A cyber security research firm, SR Labs earlier this year, discovered vulnerability in the software packages that run on Alexa and Google’s voice assistant. This vulnerability could allow hackers to eavesdrop on people without their knowledge or trick them into giving out sensitive information unknowingly. Both Alexa and Google’s voice assistant gave permission to developers to improve the software. This arrangement exposed aspects of that software that could be misused by a hacker. Exposed aspects of the code can provide a pathway for hackers to inject malicious code. SR Labs posted videos posted to YouTube. They showed how an app that works with Alexa or Google’s voice assistant could be programmed by a hacker. This alert helped to prevent a possible breach of Amazon Alexa and Google Home Voice Assistant.
It is worth mentioning that none of these apps ask for passwords when they are working correctly. It is a red flag if your app asks for personal information. This means the application is not working correctly and may have been hacked. There has no evidence of hacking on the voice assistant applications so far.
An Amazon spokesperson told CNN Business the company “quickly blocked the skill in question and put mitigations in place to prevent and detect this type of skill behavior and reject or take them down when identified.”
Google said it also promptly fixed the issue, noting it prohibits and removes any action that violates its policies. “We have review processes to detect the type of behavior described in this report, and we removed the actions that we found from these researchers. We are putting additional mechanisms in place to prevent these issues from occurring in the future,” a spokesperson said.