Researchers have found new ways that bad actors can exploit Alexa and Google Home smart speakers to spy on users. This time the hack not only includes eavesdropping, but also includes voice-phishing, or using people’s voice cues to determine passwords.
The vulnerability lies in small apps created by developers for the devices to extend their capability called Skills for Alexa and second app called Actions on Google Home, according to a report by Security Research Labs (SRLabs). These apps “can be abused to listen in on users or vish (voice phish) their passwords,” researchers said.
