All posts in “Google Assistant”

Creepiest Alexa and Google Assistant security fail yet

Because we don’t have enough concerns about our digital privacy these days, it seems Amazon’s Alexa and Google Home both gave thumbs up to apps that could be used to eavesdrop on users and phish for their passwords.

As reported by Ars Technica, whitehat hackers at Germany’s Security Research Labs developed four apps, called “smart spies,” for each device that passed muster with Amazon and Google’s respective vetting processes, meaning they were approved for public use. 

SRLabs disguised these malicious apps as useful tools like horoscope apps and random number generators. They were even given vague, generic names like “Skills” (for Alexa) and “Actions” (on Google Home). 

The researchers developed two kinds of apps, one for eavesdropping and another for phishing.

The eavesdropping apps work just fine, but here’s the scary part: After they share a message that makes it seem like they are no longer running, they still record everything a user says. 

Here is the Alexa skill in action.

[embedded content]

And the random number generator created for Google Home. 

[embedded content]

Pretty damn creepy, right? And cause for concern, especially given what we’ve learned in recent months about the conversations that Alexa, Google Assistant, and Apple’s Siri record. And while those companies have all sworn to improve their respective systems and offer opt-outs, it’s the phishing apps from SRLabs that are really disconcerting. 

In each case, the digital assistant responds to a user request with an error message and seems to quit. But the malicious app is actually waiting for a few moments before claiming an update for the device is available. It then requests a password so it can install the update. 

[embedded content]

Smart, security conscious users should be alarmed by this, knowing you should never be asked for a password in this way. But, chances are, people who aren’t as tech savvy, like your relatives who believe everything they read on Facebook, might be fooled.

[embedded content]

In a blog post, SRLabs shares some interesting tidbits about how they got the hacks to work. For instance, with the Alexa eavesdropping app, after it gives its false closing message, the app needs a trigger word to being recording again. It’s not that hard to pull off with a generic trigger word like, “I.”

But SRLabs reveals that the same hack for the Google Home is far easier to trigger: “For Google Home devices, the hack is more powerful: There is no need to specify certain trigger words and the hacker can monitor the user’s conversations infinitely.” 

Again, this is incredibly alarming given that all of these apps were approved by moderation teams for both Amazon and Google. According to Ars Technica, the original four apps demoed in the videos above were taken down by SRLabs themselves while four similar, German-language apps were taken down only after SRLabs disclosed the vulnerabilities to both companies. 

An Amazon rep told Ars Technica, “Customer trust is important to us, and we conduct security reviews as part of the skill certification process. We quickly blocked the skill in question and put mitigations in place to prevent and detect this type of skill behavior and reject or take them down when identified.”

Meanwhile, a Google rep told them, “All Actions on Google are required to follow our developer policies, and we prohibit and remove any Action that violates these policies. We have review processes to detect the type of behavior described in this report, and we removed the Actions that we found from these researchers. We are putting additional mechanisms in place to prevent these issues from occurring in the future.”

We reached out to Amazon and Google for further comment on the report. 

And, as always, trust no one.

Google makes moving music and videos between speakers and screens easier

Google today announced a small but nifty feature for the Google Assistant and its smart home devices that makes it easier for you to take your music and videos with you as you wander about the different rooms in your home.

‘Stream transfer’ as Google prosaically calls it, allows you to simply ask the Assistant to move your music to a different speaker, or — if you have the right speaker group set up — to all speakers and TVs in your home. All you have to say is “Hey Google, move the music to the bedroom speaker,” for example. In addition to your voice, you can also use the Google Home app or the touchscreen on your Google Nest Home Hub.

This will work with any source that can play to your Chromecast-enabled speakers and displays.

It’s all pretty straightforward — to the point where I’m surprised it took so long for Google to enable a feature like this. But maybe it just needed to have enough devices in peoples’ homes to make it worthwhile. “Now that millions of users have multiple TVs, smart speakers and smart displays (some in every room!) we wanted to make it easy for people to control their media as they moved from room to room,” Google itself explains in today’s announcement.

Google announces Action Blocks, a new accessibility tool for creating mobile shortcuts

Google today announced Action Blocks, a new accessibility tool that allows you to create shortcuts for common multi-step tasks with the help of the Google Assistant. In that respect, Action Blocks isn’t all that different from Shortcuts on iOS, for example, but Google is specifically looking at this as an accessibility feature for people with cognitive disabilities.

“If you’ve booked a rideshare using your phone recently, you’ve probably had to go through several steps: unlock your phone, find the right app, navigate through its screens, select appropriate options, and enter your address into the input box,” writes google accessibility software engineer Ajit Narayanan. “At each step, the app assumes that you’re able to read and write, find things by trial-and-error, remember your selections, and focus for a sustained period of time.”

Google’s own research shows that 80 percent of people with severe cognitive disabilities like advanced dementia, autism or Down syndrome don’t use smartphones, in part because of these barriers.

BedtimeStory 1

Action Blocks are essentially a sequence of commands for the Google Assistant, so everything the Assistant can do can be scripted using this new tool, no matter whether that’s starting a call or playing a TV show. Once the Action Block is set up, you can create a shortcut with a custom image on your phone’s home screen.

For now, the only way to get access to Action Blocks is to join Google’s trusted tester program. It’s unclear when this will roll out to a wider audience. When it does, though, I’m sure a wide variety of users will want to use of this feature .

Smart garage openers are a thing and these 4 are on sale — save up to $50

Just to let you know, if you buy something featured here, Mashable might earn an affiliate commission.
These Alexa and Google Assistant-enabled garage door sensors can give you peace of mind when you leave home.
These Alexa and Google Assistant-enabled garage door sensors can give you peace of mind when you leave home.

Image: pexels

The only thing more infuriating than leaving something important at home is realizing that you’ve left your garage door open. And unless you have someone at home to close it for you, you’re left with no choice but to drive back and shut it yourself.

You don’t have to bother anyone if you happen to have a smart garage door opener installed. Owning one lets you remotely control it from anywhere through your smartphone. And besides, you’ve probably already smartified almost everything else in your house. Smartifying the garage is a no-brainer.

Below are a variety of smart garage openers you can snag on sale. Don’t worry, none of them would be disabled without your consent.

Whether you’re chilling in Hawaii or just at the office, this smart garage opener and smart plug bundle lets you control your garage and appliances anytime, anywhere. Using either your smartphone, Alexa, or Google Assistant devices, you can open, close, and monitor your garage door, as well as turn on or off your appliances. The app even gives you reminders when your garage door and appliances are turned on. Usually retailing for $99, you can get it on sale for $79.

Garnering a 4.5-star rating on Amazon, this smart garage opener integrates with your existing IP camera for real-time video monitoring, giving you total garage security. The accompanying ismartgate app lets you remotely open and close your garage door from anywhere, and allows you to grant, deny, and modify access to different users. And should the door be left open for more than 10 minutes, you’ll receive an alert right away. It normally goes for $119, but you can get it for $90 for a limited time.

Want an all-inclusive security bundle? This garage kit features a smart garage opener, an HD indoor camera, and a wireless waterproof tilt sensor for all-around protection. The system allows you to remotely control up to three garage doors, while the IP camera features two-way audio technology to let you communicate with whoever crosses your garage. As a bonus, you can also integrate it with your Apple HomeKit, Google Home, Amazon Alexa, and iFTTT at no additional cost. Grab it on sale for $199— 20% off the usual price of $249.

Compatible with ismartgate PRO/LITE garage controllers, this wireless waterproof magnetic sensor can be used to remotely monitor the status and temperature of your garage wherever you are. You can use it to fetch real-time alerts when your garage is opened, closed, left open, or forced to stop, when the batteries are running low, or when the temperature goes above or below your pre-defined setting. You’ll find it especially useful if you store valuable stuff in your garage. It regularly retails for $39.95, but you can get iton sale for $29 — a savings of 27%.

Google’s Pixel 4 phones may do the waiting for you when you’re on hold

Google’s next Pixel phones might come with another major benefit: you’ll never have to listen to annoying hold music again. 

That’s according to a recent report in 9to5Google, which reports Google is readying a new feature that will allow its Assistant to wait on hold for you.

Here’s how it works, according to the “reliable source” that spoke with publication: when you’re placed on hold, you can tap a button to let Google Assistant know you want it to take over the call. You can then “take your attention away from the call, and Google Assistant will let you know when there’s an actual human back on the other end of the call.”

It’s not clear when such a feature might launch. Google’s Pixel 4, which will also have a new face unlock and gesture recognition features, is expected to launch later this year. But it sounds like the new Google Assistant feature might not be ready for the phone’s initial launch, and could be unveiled at a later date. 

Google has been experimenting with several features meant to make the kind of routine phone calls where you typically get placed on hold easier. The company previously introduced Duplex, which lets Google Assistant book restaurant appointments and reservations on your behalf, and a call-screening feature, which allows Google Assistant to find out who is calling before you pick up the phone.

Both of those features were first shown off at Google’s I/O developer conference, which takes place each spring. So it’s possible the company could again wait for the annual software event to show off the new capability for its Assistant.

Google didn’t immediately respond to a request for comment.

Though we’re still at least a month out from the launch of the Pixel 4, we do already have quite a few details on the handset. The company shared images of the back side of the phone, which will have a larger camera bump, and revealed in a blog post that the phone will be the first to take advantage of Google’s radar-based gesture recognition tech, which will enable users to control the phone without actually needing to hold the phone.

Uploads%252fvideo uploaders%252fdistribution thumb%252fimage%252f92540%252f7932a8be 8c22 47b9 bd67 94de254f1634.png%252foriginal.png?signature=923o qb8avurbgio57oq0bnqz 0=&source=https%3a%2f%2fblueprint api production.s3.amazonaws