Researchers Turn Alexa and Google Home Into Credential Thieves

  /     /     /  
Publicated : 23/11/2024   Category : security


Researchers Turn Alexa and Google Home Into Credential Thieves


Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing.



Alexa, steal my passwords. Its not a phrase a user is likely to utter, but security researchers in Germany have shown that its possible for malicious apps — Alexa skills and Google Home actions — to launch phishing attacks on users, forward the compromised credentials to criminals, and do it all in apps approved for use by the voice-assistant giants.
Security Research Labs, a white-hat research organization, developed a total of eight apps, four each for Amazon Alexa and Google Home, that masqueraded as horoscope checkers or a random number generator. The apps triggered malicious actions based on action words like stop, while continuing to operate after users thought they had closed.  
According to the researchers, both Amazon and Google removed the malicious apps when presented with evidence of their capabilities. Each of the companies also said they have adjusted practices and policies to prevent similar apps from being added to their stores in the future.
At this point, consumers have devices that record audio, and often video, in their pockets and homes. Were surrounded nearly 24/7 by devices with the capability to eavesdrop. It should be no surprise that such a broad target surface is attractive to attackers, said Tim Erlin, vice president, product management and strategy at Tripwire, responding to the use of these voice assistants as an attack surface.
Read more 
here
.
This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for 
more information
 and, to register, 
here
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Researchers Turn Alexa and Google Home Into Credential Thieves