Oct 21, 2019

Researchers find new way for Alexa and Google Voice to phish users

Joe Uchill

Photo: Olly Curtis/Future via Getty Images

A newly discovered variation of an old technique might make it easier for hackers to convince inattentive users of Google Voice and Alexa smart speakers to cough up their passwords.

The big picture: The security flaw was discovered by SRLabs and was first reported by ZDNet, but it has not been witnessed in use by actual hackers. Google has already announced closing the flaw.

What's happening: With smart speakers, it's tough to tell if an application is still open after it stops speaking. Researchers have, over the years, discovered several ways to force smart speakers to stop talking for a few minutes — making it appear as though an app has closed — before sending a message requesting a user to reenter their password. At this point, it seems like it's Google and not an app asking for the info.

  • In the SRLabs case, adding the "�" character to various commands allowed programmers to keep an app open much longer than it should be.
  • Smart speakers frequently have a light or other notification to show that an app is still running. That's useful if a user thinks to look for it and is nearby, but easy to overlook during a hectic day.

Go deeper

Sara Fischer

Report: U.S. government to probe TikTok

Illustration: Aïda Amer/Axios

The U.S. government plans to probe TikTok over national security concerns, sources tell CNBC.

Why it matters: The viral video-sharing app owned by Chinese tech giant ByteDance has cause concern for U.S. policymakers in recent months. As its reach grows within the U.S. — particularly among children — there's anxiety as to whether the app collects and shares data from American users with the Chinese state.

Go deeperArrowNov 1, 2019
Orion Rummler

Google CEO: The company is "genuinely struggling" with transparency, employee trust

Google CEO Sundar Pichai in May 2019. Photo: Josh Edelson/AFP/Getty Images

Google CEO Sundar Pichai told employees at an all-staff meeting this week that "it's definitely gotten harder" to see how to make improvements after breaking employees' trust at the company's current scale, the Washington Post reports.

Our thought bubble, via Axios' Ina Fried: Google has prided itself on having a vocal employee base. In recent months, the tech giant has struggled with handling workers who question its every move and want a say in everything from who is hired or retained to who the company does business with.

Go deeperArrowOct 26, 2019
Margaret Harding McGill

Google fights to limit sharing of information in antitrust probe

Google turned to a Texas court for help Thursday, fearing that a multistate antitrust probe could allow its rivals to gain access to sensitive information.

Driving the news: Google sought a protective order to limit the sharing of its confidential information in the states' antitrust investigation.

Go deeperArrowNov 1, 2019