Skip to main content
  1. Home
  2. Smart Home
  3. News

Don’t be fooled if your smart speaker asks for your password

Alina Bradford
By

Your smart speakers could be listening for way more than you want them to. Recently, Security Research Labs (SRLabs), a hacking research group and think tank based in Germany, released a report on their findings that Alexa and Google Home expose users to phishing and eavesdropping due to third-party skills and apps. The labs found two possible scenarios that can be played out on both Amazon Alexa and Google Home where a hacker can listen to your interactions with your smart speaker and phish for sensitive information. They dubbed the vulnerabilities Smart Spies, recorded their results, and put them in four videos to explain how they work.

Basically, a hacker can make a third-party app that can trick users into giving away certain information or keep listening after ending a task with the user, using the speaker’s built-in voice command system. In their tests, using these vulnerabilities, SRLabs was able to request and collect personal data, including user passwords, and eavesdrop on users.

Recommended Videos

Google smart speakers are particularly vulnerable to eavesdropping. One of the vulnerabilities involves recording people after the user thinks the smart speaker has stopped listening. With Alexa, certain trigger words must be said to start recording, but with Google, that’s not the case. As long as the device hears someone talking every 30 seconds, a hacker can keep the voice recording going, possibly infinitely.

Related

Safety checks that are run by Amazon and Google are part of the problem that allows these vulnerabilities to exist. SRLabs also found that even if Google or Amazon reviews a third-party app or skill for safety and it passes, the app can be changed after the safety review to phish or eavesdrop on users.  Making these changes didn’t trigger another safety check from either Google or Amazon.

The best strategy to avoid hackers eavesdropping on your sensitive information? If an app or skill asks for a password, don’t answer. No trustworthy app or skill will ask you to say passwords. Most require you to go to the app and link your accounts, which is safer. Your smart speaker won’t ask you for passwords to perform system or account updates, either. In addition, don’t give your smart speaker your credit card information or other sensitive data. Avoid saying sensitive data out loud after recently using your smart speaker, too.

Editors' Recommendations

Topics
Alina Bradford
Alina Bradford
Former Digital Trends Contributor
Alina Bradford has been a tech, lifestyle and science writer for more than 20 years. Her work is read by millions each month…
Sonos One vs. Google Nest Audio: which is the best smart speaker?
The Google Nest Audio speaker on a table.

The Sonos One and Google Nest Audio are two of the best smart speakers of 2023. Both can pump out impressive sound, respond to a wide variety of voice commands, and easily sync up with the rest of your smart home. But with the Sonos One costing more than $200 and the Google Nest Audio clocking in at just $100, you might be wondering if the Sonos One is truly worth your money -- or if you’d be better off saving $100 and opting for the cheaper Google product.

Before picking up either smart speaker, here’s a closer look at the Sonos One and Google Nest Audio.
Pricing and availability

Read more
Sonos One vs. HomePod mini: which smart speaker is best?
The Sonos One smart speaker on a countertop.

When it comes to smart speakers, the Sonos One and HomePod mini are two of the best. Offering impeccable sound, great smart home connectivity, and sleek designs, few products can match the style and performance of these two behemoths. But which one is right for your home?

While it’s impossible to go wrong with either, there are a few key differences between the two smart speakers that might make one a better fit for your home. Here’s a closer look at the Sonos One and HomePod mini to help you decide which is best.
Pricing and availability

Read more
Save money on your utility bills with these smart home gadgets
The Google Nest Learning Thermostat in stainless steel.

Smart home gadgets can do more than respond to voice commands or automate your household -- they can also save you money. It might require a hefty initial investment, but once your smart home is up and running, it’s not uncommon to see big reductions across most of your utility bills. If you’re looking to save a few extra bucks every month, here are some easy ways to save money with smart home devices.
Upgrade to a smart thermostat

Arguably the best way to save money on your energy bills is by switching to a smart thermostat. These come in all shapes and sizes, but your best bet is to spring for a premium model that offers advanced learning capabilities -- such as the Nest Learning Thermostat. Products in this category give you the best control of your HVAC system, as they’ll actively monitor your usage and suggest ways to be more efficient.

Read more