VeePN recently published a text saying about the unreliability of security in the Amazon Echo speaker, at the moment we can say the same with Google Home. These speakers work with applications that are created by third parties that Google approves, and that can now try to steal passwords with phishing emails.
From consultants, they created applications for each platform, the skills for Alexa, and the actions for Google Home. They all passed the analysis of Google and Amazon but later the developers changed their appearance. They do this in two ways, by requesting and collecting personal data along with passwords, and by spying on users when they think the speaker has stopped working.
These spy apps work like this: The user says a smart command to the speaker, the app responds and remains silent. Obviously, once the command is completed, the application should stop working, but in reality, they are collecting the conversations from around them to pass them on to their developers.
On the other hand, phishing apps work differently, since when you ask for it the command tells you that there is an error, and it is not allowed to do the action, after a while it tells you that there is an update, and to do so enter the password.
These reports have already been made available to both Google and Amazon . With this article, we incite the awareness of users who use these smart speakers.