“Hey, Google and Alexa – say it ain’t so.
Berlin-based researchers Security Research Labs have published their latest findings online, showing how the Google Home and Nest speakers, as well as Amazon’s Echo products, could be taken over by hackers. Once there, they could listen to your conversations, steal your passwords and more.
“As the functionality of smart speakers grows, so too does the attack surface for hackers to exploit them,” the company noted, in a blog post.
The seemingly innocuous little speakers that only come to life after hearing the “wake” word (“Alexa” or “Hey, Google”), in fact, listen in way more often.
By default, Amazon records every interaction with Alexa, and Google also records you, after getting you to grant it permission. Both hold onto your recordings unless you go into Settings and make a change.
Amazon, Google and Apple say they keep the recordings, and monitor them, to improve the accuracy of the assistants.
Beyond the speaker snooping, consumers should also be concerned about adding the third-party Alexa “skills” and Google “actions,” to do more things with the speakers.
SRLabs developed eight bogus ones to show how easy it would be to exploit the speakers, calling them “smart spies” and posted several videos on YouTube to demonstrate.
Amazon and Google both say they have updated their processes for publishing new Alexa skills and Google actions to prevent this from happening.
“We have put mitigations in place to prevent and detect this type of skill behavior and reject or take them down when identified,” Amazon said in a statement. Said Google: “We are putting additional mechanisms in place to prevent these issues from occurring in the future.”
This news is deeply disturbing and yet I am grateful the companies are taking notes and addressing the security concerns the consumers might have. It is important to note without these exploits being discovered companies like Amazon and Google won’t make fixes for their products.