What sound does a HomePod make? Well, it can be sounds from music, from Podcasts, or from Siri asking questions and giving answers. The same can be said of Amazon’s Echo and Alexa, or from Google’s Home kit and Assistant.
The sounds you hear depends upon what you want. Answers to questions or queries, music or podcasts, even a talking voice reading the news or a book.
What about the sound you don’t hear? For each of those products when you don’t hear sound coming out of the speakers, sound is going into the microphones. While I tend to trust Apple and how it uses Siri more than Google’s Assistant or Amazon’s Echo and Alexa, they all do the same thing all the time.
Silence means they’re listening; waiting for the next command.
A research team for a bunch of Android apps that can capture sounds and send them off to wherever and the user doesn’t know what’s going on. Mutter a password to your spouse or co-worker, and the password can be captured and shared online. You’d never know until after the hack.
Tim Anderson explains:
Google Home and Amazon Alexa can easily be hacked to eavesdrop on users or extract information by asking questions that appear to come from each smart speaker provider
You may think Alexa or Assistant is talking, but in reality, you’re being scammed and the recording process continues with silence as the cover.
Nearly everyone with an email account has run into a so-called phishing attempt; a message and a link that tries to get a username and password from some unsuspecting soul. It’s a time-honored method that users continue to honor.
Do these talking apps– faking Alexa and Assistant– just flat out ask for a password?
In reality, these systems never ask for your password, but just as malicious users pretending to be your bank can call you on the phone and extract security information from some subset of people, the same could be true of a voice app. The researchers call this “vishing” – voice phishing.
Vishing is a form of phishing. I wonder why Google has more of this kind of surreptitious activity than Apple?
All Actions on Google are required to follow our developer policies, and we prohibit and remove any Action that violates these policies. We have review processes to detect the type of behavior described in this report, and we removed the Actions that we found from these researchers. We are putting additional mechanisms in place to prevent these issues from occurring in the future.
This is a never-ending game of cat and mouse, hide and seek. Just remember the basics. If everyone is out to get you, then a little paranoia is a good attitude to have. The sound of silence might be a very quiet spy.