It's dismayingly easy to make an app that turns a smart-speaker into a password-stealing listening device and sneak it past the manufacturer's security checks

German security researchers from Security Research Lab created a suite of apps for Google and Amazon smart speakers that did trivial things for their users, appeared to finish and go dormant, but which actually stayed in listening mode, then phished the user for passwords spoken aloud to exfiltrate to a malicious actor; all their apps were successfully smuggled past the companies app store security checks. Read the rest