Researchers say that Amazon and Google need to focus on weeding out malicious skills from the getgo, rather than after they are already live. The hack leverages something called fallback intent, which is when a voice app cannot assign the user s most recent spoken command to any other intent and instead offers help. For Alexa users, the researchers also leveraged the built-in stop intent which reacts to the user saying stop . The hack can be abused to listen in on users or vish (voice phish) their passwords, researchers said.
Source: https://threatpost.com/alexa-google-home-eavesdropping-hack-not-yet-fixed/151164/