In videos posted to YouTube, SRLabs showed how an app that works with Alexa or Google’s voice assistant could be programmed by a hacker. In one demo, a user opened an app via a voice command and was told it does not run in their country. The voice assistant was then silent. However, unbeknownst to the user, it continues to run in the background, listening for prompts. After a few minutes, the voice assistant said there was a company update and asked the user to say their password.
Amazon and Google assistants do not ask users to reveal passwords when working correctly.
There doesn’t appear to be evidence that any hackers actually carried out the manipulation to the voice assistants.