    |Author

    A big concern is how this technology is spreading into other devices. Sound bars for your tv even now have this offered in many of the models, and eventually we may not have the ability to buy phones, TVs, computers, or any electronic entertainment device that does not natively have the ability to listen in on you. Even refrigerators.

  2. royaltek

    |Author

    this is a very serious article about companies stealing and selling your data then you look at the adorable little alexa with horns and everything bad goes away

  3. Every thread. Every single thread concerning major tech companies and privacy abuse the “*WhO iS sUpRiSeD*??” army comes out to reap a ton of upvotes for their purposeless posts, and anyone criticizing the tech companies gets downvoted and heckled.

    Seriously reddit? Why do you care more about being retrospectively smug against users rather than being critical of the privacy abusers?

  4. ivel501

    |Author

    I hear people say “I would never have one of them darn gumb things in my house!” Meanwhile, they are packing a phone with them everywhere, have ring / nest cameras in and around their house, an ipad / laptop and maybe even the tv remote itself has a microphone input, list goes on. Bottom line is, if someone wants your info, they have multiple ways to do it. Also, I am not sure why people I talk to sound like grizzled miners.

  5. matavulj97

    |Author

    So from my understanding of the article the applications that are already built into the Home and the Alexa are safe and it’s only when third party apps are added that you could become vulnerable to eavesdropping?

    I have a Google Home and I’ve never been a “the government is using smart speakers to spy on you” type of person but I have noticed how much Google just gives these things away like candy as if to get them in as many homes as possible (I got mine for $30 at Best Buy around Christmas, which is ridiculously cheap).

  6. codesign

    |Author

    “Please say your Password” … “Capital Pee at symbol dollar sign dollar sign lowercase pee uppercase Why lower case in upper case eye dollar sign dollar sign” … “I’m sorry I didn’t get that, playing All I Have to Give by the Back Street Boys”

    You’re telling me you people do things with Alexa besides play music?

  7. nryan777

    |Author

    Something I’ve noticed is these companies don’t even seem to want you to purchase these devices. Amazon and google are constantly trying to find ways to get people these for free and get them into homes no matter what. That seems odd to me. It’s as if the home assistant isn’t actually the product they wish to sell but just a means to collect data on us that they then intend to sell. Has anyone else noticed this? If amazon had it their way they’d give everyone in America a free echo if it meant they were literally inside the homes of every citizen. That’s ******* scary to me. No thank you.

  8. obelisk29

    |Author

    I’m guessing a lot of people didn’t read the article. The researchers just found a way to make a skill that ran silently for awhile before pretending to be a security update that asks for your password. Real world vulnerabilities would be pretty darn limited.

  9. jordanclock

    |Author

    I’m wondering how many of you “DaE tHiNk AlExA iS a SpY?!” types bothered to read the article to realize this isn’t the kind of issue that has been brought up before. The article describes how Amazon and Google aren’t vetting apps for Alexa/Home well enough and are letting blatant abuses be registered. This is not the same as the paranoia about Alexa/Home recording everything you say, this is the analogous to missing the permissions listing for apps on the Play Store. End users have no way of knowing what these apps do after the trigger phrases are used.

  10. Deto

    |Author

    This is more a warning that any “skill” is third party software and the same care should be taken as when installing random apps.

    First attack: Make a skill that asks users for their password.

    Second attack: make a skill that when you shut it down, it listens for a few more seconds and saves what you say if you happen to say the right word.

    The first attack vector is easily thwarted by never complying if your device asks for your password. I could see this fooling some gullible people though for sure. The second attack seems kind of pointless – I suspect they thought it up just so they could check the “eavesdropping” box for headline attention.

Leave a Reply

Your email address will not be published.