Voice assistants like Apple’s Siri, Amazon’s Alexa and Google Assistant can be hacked, according to an international team of researchers, by shining a laser on a device’s microphone.
According to researchers at the University of Electro-Communications in Tokyo, Japan and the University of Michigan in the US, the hack, nicknamed ‘Light Commands,’ allows hackers to inject inaudible and invisible commands remotely into voice assistants.
Researchers found that they could do this by targeting the Microelectro-Mechanical Systems (MEMS) of microphones using lasers and and make them respond to the light laser as if it were sound. Researchers wrote that by implementing this technique they could force sound into the microphones simply by adjusting the amplitude of a laser light.
Researchers wrote that they were able to access full control of voice assistants at distances of up to 361 feet or 110 meters.
Th danger here is that the use of ‘Light Commands’ would allow hackers to unlock a targeted person’s smart-lock protected front door, shop on e-commerce websites at a targeted person’s expense, open garage doors, and even locate, unlock and start vehicles like Teslas and Fords which may have on-board digital connections to a targeted person’s Google accounts.
Researchers have shared their findings and maintained contact with the security teams of Apple, Amazon, Ford and Tesla as well as with the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and the Food and Drug Administration (FDA). ICS-CERT works at building strong partnerships between government and industry in order to reduce the risk to the critical infrastructure in the US.
An Amazon spokesperson said the company takes the security of its customers and the security of its products very seriously and that the company is reviewing this important research and engaging with is authors of the study and their team to understand more about these critical findings.
Be aware that it takes a lot to hack a voice assistant with a light laser. First of all it requires expertise and the use of specialized equipment. Then their needs to be an unobstructed view of the targeted device whether home or vehicle.
For instance, with vehicles, researchers were limited in their hacks. Even though they were able to unlock doors and trunks, they were unable in some cases to start the engine without knowing the exact proximity of the the key start location and in other vehicles the engine stopped and was unable to be driven once the car was shifted out of the park position.