Alexa, Google Assistant-powered smart speakers could be used to trick you into divulging personal info

Smart speakers can reportedly be used to extract users' personal information like passwords and other details.


Too many privacy issues regarding voice assistants have come to light in the past few months. There is no denying that all these issues have made users question the security of these voice assistants.

As per a new report by ZDnet, it was revealed that smart speakers that come with Alexa and Google assistant support have a loophole which attackers can use to their advantage. Hackers can reportedly phish or eavesdrop on your conversations and even trick users into giving their personal details like passwords, email IDs and more. These loopholes emerge "via the backend that Amazon and Google provide to developers of Alexa or Google Home custom apps".

Alexa, Google Assistant-powered smart speakers could be used to trick you into divulging personal info

Google assistant and Alexa can reportedly be used to extract passwords from the users. Image: Pixabay

Developers have access to the voice assistants and they can customise the functions of these smart assistants. They can customise how the smart assistant responds to a certain query. The report revealed that by using specific code at different locations inside the backend of Google Home or the Alexa app, they can customise how long can the assistant remains active after the user asks for a query. They can actually "induce long pause" and eavesdrop!

These conversations reportedly get recorded and are sent to the attacker.

The report clearly mentions that Apple's HomePod is not vulnerable to this as it doesn't let third-party developers create any skills for the voice assistant Siri.

As per research by Security Research Labs, when you ask your assistant to look for a simple task like a daily horoscope, it will tell you there is an error and it cannot load the horoscope. You will think that the required action did not take place or it has ended, but what it actually does is trigger a phishing message. After a few minutes, the assistant will ask you to allow it to make an update in the smart speakers by "confirming the password or giving their email ID or any other personal data". Google or Alexa would normally never ask that. Unaware of that fact, most users give up their passwords, handing over their personal information to attackers.

The report further revealed that when Google was asked about the issues, the company stated that it wanted Home assistant owners to be aware of the fact that their devices never ask for any personal information like password and that its staff is reportedly reviewing the actions of all third-party apps.

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.