Researchers have found a way to hijack smart speakers by simply shinning a laser at their built-in microphones.
Although lasers are silent, they can actually dupe a speaker into picking up sound, according to academics at the University of Michigan, and in Japan. On Monday, they published a paper, showing how they used a generic $18 laser pointer to transmit non-existent voice commands to Amazon Echo and Google Home devices at distances of up to 360 feet.
The researchers pulled off the hack all thanks to a flaw in today's microphone technology. To pick up audio, a microphone contains a thin membrane component inside called the diaphragm. When sound waves hit the diaphragm, it moves to the reactions, converting the incoming audio into an electrical signal.
(From the researchers' video summarizing the hack.)
But what happens if you shine a laser on the microphone? Well, it too can cause the delicate diaphragm inside to vibrate. The researchers studied this effect, realizing it was possible to modulate a laser's intensity to manipulate the microphone's diaphragm into creating electrical signals for spoken human words.
This laid the foundation for the "light commands" hack. With a PC, a sound amplifier and $340 "laser diode driver" to modulate the intensity, they were able to effectively write voice commands such as "OK Google, open the garage door" on to a laser beam.
The researchers showed off the results in several videos. With the help of a $200 telephoto lens, they were able to beam the command "OK Google, what time is it?" to a Google Home speaker at a distance of over 110 meter (360 feet) away inside a hallway.
In another demo, the laser was able to beam a voice command to the speaker sitting next to a window in an office building 240 feet away. In all cases, the laser simply had to shoot directly through the smart speaker's microphone port.
In total, the researchers tested their hack on 17 different devices, and found the laser-based commands worked on all, but at varying distances. Smart speakers such as the Google Home and Amazon's Echo and Echo Dot devices could be hijacked at a distance of over 50 meters. Meanwhile, smartphones and tablets could only be hacked at distance about five to 20 meters.
Although millions of voice-assistant capable devices are vulnerable to the flaw, the light commands hack is more of a theoretical threat, than a real practical attack. The danger is also easy to prevent; simply put your smart speaker in your home away from a window.
Nevertheless, the hack underscores the risk of today's smart home and voice command technologies. By hacking a single smart speaker, an attacker could also hijack any other systems connected to it, say a smart lock or a smart garage door, the researchers warned. It doesn't help that voice assistant's typically function with without the security measures, such as identity confirmation, turned on by default.
The good news is that the researchers have seen no instances of someone using the light commands hack for malicious purposes. They've also notified the major tech companies about their findings. But fixing the flaw will mean redesigning microphones and smart speakers to effectively introduce safeguards to filter out laser-based manipulation.