Oct 21, 2019

Researchers find new way for Alexa and Google Voice to phish users

Photo: Olly Curtis/Future via Getty Images

A newly discovered variation of an old technique might make it easier for hackers to convince inattentive users of Google Voice and Alexa smart speakers to cough up their passwords.

The big picture: The security flaw was discovered by SRLabs and was first reported by ZDNet, but it has not been witnessed in use by actual hackers. Google has already announced closing the flaw.

What's happening: With smart speakers, it's tough to tell if an application is still open after it stops speaking. Researchers have, over the years, discovered several ways to force smart speakers to stop talking for a few minutes — making it appear as though an app has closed — before sending a message requesting a user to reenter their password. At this point, it seems like it's Google and not an app asking for the info.

  • In the SRLabs case, adding the "�" character to various commands allowed programmers to keep an app open much longer than it should be.
  • Smart speakers frequently have a light or other notification to show that an app is still running. That's useful if a user thinks to look for it and is nearby, but easy to overlook during a hectic day.

Go deeper

Trump accuses Twitter of interfering in 2020 election

President Trump speaks to the press as he departs the White House in Washington, D.C., on Thursday. Photo: Mandel Ngan/Getty Images

President Trump responded via tweets Tuesday evening to Twitter fact-checking him for the first time on his earlier unsubstantiated posts claiming mail-in ballots in November's election would be fraudulent.

What he's saying: "Twitter is now interfering in the 2020 Presidential Election.They are saying my statement on Mail-In Ballots, which will lead to massive corruption and fraud, is incorrect, based on fact-checking by Fake News CNN and the Amazon Washington Post," the president tweeted. "Twitter is completely stifling FREE SPEECH, and I, as President, will not allow it to happen!"

Editor's note: This is a developing news story. Please check back for updates.

11 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 7:30 p.m. ET: 5,559,130 — Total deaths: 348,610 — Total recoveries — 2,277,087Map.
  2. U.S.: Total confirmed cases as of 7:30 p.m. ET: 1,679,419 — Total deaths: 98,852 — Total recoveries: 384,902 — Total tested: 14,907,041Map.
  3. Federal response: DOJ investigates meatpacking industry over soaring beef pricesMike Pence's press secretary returns to work.
  4. Congress: House Republicans to sue Nancy Pelosi in effort to block proxy voting.
  5. Business: How the new workplace could leave parents behind.
  6. Tech: Twitter fact-checks Trump's tweets about mail-in voting for first timeGoogle to open offices July 6 for 10% of workers.
  7. Public health: CDC releases guidance on when you can be around others after contracting the coronavirus.
  8. What should I do? When you can be around others after contracting the coronavirus — Traveling, asthma, dishes, disinfectants and being contagiousMasks, lending books and self-isolatingExercise, laundry, what counts as soap — Pets, moving and personal healthAnswers about the virus from Axios expertsWhat to know about social distancingHow to minimize your risk.
  9. Other resources: CDC on how to avoid the virus, what to do if you get it, the right mask to wear.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

Updated 37 mins ago - Politics & Policy

Twitter fact-checks Trump's tweets for first time

President Trump briefs reporters in the Rose Garden on May 26. Photo: Brendan Smialowski/AFP via Getty Images

Twitter fact-checked two of President Trump's unsubstantiated tweets that mail-in ballots in the 2020 election would be fraudulent for the first time on Tuesday, directing users to "get the facts" through news stories that cover the topic.

Why it matters: Twitter and other social media platforms have faced criticism for not doing enough to combat misinformation, especially when its propagated by the president.