German researchers say Google and Amazon smart speakers can be leveraged to record user conversation or to phish for passwords through malicious voice apps. Unless the two companies take measures to improve the review process and the restrictions for apps integrating with their smart devices, malicious developers could exploit the weakness to capture audio from users. The German researchers recommend that unpronounceable characters be removed and allowing sensitive output that could be used to extract secret information should be considered considered. Google Home, Amazon Alexa and Google Home smart speakers could be exploited by malicious developers.
Source: https://www.bleepingcomputer.com/news/security/malicious-apps-on-alexa-or-google-home-can-spy-or-steal-passwords/