Photo by Dan Seifert / The Verge
Security researchers with SRLabs have disclosed a new vulnerability affecting both Google and Amazon smart speakers that could allow hackers to eavesdrop on or even phish unsuspecting users. By uploading a malicious piece of software disguised as an innocuous Alexa Skill or Google Action, the researchers showed how you can get the smart speakers to silently record users, or even ask them for the password to their Google account.
The vulnerability is a good reminder to keep a close eye on the third-party software that you use with your voice assistants, and to delete any that you’re unlikely to use again where possible. There’s no evidence that this vulnerability has been exploited in the real world, however, and SRLabs disclosed their…