Oct 21, 2019 - Technology

Researchers find new way for Alexa and Google Voice to phish users

Photo: Olly Curtis/Future via Getty Images

A newly discovered variation of an old technique might make it easier for hackers to convince inattentive users of Google Voice and Alexa smart speakers to cough up their passwords.

The big picture: The security flaw was discovered by SRLabs and was first reported by ZDNet, but it has not been witnessed in use by actual hackers. Google has already announced closing the flaw.

What's happening: With smart speakers, it's tough to tell if an application is still open after it stops speaking. Researchers have, over the years, discovered several ways to force smart speakers to stop talking for a few minutes — making it appear as though an app has closed — before sending a message requesting a user to reenter their password. At this point, it seems like it's Google and not an app asking for the info.

  • In the SRLabs case, adding the "�" character to various commands allowed programmers to keep an app open much longer than it should be.
  • Smart speakers frequently have a light or other notification to show that an app is still running. That's useful if a user thinks to look for it and is nearby, but easy to overlook during a hectic day.

Go deeper

Axios
Updated 3 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 2:30 p.m. ET: 19,172,505 — Total deaths: 716,327— Total recoveries — 11,608,417Map.
  2. U.S.: Total confirmed cases as of 2:30 p.m. ET: 4,902,692 — Total deaths: 160,394 — Total recoveries: 1,598,624 — Total tests: 59,652,675Map.
  3. Politics: Trump floats executive action even if stimulus deal is reached.
  4. Education: Cuomo says all New York schools can reopen for in-person learning.
  5. Public health: Surgeon general urges flu shots to prevent "double whammy" with coronavirus.
  6. World: Africa records over 1 million coronavirus cases.
Go deeper (<1 min. read)Arrow
Joann Muller
54 mins ago - Energy & Environment

General Motors tries to revive incendiary lawsuit vs. Fiat Chrysler

Illustration: Eniola Odetunde/Axios

General Motors is trying to revive an incendiary lawsuit against Fiat Chrysler Automobiles with explosive new allegations including bribes paid from secret offshore bank accounts and a union official acting as a double agent between the two automotive giants.

Why it matters: The extraordinary legal battle is occurring amid earth-shaking changes in the global auto industry that threaten to turn both litigants into dinosaurs if they aren't nimble enough to pivot to a future where transportation is a service, cars run on electrons and a robot handles the driving.

Go deeper (3 min. read)Arrow
Orion Rummler
2 hours ago - Health

Cuomo says all New York schools can reopen for in-person learning

Gov. Cuomo on July 23 in New York City. Photo: Jeenah Moon/Getty Images

New York Gov. Andrew Cuomo announced Friday that all school districts across the state can choose to reopen for in-person learning because it has so far maintained low enough coronavirus transmission rates.

Why it matters: It’s another sign that the state, once the global epicenter of the pandemic, has — at least for now — successfully curbed the spread of the virus even as infections have surged elsewhere around the country.

Go deeper (1 min. read)Arrow