Always security experts warn against the dangers of smarthomes. Now, Berlin researchers have uncovered a security gap at Amazon Echo and Google Home, leaving users with a flaw. There is loss of privacy and sensitive information such as those of passwords.
"Please say start and then enter your Amazon password," Alexa voice assistant requests in an attempt by Berlin security researcher Luise Frerichs. Voice software installed in Smarthome devices such as Google Home and Amazon Echo includes voice input and the researcher's password.
At least here, every user should ring alarm bells, since companies like Amazon and Google would never ask users for their password again. In this case, Luise Frerichs is still believing that with the help of your manipulated app, it is possible to listen to unscrupulous users and steal your data.
The researcher of the SRLabs, while trying to coincide with their colleague Fabian Bräunlein, interrupted another "Horrorscope" -targeted program in the Google Store, which appeared harmless at first glance and by Google's security check. If the researchers equipped the so-called "Skills" extension for Alexa (hot "Actions" with Google) for the smart speaker by update with damage code, it failed a new test – a big security gap.
Won't users want the app with the voice command Ending "Alexa, Stop", answers correctly with "Goodbye" – but does not switch to anyone who predicted. Who was still in the hearing of the device, could be heard, because it remained active.
Users must become more aware of the potential consequences of having a network of connected microphones in the private field, researchers said. A new extension for the voice assistants should be at least as distrustful as a new app for the smartphone.
Google and Amazon have the affected apps prepared for traffic and want to unlock some precautions in the future.
Who to protect
▶ chten Pay attention to the LED display – they will check if the device is still be actively or truly turned off.
▶ ︎ Applicable to E-mails and other services is also valid here: Never give away sensitive data such as passwords or credit card information.
▶ ︎ Uses two-factor authentication – it protects your accounts well against unauthorized access and phishing attempts.
▶ ︎ If you only install apps from well-known manufacturers from secure sources, you also doubt other users' ratings