Alexa, Siri, Google Assistant Unlocked Via Laser

Researchers at University of Michigan and the University of Electro-Communications in Tokyo have discovered an alarming flaw with digital assistants found in many smart speakers.

The team revealed that burglars could break into homes by shining a laser at digital assistants and smart speakers from more than 100 metres away.

Until now, most of the concern surrounding these devices have centred on privacy worries. Amazon this year admitted in a letter to a US senator that it keeps Alexa user voice recordings indefinitely, and it is being sued for over allegations that Alexa-powered smart speakers are recording children.

Smart security

But now the security aspects of these devices has been brought into question because of lasers.

In their paper on the matter, the researchers warned that “Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.”

“In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows,” the researchers warned.

A video of Google Home speaker being tricked into opening a garage door can be found here.

“The implications of injecting unauthorised voice commands vary in severity based on the type of commands that can be executed through voice,” the researchers warned. “As an example, in our paper we show how an attacker can use light-injected voice commands to unlock the victim’s smart-lock protected home doors, or even locate, unlock and start various vehicles.”

This ability for criminals to “talk” to digital voice assistants by shining a laser at the device’s microphone, will be a cause for concern for homeowners, depending on automated their property is.

Membrane issue

The problem stems from the fact that most of the assistants on modern devices use compact and highly sensitive microphones equipped with a diaphragm. This is a thin membrane that moves when hit by sound waves.

It seems that this movement is then converted into electrical signals, which are acted upon by the voice assistant.

The researchers discovered that the diaphragm also moves when hit by specific frequencies of light from a laser.

The researchers played around with the intensity of the light from the laser, in order to mimic the frequency of a human voice. This allowed them to make basic commands and activate the smart speaker.

It is understood that the researchers have shared the findings with Amazon, Apple, Google, Tesla and Ford.

Google and Amazon are reportedly reviewing the discovery.

Do you know all about security? Try our quiz!