Researchers Find out That You Can Hack into Voice Assistants Using Lasers
Voice assistants are helping more and more people in their homes, offices, and on the go. The likes of Amazon's Alexa, Apple's Siri, and Google Home are incredibly useful. However, questions over security and safety around these have recently been asked.
Now, a group of researchers from the University of Michigan and the University of Electro-Communications in Japan has found a way to command these assistants via lasers. They've named their system Light Commands.
How does it work?
All you have to do is shine a laser, or a flashlight, at one of the voice assistant devices' microphones, and your command will be done.
It is as simple as that. However, there is some back-end work happening.
The laser or flashlight emits a high-pitched command, barely audible to the human ear.
Following months of experimentation, the researchers discovered that when they pointed a laser at a microphone and changed the intensity at an exact frequency, the light would perturb the microphone's frequency.
The microphone then picked up the incoming light as a digital signal, just like a voice command.
By matching the intensity of the laser to match the frequency of a human voice pitch, the lasers could command the devices.
What could they command the voice assistants to do?
The researchers then had some fun with their experiment. They were able to open a garage door by pointing their laser at the home device, for example.
At one point, they climbed up 42 meters (140 feet) of a University of Michigan building to point their laser at a Google Home device. They were able to control the device, which was located 70 meters (230 feet) away, on the fourth floor of an office building.
They even managed to control a voice assistant device over 76 meters (350 feet) away by using a telephoto lens.
The team admitted they could have easily switched lights on or off, or bought online products from linked devices.
"This opens up an entirely new class of vulnerabilities," said Kevin Fu, an associate professor of electrical engineering and computer science at the University of Michigan. "It's difficult to know how many products are affected because this is so basic."
Some of these devices do require additional I.D. checking ahead of making online purchases, for instance. However, all in all, this is a worrying discovery as it is so simple, and many of the devices do not require any additional I.D. checking before carrying out commands.