They are capable of handling a lot of tasks. But, if a recent security report is anything to go by, both digital helpers can be compromised by hackers to eavesdrop on your private conversations, steal your passwords.
As both Amazon and Google have extensive checks in place for detecting malicious programs for their respective voice assistants, the security researchers uploaded the malicious code as part of an update for existing skills/actions.
In response, both companies reassured that they take down malicious skills immediately after detection and have mitigation in place to prevent more compromised programs from showing up in the future.
In addition to the security assurance, a Google spokesperson told Ars Technica that they have removed the malicious action uploaded by the researchers and are conducting an internal review of all third-party actions for proper security.