"Alexa and Google Home Phishing Apps Demonstrated by Researchers"

SRL researchers built eight so-called “Smart Spies” and put them into app stores.  SRL  researchers were able to sneak in spyware into the applications, because third-party developers can extend the capabilities of Amazon Alexa – the voice assistant running in its Echo smart speakers – and Google Home through small voice apps, called Skills on Alexa and Actions on Google Home.  Those apps they created currently create privacy issues, in that they can be abused to eavesdrop on users or to ask for their passwords. Some of the apps created kept the smart speaker listening after one thought it had gone deaf, and another app they created lied to users about there being an update they needed to install. The application would then vish (voice-phish) away the password the user supposedly needed to speak, so they can get that bogus install. Amazon and Google have been informed of the exploits and have since blocked the spying, phishing apps, and have fixed the exploits.   

Naked Security reports: "Alexa and Google Home Phishing Apps Demonstrated by Researchers"