Tuesday, March 9, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Alexa and Google Home devices leveraged to phish and eavesdrop on users, again

October 21, 2019
in Internet Security
Alexa and Google Home devices leveraged to phish and eavesdrop on users, again
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Hackers can abuse Amazon Alexa and Google Home smart assistants to eavesdrop on user conversations without users’ knowledge, or trick users into handing over sensitive information.

The attacks aren’t technically new. Security researchers have previously found similar phishing and eavesdropping vectors impacting Amazon Alexa in April 2018; Alexa and Google Home devices in May 2018; and again Alexa devices in August 2018.

You might also like

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

McAfee sells its enterprise business to private equity group as it focuses on consumer security

Both Amazon and Google have deployed countermeasures every time, yet newer ways to exploit smart assistants have continued to surface.

The latest ones were disclosed today, after being identified earlier this year by Luise Frerichs and Fabian Bräunlein, two security researchers at Security Research Labs (SRLabs), who shared their findings with ZDNet last week.

Both the phishing and eavesdropping vectors are exploitable via the backend that Amazon and Google provide to developers of Alexa or Google Home custom apps.

These backends provide access to functions that developers can use to customize the commands to which a smart assistant responds, and the way the assistant replies.

The SRLabs team discovered that by adding the “�. ” (U+D801, dot, space) character sequence to various locations inside the backend of a normal Alexa/Google Home app, they could induce long periods of silence during which the assistant remains active.

Phishing personal data

The two demos embedded below show how an attacker could carry out a phishing attack on both devices.

The idea is to tell the user that an app has failed, insert the “�. ” to induce a long pause, and then prompt the user with the phishing message after a few minutes, tricking the target into believing the phishing message has nothing to do with the previous app with which they just interacted.

For example, in the videos below, a horoscope app triggers an error, but then remains active, and eventually asks the user for their Amazon/Google password while faking an update message from Amazon/Google itself.

Notice in the first video how Alexa’s blue status light remains active and never shuts off, a clear indicator that the previous app is still active and busy interpreting a long seriesof “�. ” character sequences.

Eavesdropping on unsuspecting users

The “�. ” can also be used in a similar fashion for eavesdropping attacks. However, this time, the character sequence is used after the malicious app has responded to a user’s command.

The character sequence is used to keep the device active and record a user’s conversation, which is recorded in logs, and sent to an attacker’s server for processing.

Both of these attacks exploit the fact that while Amazon and Google verify and vet Alexa and Google Home apps when they are submitted, they do not do the same for subsequent app updates.

In an email to ZDNet, the SRLabs team said they reported the issue to both vendors earlier this year, yet the companies have failed to address the issue.

“Finding and banning unexpected behavior such as long pauses should be relatively straight-forward,” the SRLabs team told ZDNet. “We are surprised that this hasn’t happened since reporting the vulnerabilities several months ago.”

Neither Amazon nor Google have responded to requests for comment from ZDNet prior to this article’s publication.

Credit: Zdnet

Previous Post

Tim Tebow Goes for Hot Take on Alabama but Misses the Mark

Next Post

How Would A Robotic Machine Learning Velociraptor Learn To Play Goalie?

Related Posts

Ezviz C3X outdoor security camera review: Simple setup, superb features Review
Internet Security

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

March 9, 2021
Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
Internet Security

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

March 9, 2021
McAfee sells its enterprise business to private equity group as it focuses on consumer security
Internet Security

McAfee sells its enterprise business to private equity group as it focuses on consumer security

March 9, 2021
Everything you need to know about Microsoft Exchange Server hack
Internet Security

Everything you need to know about Microsoft Exchange Server hack

March 8, 2021
Bill establishing cyber abuse takedown scheme for adults enters Parliament
Internet Security

eSafety defends detail of Online Safety Bill as the ‘sausage that’s being made’

March 8, 2021
Next Post
How Would A Robotic Machine Learning Velociraptor Learn To Play Goalie?

How Would A Robotic Machine Learning Velociraptor Learn To Play Goalie?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Ezviz C3X outdoor security camera review: Simple setup, superb features Review
Internet Security

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

March 9, 2021
Operationalizing AI – Introduction to the ModelOps Pipeline
Data Science

Operationalizing AI – Introduction to the ModelOps Pipeline

March 9, 2021
SCA invests in Australian AI and machine learning company
Machine Learning

SCA invests in Australian AI and machine learning company

March 9, 2021
How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS
Neural Networks

How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS

March 9, 2021
Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
Internet Security

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

March 9, 2021
Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
Internet Privacy

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

March 9, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Ezviz C3X outdoor security camera review: Simple setup, superb features Review March 9, 2021
  • Operationalizing AI – Introduction to the ModelOps Pipeline March 9, 2021
  • SCA invests in Australian AI and machine learning company March 9, 2021
  • How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS March 9, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates