{"id":101365,"date":"2018-05-31T14:58:43","date_gmt":"2018-05-31T14:58:43","guid":{"rendered":"http:\/\/sftarticles.wpenginepowered.com\/en\/?p=101365"},"modified":"2025-07-01T23:27:28","modified_gmt":"2025-07-02T06:27:28","slug":"ai-smart-assistant-vulnerabilities","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/ai-smart-assistant-vulnerabilities\/","title":{"rendered":"Alexa and other smart assistants found to be vulnerable"},"content":{"rendered":"<p>AI voice assistant\u2019s like Amazon\u2019s Alexa and Google\u2019s Assistant have seen their popularity soar over the last few years. This will only continue, but placing highly tuned distance microphones all over your home raises certain <strong>security issues.<\/strong> If they can always hear, does that mean that they\u2019re always listening? The developers say no, and laud the security technology they\u2019ve bundled into their AI, but researchers at a series of universities have found some alarming vulnerabilities.<\/p>\n<p><span data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;&lt;!-- Shortcode [starred] does not exist --&gt;&quot;}\" data-sheets-userformat=\"{&quot;2&quot;:513,&quot;3&quot;:[null,0],&quot;12&quot;:0}\"><div class=\"sc-card-starred-link\">\r\n  <div class=\"sc-card-starred-link__body\">\r\n    <div class=\"sc-card-starred-link__row clearfix\">\r\n      <div class=\"sc-card-starred-link__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-starred-link__img\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/c\/cc\/Amazon_Alexa_App_Logo.png\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-starred-link__col-title\">\r\n        <p class=\"sc-card-starred-link__title\">Alexa's cool new updates<\/p>\r\n        <a class=\"sc-card-starred-link__button\" href=\"https:\/\/en.softonic.com\/articles\/amazons-alexa-is-getting-some-cool-updates\/\" target=\"_blank\" rel=\"noopener noreferrer sponsored\">Check them out now<\/a>\r\n      <\/div>\r\n    <\/div>\r\n    <a class=\"sc-card-starred-link__link\" href=\"https:\/\/en.softonic.com\/articles\/amazons-alexa-is-getting-some-cool-updates\/\" target=\"_blank\" rel=\"noopener noreferrer sponsored\"><\/a>\r\n  <\/div>\r\n<\/div><\/span><\/p>\n<p>The problem lies in the rapidly expanding number of voice assistant apps that are rolling out across the different platforms. Alexa and Assistant are the two biggest platforms and users can add third-party <strong>skills <\/strong>or <strong>actions <\/strong>to their voice assistant. These new apps are the raison d\u2019etre behind the blog players developing voice assistants as a platform. They want to control a whole new marketplace.<\/p>\n<p>As pointed out on the <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/05\/security-vulnerabilities-smart-assistants\/\" target=\"_blank\" rel=\"noopener noreferrer\">MalwareBytes blog<\/a>, the researchers have discovered a particular vulnerability called <strong>voice squatting<\/strong> or <strong>masquerading<\/strong>:<\/p>\n<p><iframe loading=\"lazy\" width=\"848\" height=\"477\" src=\"https:\/\/www.youtube.com\/embed\/kIHVJn7MF7Q?feature=oembed\" frameborder=\"0\" allow=\"autoplay; encrypted-media\" allowfullscreen><\/iframe><\/p>\n<p><em>\u201cVoice squatting is a method wherein a threat actor takes advantage or abuses the way a skill or action is invoked. Let\u2019s take an example used from the researchers\u2019 white paper. If a user says, \u201cAlexa, open Capital One\u201d to run the Capital One skill, a threat actor can potentially create a malicious app with a similarly pronounced name, such as Capital Won. The command meant for the Capital One skill is then hijacked to run the malicious Capital Won skill instead.\u201d<\/em><\/p>\n<p>Users could inadvertently be invoking a harmful action from their voice assistant, simply because it sounds similar to the name of a legitimate action.<\/p>\n<p><strong>Voice masquerading<\/strong> takes this action even further. Rather than simply tricking users with similar sounds, voice masqueraders outright deceive. They pretend to be legitimate apps so that they can phish personal information from the unsuspecting user. If a malicious app pretends to be your bank, your most personal data immediately becomes at risk.<\/p>\n<p><iframe loading=\"lazy\" width=\"848\" height=\"477\" src=\"https:\/\/www.youtube.com\/embed\/MP9Qd8Sj724?feature=oembed\" frameborder=\"0\" allow=\"autoplay; encrypted-media\" allowfullscreen><\/iframe><\/p>\n<p>Another trick these fake voice apps use is to pretend to switch to another app or to offer a\u00a0<strong>fake termination <\/strong>of an app, but then continue to listen in. Again this could be to phish information or to simply listen in and record what is going on around the smart speaker. Theoretically, this type of vulnerability could evolve an entirely new kind of ransomware with blackmail against the release of secret conversations being used to extort money from unsuspecting smart assistant users.<\/p>\n<p><span data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;&lt;!-- Shortcode [starred] does not exist --&gt;&quot;}\" data-sheets-userformat=\"{&quot;2&quot;:513,&quot;3&quot;:[null,0],&quot;12&quot;:0}\"><div class=\"sc-card-starred-link\">\r\n  <div class=\"sc-card-starred-link__body\">\r\n    <div class=\"sc-card-starred-link__row clearfix\">\r\n      <div class=\"sc-card-starred-link__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-starred-link__img\" src=\"https:\/\/pbs.twimg.com\/profile_images\/557965220178432000\/co5IizIf_400x400.jpg\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-starred-link__col-title\">\r\n        <p class=\"sc-card-starred-link__title\">Check out this fully holographic AI assistant<\/p>\r\n        <a class=\"sc-card-starred-link__button\" href=\"https:\/\/en.softonic.com\/articles\/would-you-like-a-fully-holographic-ai-assistant\" target=\"_blank\" rel=\"noopener noreferrer sponsored\">Read now<\/a>\r\n      <\/div>\r\n    <\/div>\r\n    <a class=\"sc-card-starred-link__link\" href=\"https:\/\/en.softonic.com\/articles\/would-you-like-a-fully-holographic-ai-assistant\" target=\"_blank\" rel=\"noopener noreferrer sponsored\"><\/a>\r\n  <\/div>\r\n<\/div><\/span><\/p>\n<p>These two types of vulnerability are alarming, but they shouldn&#8217;t turn you off smart assistants altogether. <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/05\/security-vulnerabilities-smart-assistants\/\" target=\"_blank\" rel=\"noopener noreferrer\">MalwareBytes recommends<\/a> that if you\u00a0use\u00a0a smart assistant, you need to really get to know the all-hearing product you&#8217;ve brought into your home. Understanding how the smart speakers work will help you protect yourself from potential attack. In the video examples shown above, a vigilant user would have noticed the discrepancies between the two responses to the voice command.<\/p>\n<figure id=\"attachment_101368\" aria-describedby=\"caption-attachment-101368\" style=\"width: 840px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-101368 size-large\" src=\"https:\/\/articles-img.sftcdn.net\/sft\/articles\/auto-mapping-folder\/sites\/3\/2018\/05\/Smart-Speaker-Pac-man-1024x576.jpg\" alt=\"\" width=\"840\" height=\"473\" srcset=\"https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/05\/Smart-Speaker-Pac-man-1024x576.jpg 1024w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/05\/Smart-Speaker-Pac-man-300x169.jpg 300w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/05\/Smart-Speaker-Pac-man-768x433.jpg 768w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/05\/Smart-Speaker-Pac-man-800x450.jpg 800w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/05\/Smart-Speaker-Pac-man-664x374.jpg 664w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/05\/Smart-Speaker-Pac-man-238x134.jpg 238w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/05\/Smart-Speaker-Pac-man-436x246.jpg 436w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/05\/Smart-Speaker-Pac-man-370x208.jpg 370w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/05\/Smart-Speaker-Pac-man-304x170.jpg 304w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/05\/Smart-Speaker-Pac-man-1200x675.jpg 1200w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/05\/Smart-Speaker-Pac-man.jpg 1280w\" sizes=\"auto, (max-width: 840px) 100vw, 840px\" \/><figcaption id=\"caption-attachment-101368\" class=\"wp-caption-text\">Your smart speaker could be eating up all your details<\/figcaption><\/figure>\n<p><span style=\"background-color: #f5f6f5\">We talk a lot here at Softonic about spotting fake emails and web pages so that your information can\u2019t be phished and then used against you. Malicious actors are now also using sonically activated means of tricking users, which will be much harder to spot. Also, a<\/span><span style=\"background-color: #f5f6f5\">s the technology develops, talking to these\u00a0<\/span><span style=\"background-color: #f5f6f5\">smart<\/span><span style=\"background-color: #f5f6f5\">\u00a0assistants will sound more and more like talking<\/span><span style=\"background-color: #f5f6f5\">\u00a0to an actual person.\u00a0<\/span><span style=\"background-color: #f5f6f5\">This<\/span><span style=\"background-color: #f5f6f5\">\u00a0will cause you to lower your guard, but you have to remain alert to potential threats against you.<\/span><\/p>\n<p>As always with these types of security issues, you are the person responsible for your security. Your own vigilance is the best line of defense you have.<\/p>\n<div class=\"sc-related-articles-grey\">\r\n<p class=\"sc-related-articles-grey__title\">More from Softonic<\/p>\r\n  <div class=\"sc-related-articles-grey__row\">\r\n    <a title=\"7 fun things to try with Amazon Alexa\" href=\"https:\/\/en.softonic.com\/articles\/7-fun-things-to-try-with-amazon-alexa\">\r\n    <div class=\"sc-related-articles-grey__article\">\r\n      <div class=\"sc-related-articles-grey__image\">\r\n        <div style=\"background-image:url(https:\/\/articles-img.sftcdn.net\/sft\/articles\/auto-mapping-folder\/sites\/3\/2018\/03\/7tipsforusingAmazonAlexa_image3-e1527607094563.png)\"><\/div>\r\n      <\/div>\r\n      <div class=\"sc-related-articles-grey__text\">\r\n        <p>7 fun things to try with Amazon Alexa<\/p>\r\n      <\/div>\r\n    <\/div>\r\n    <\/a>\r\n    <a title=\"5 things Alexa does better than Google Home\" href=\"https:\/\/en.softonic.com\/articles\/5-things-alexa-does-better-than-google-home\">\r\n    <div class=\"sc-related-articles-grey__article sc-related-articles-grey__article--last\">\r\n      <div class=\"sc-related-articles-grey__image\">\r\n        <div style=\"background-image:url(https:\/\/articles-img.sftcdn.net\/sft\/articles\/auto-mapping-folder\/sites\/3\/2018\/01\/amazon-alexa.jpg)\"><\/div>\r\n      <\/div>\r\n      <div class=\"sc-related-articles-grey__text\">\r\n        <p>5 things Alexa does better than Google Home<\/p>\r\n      <\/div>\r\n    <\/div>\r\n    <\/a>\r\n  <\/div>\r\n  <div class=\"sc-related-articles-grey__row\">\r\n    <a title=\"5 things Google Home does better than Alexa\" href=\"https:\/\/en.softonic.com\/articles\/5-things-google-home-does-better-than-alexa\">\r\n    <div class=\"sc-related-articles-grey__article\">\r\n      <div class=\"sc-related-articles-grey__image\">\r\n        <div style=\"background-image:url(https:\/\/articles-img.sftcdn.net\/sft\/articles\/auto-mapping-folder\/sites\/3\/2017\/05\/google-unveils-google-assistant-a-major-upgrade-to-google-now-504261-2.jpg)\"><\/div>\r\n      <\/div>\r\n      <div class=\"sc-related-articles-grey__text\">\r\n        <p>5 things Google Home does better than Alexa<\/p>\r\n      <\/div>\r\n    <\/div>\r\n    <\/a>\r\n    <a title=\"3 fun things to do with your Google Home\" href=\"https:\/\/en.softonic.com\/articles\/3-fun-things-to-do-with-your-google-home\">\r\n    <div class=\"sc-related-articles-grey__article sc-related-articles-grey__article--last\">\r\n      <div class=\"sc-related-articles-grey__image\">\r\n        <div style=\"background-image:url(https:\/\/articles-img.sftcdn.net\/sft\/articles\/auto-mapping-folder\/sites\/3\/2018\/03\/Google-Home-Courtesy-YouTube.jpg)\"><\/div>\r\n      <\/div>\r\n      <div class=\"sc-related-articles-grey__text\">\r\n        <p>3 fun things to do with your Google Home<\/p>\r\n      <\/div>\r\n    <\/div>\r\n    <\/a>\r\n  <\/div>\r\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>AI voice assistant\u2019s like Amazon\u2019s Alexa and Google\u2019s Assistant have seen their popularity soar over the last few years. This will only continue, but placing highly tuned distance microphones all over your home raises certain security issues. If they can always hear, does that mean that they\u2019re always listening? The developers say no, and laud &hellip; <a href=\"https:\/\/cms-articles.softonic.io\/en\/ai-smart-assistant-vulnerabilities\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Alexa and other smart assistants found to be vulnerable&#8221;<\/span><\/a><\/p>\n","protected":false},"author":9073,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":1},"categories":[],"tags":[1067,1032,1036,1027],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-101365","post","type-post","status-publish","format-standard","hentry","tag-amazon","tag-gadgets","tag-productivity","tag-security"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/101365","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9073"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=101365"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/101365\/revisions"}],"predecessor-version":[{"id":327927,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/101365\/revisions\/327927"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=101365"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=101365"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=101365"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=101365"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=101365"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=101365"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}