It's dismayingly easy to make an app that turns a smart speaker into a password stealing listening device and sneak it past the manufacturer's security checks O_o
German security researchers from Security Research Lab created a suite of apps for Google and Amazon smart speakers that did trivial things for their users, appeared to finish and go dormant, but which actually stayed in listening mode, then phished the user for passwords spoken aloud to exfiltrate to a malicious actor; all their apps were successfully smuggled past the companies app store security checks.
https://boingboing.net/2019/10/20/verify-me.html
https://arstechnica.com/information-...ish-passwords/
German security researchers from Security Research Lab created a suite of apps for Google and Amazon smart speakers that did trivial things for their users, appeared to finish and go dormant, but which actually stayed in listening mode, then phished the user for passwords spoken aloud to exfiltrate to a malicious actor; all their apps were successfully smuggled past the companies app store security checks.
https://boingboing.net/2019/10/20/verify-me.html
https://arstechnica.com/information-...ish-passwords/