Amazon Alexa and Google Home’s voice assistant were vulnerable to hackers


The updated Echo Dot, is displayed in Amazon’s Day 1 building in Seattle on September 20, 2018. – Amazon weaves its Alexa digital assistant into more services and devices as it unveiles new products powered by artificial intelligence including a smart microwave and dash-mounted car gadget. (Photo by Grant HINDSLEY / AFP) (Photo credit should read GRANT HINDSLEY/AFP/Getty Images)

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

Amazon’s Alexa and Google Home’s smart assistant were vulnerable to a security issue that could have allowed hackers to eavesdrop on people without their knowledge or entice users to hand over sensitive information, researchers say.

Security Research Labs, a hacking research firm, said it discovered the flaw earlier this year and reported it to Amazon and Google. On Sunday, the firm posted a series of videos demonstrating how someone could exploit it.

Amazon and Google told CNN Business the security issue has since been fixed.

The findings were first reported by tech site ZDNet.

With the latest issue, SRLabs found hackers could have exploited the access Amazon and Google give third-party app developers to improve apps. Hackers could have used this access to customize commands that trigger a response from a home assistant.

In videos posted to YouTube, SRLabs showed how an app that works with Alexa or Google’s voice assistant could be programmed by a hacker. In one demo, a user opened an app via a voice command and was told it does not run in their country. The voice assistant was then silent. However, unbeknownst to the user, it continues to run in the background, listening for prompts. After a few minutes, the voice assistant said there was a company update and asked the user to say their password.

Amazon and Google assistants do not ask users to reveal passwords when working correctly.

There doesn’t appear to be evidence that any hackers actually carried out the manipulation to the voice assistants.

An Amazon spokesperson told CNN Business the company “quickly blocked the skill in question and put mitigations in place to prevent and detect this type of skill behavior and reject or take them down when identified.”

Google said it also promptly fixed the issue, noting it prohibits and removes any action that violates its policies.

“We have review processes to detect the type of behavior described in this report, and we removed the actions that we found from these researchers. We are putting additional mechanisms in place to prevent these issues from occurring in the future,” a spokesperson said.

By Ahiza Garcia, CNN Business

Trademark and Copyright 2020 Cable News Network, Inc., a Time Warner Company. All rights reserved.

FOX 2 Newsletters

Sign up for a newsletter from FOX 2 to get updates about news and weather. We offer daily headlines, breaking news, severe weather, and forecast emails.


Latest News

More News