At least eight eavesdropping apps have slipped past Google and Amazon’s app verification process and made their way into their respective app stores, ready to be downloaded onto the smart speakers of unsuspecting victims.
As Ars Technica reports, researchers at hacking collective Security Research Labs (SRLabs) built four Google Home actions and four Alexa skills, which looked like innocuous tools for checking horoscopes and generating random numbers, but were also capable of phishing for passwords and monitoring users’ conversations.
