Michigan Rep. Debbie Dingell penned letters to the CEOs of Amazon and Google requesting information about recent reports that found apps used by smart speakers can “eavesdrop” on users.
Earlier this week, Security Research Labs (SRLabs), a Berlin-based cybersecurity firm, released a report describing how simple it was to create apps that can “eavesdrop” on users. The firm created fake horoscope apps that had the ability to record conversations and phish for passwords using vocal searches.
Because Amazon’s Alexa and Google Home allow third-party apps, SRLabs’ eavesdropping apps were made available for download by users. The technology firm claimed it was able to create “smart spies” under the guise of simple horoscope apps.
In response to SRL’s report, Dingell wrote letters to Amazon’s Jeff Bezos and Google’s Sundar Pichai to demand answers as to how the companies plan to prevent third-party apps from phishing users.
“Recently a number of articles were published regarding research done by a German cybersecurity company SRLabs in which researchers created apps that passed both Google and Amazon security-vetting processes and allowed the app to eavesdrop on users as well as phish for their passwords,” Dingell wrote. “While these apps were created and used only for research purposes, there is potential for either copycat apps or that malicious actors have already used these techniques to target consumers and their personal information.”
She asked the two companies to explain their plans to prevent smart devices from being weaponized. She requested to know if other apps had used this loophole to eavesdrop on users, how users will be notified of breaches if they are found, and what tools are being put in place to stop apps from having this ability.
The congresswoman gave the companies until Nov. 18 to provide answers.
Smart speakers have had issues with security breaches in the past, including an accidental leak of more than 1,000 recordings that were sent to a stranger.
