New flaws in Alexa and Google Home speakers
Through application updates, hackers are able to keep the microphone of connected speakers active to record conversations.
Attacks against connected devices have exploded this season, and hackers are able to listen to Alexa and Google Home speakers without users' knowledge. This is revealed by two security researchers at Security Research Labs (SRLabs) who specify on Zdnet.com that these attacks are not new since the flaws exist since April 2018. What worries them is that Amazon as Google had announced to have filled these gaps ...
Using the tools provided by Amazon and Google to design applications for the Alexa and Google Home universes, hackers managed to trap users. Specifically, it is to add silence ranges while the assistant remains active. This allows to record everything that is said in the room, without the knowledge of the user.
These researchers explain that these are methods similar to phishing because it is the user, in spite of himself, who leaves the application active when he thinks that he has planted. Worse yet, these applications verolated have the possibility to claim his password by inviting him to update his device. Which is obviously a decoy ... and Google also reminds that never the device will ask his password to the user.
Flaw in the application validation process
According to these researchers, hackers exploit a flaw in the application validation process. Indeed, the updates of the applications are proposed directly to the users without going through the platform Amazon or Google. (Eureka Press)
New flaws in Alexa and Google Home speakers
Reviewed by Tya Chyntya
on
October 21, 2019
Rating:
No comments: