Smart‑Speaker Skill Scams: How Alexa, Google Assistant and Home Hubs Are Being Weaponized (and How to Lock Them Down)

Introduction — Why your smart speaker can be an attack surface

Smart speakers and home assistants (Alexa, Google Assistant, Nest/Hub devices and third‑party hubs) are convenient — but they also expose new avenues for fraud. Researchers have demonstrated multiple, realistic attack classes against third‑party voice apps (“skills” on Alexa, “actions” on Google) including skill‑squatting, voice‑masquerading (apps that impersonate system prompts), silent reprompts that keep microphones active, and prompt/slot abuses that capture user speech. These attacks can steal passwords, confirm purchases, or eavesdrop on conversations if a malicious developer or compromised skill is executed on your device.

Although platforms have improved vetting and removed several proof‑of‑concept skills, the threat remains because attackers exploit speech ambiguity, post‑approval changes, and audio‑processing edge cases. Understanding how these attacks work lets you apply practical configuration and usage controls to sharply reduce risk.

How attackers weaponize voice apps — common techniques

• Skill / Action squatting: Attackers publish voice apps with names or phrases that sound like legitimate services so the assistant launches the malicious skill instead of the intended one. This is a long‑documented risk called skill‑squatting/voice‑squatting.
• Voice masquerading & silent reprompts: A malicious skill can use long silent SSML or special characters to make the device appear inactive, then prompt the user for credentials or other sensitive speech that the skill records and forwards. Security Research Labs demonstrated this class of “Smart Spies” attacks.
• Replay and recorded‑voice attacks: An attacker with a recording of a legitimate user can replay commands to a hub (or use loudspeakers near a device) to trigger actions — researchers call these replay/injection attacks and have proposed detection and liveness defenses.
• ASR‑assisted vishing and adversarial audio: Scammers increasingly chain TTS/ASR and LLMs to run large‑scale vishing. New research (ASRJam / EchoGuard and related work) shows both the threat and emerging jamming defenses that disrupt attacker ASR without ruining human comprehension.
• Account linking & payment abuse: If you link bank, shopping or payment accounts to voice apps, malicious skills can try to confirm payments or solicit PINs; platform features vary for how purchases and account linking are protected.

Concrete steps to lock down your smart speaker (step‑by‑step)

Below are practical, prioritized actions you can take today. Apply them across every voice device in your home.

1) Harden purchase & payment flows

• Disable voice purchases if you don’t use them. On Alexa you can turn off Voice Purchasing or require a 4‑digit confirmation code; on Google Assistant, disable “Pay through your Assistant” or require confirmation via Voice Match / fingerprint. If you must allow purchases, require an explicit PIN or multi‑factor confirmation.

2) Audit and remove third‑party skills/actions

• Regularly review enabled skills/actions in the Alexa and Google Home apps and remove anything you don't recognize. Avoid enabling skills that request account linking or sensitive permissions unless absolutely necessary. Limit skills to well‑known developers and official integrations.

3) Tighten voice recognition & profiles

• Enable Voice Match or voice profiles and enroll only trusted household members; consider disabling features that return personal data to unknown voices (personal results). Be aware voice biometrics are imperfect and can be spoofed — use them together with purchase PINs where available.

4) Limit sensitive routines & account linking

• Don’t link bank or critical accounts to voice apps unless you understand the exact authorization model. Review and revoke account‑linking tokens in the platform account settings when not in use. Avoid skills that ask for passwords or long PINs by voice.

5) Privacy & logging

• Periodically review and delete voice history (Alexa: Alexa Privacy > Review Voice History; Google: Data & Privacy controls in your Google Account). Turn off long‑term storage of voice recordings if you prefer privacy.

6) Physical & behavioral controls

• Place devices in shared spaces (avoid bedrooms), mute microphones when not needed, and disable features like Drop‑In or messaging if you don’t use them. Teach household members not to speak passwords, PINs or other secrets aloud to voice devices.

7) Firmware, app and account hygiene

• Keep device firmware and companion apps updated, use strong passwords on vendor accounts, enable MFA on your Amazon/Google accounts, and monitor bank/credit card activity for unexpected charges.

If you suspect a smart‑speaker compromise — quick response checklist

1. Disable the device microphone (physical mute) and/or disconnect the device from Wi‑Fi immediately.
2. In the companion app, remove recently enabled skills/actions and unlink any suspicious accounts.
3. Check purchase history, contact your bank to flag unauthorized charges, and change passwords on linked accounts (Amazon/Google, banking, shopping).
4. Review voice history and delete suspicious recordings; export or preserve logs if you plan to report to law enforcement.
5. Report the malicious skill/action to the platform (Amazon Developer Support / Google Actions support) and file a complaint with the FTC if you suffered financial loss. Keep screenshots, activity timestamps, and device logs for investigators.

Longer‑term, consider limiting voice control to non‑sensitive tasks (music, weather, timers) and use phone apps or authenticated devices for anything involving money or personal data. Emerging academic and industry defenses (e.g., SkillFence, ASR jamming/liveness detection) show promise but are not universal yet — implement the configuration controls above for immediate risk reduction.