A Germany-based security company warned smart speakers made by Amazon and Google posed a security risk, as third-party apps approved by the companies enabled the theft of sensitive user data.

In a statement, Security Research Labs (SRLabs) explained it uncovered “two possible hacking scenarios” relating to the Skills app for Amazon’s Echo and Actions service on Google Home. The flaws “allow a hacker to phish for sensitive information and eavesdrop on users”.

During tests, SRLabs said the apps effectively turned the speakers into “smart spies” by providing them with the means to listen into conversations and request personal data even after the original voice command had been executed.

SRLabs highlighted back-end processing of voice commands as the point of vulnerability, noting this element is handled by app developers rather than Amazon or Google.

The manufacturers blocked the apps immediately after SRLabs informed them of the flaws, it added.