Smart assistants like Alexa or Google Home are always in the spotlight for being vulnerable to hacks/spies. And, it is quite shocking to know that it still isn’t a good option for privacy-concerned users.
In a shocking report by SRLabs, it was found that Alexa and Google Home lets a malicious app to easily continue spying (or eavesdropping) even after you are done with the intended task.
In other words, after you utilize Alexa or Google Home to get something done – the app can still record (transcribe) what you say even after the assistant says “Goodbye”.
Technically, the app should be restricted to listen to anything after the task or action completes. But, if it’s a malicious app (just like the one SRLabs tested), it could spy and record sensitive information.
To help you understand it better, they have also demonstrated it in the video below:
You can find more technical details on how the exploit works in the report by Bleeping Computer.
Nevertheless, with the increase in potential vulnerabilities, it is tough to recommend these devices for personal usage.
In addition to eavesdropping, SRLabs also demonstrated how it can be easily used for phishing scams and lets someone collect your password or credit card information. Here’s how it works:
For now, Amazon and Google have not yet officially responded to the vulnerabilities discovered. We would advise you to remain cautious even if the issue gets resolved.