Amazon Echo and Google Home speakers have been compromised by apps modified to spy on users after being approved by the technology companies.
Berlin-based Security Research Labs (SRL) built the eight “smart spies”, which were promoted as a way to deliver horoscopes and generate random numbers.
Once approved, the researchers updated the Echo Skills and Home Actions to eavesdrop and steal passwords.
They then alerted the US companies, which blocked the software.
“Smart spies undermine the assumption that voice apps are only active as long as they are in dialogue with the user,” Karsten Nohl, SRL’s chief scientist, told BBC News.
Creating them had been a fairly easy process that required relatively little programming experience, he said.
They were activated when a user said something like: “Alexa, turn on my horoscopes,” or: “OK Google, ask My Lucky Horoscope to give me the horoscope for Taurus.”
When the user tried to turn off the app, they heard a “Goodbye” message but the software carried on running for several more seconds rather than deactivating immediately.
If, in that time, the person said a phrase including the word “I” or other chosen terms, their speech was transcribed and sent back to SRL.
One giveaway something was not right was the smart-speaker light remained turned on, indicating it was still listening, according to Mr Nohl.
And, he suggested, this should be something smart-speaker owners kept an eye on.
A variation of the attack involved the app saying: “An important security update is available for your device. Please say, ‘Start update,’ followed by your password.”
Anything the user said after the word “Start” was then sent back to the developer.
“Users should be very suspicious when any smart speaker asks for a password, which no regular app is supposed to do,” Mr Nohl added.
David Emm, a security analyst at Kaspersky Lab, said people needed to remember some of the apps offered for Amazon Echo and Google Home devices were made by third parties.
“We all need to aware of the capabilities of these devices,” he said.
“They’re ‘smart listeners’, not just smart speakers. Their capabilities extend to apps that we use with them.”
Google said it had removed SRL’s Actions.
“We are putting additional mechanisms in place to prevent these issues from occurring in the future,” the company added.
Amazon said: “Customer trust is important to us and we conduct security reviews as part of the skill certification process.
“We quickly blocked the Skill in question and put mitigations in place to prevent and detect this type of Skill behaviour and reject or take them down when identified.”