Amazon and Google unwittingly approved speaker apps that eavesdropped on users and stole passwords

Daily Mail - Science & tech 

Researchers successfully sneaked malicious apps behind the defenses of two major smart speaker companies in a test on their security practices. Experts at Security Research Labs say the apps were design to target personal data like voice-recordings and passwords of both Google Home and Amazon Echo users by posing as software that reads horoscopes through voice-commands. The apps were only removed once researchers made the company aware of their test. All eight of the apps designed by the researchers were able to bypass Amazon and Google defenses and were approved by the companies' moderation teams - a lapse that experts say invites even greater scrutiny on smart devices' privacy and safety standards. 'As the functionality of smart speakers grows so too does the attack surface for hackers to exploit them,' write the researchers in their report.