Voice assistants such as Amazon’s Alexa, Apple’s Siri and Google Assistant can be hacked by shining a laser on the devices’ microphones, according to an international team of researchers.
Hackers can hijack your smart speakers, unlock your doors and run up gas and electric bills at your home using laser pointers. The terrifying attack uses a laser to control the speaker – like an Amazon Echo or Google home – instead of words. The attack requires line of sight, but powerful lasers can be purchased cheaply online and the beam can travel over huge distances
By changing a laser’s intensity to a certain frequency, researchers were able to trick the speaker into thinking it was hearing sound. The laser would be pointed at the speaker’s microphone, and interpret it as an audio command. This lets hackers issue voice commands to your speakers, potentially from a remote location.
It’s an attack that’s capable of covertly injecting commands into voice-controllable systems from long distances, said the University of Michigan team in a research paper. The Hackers simply need to shine a modified laser beam at your speakers to hijack them. This would allow hackers to do anything you can normally do with a smart speaker.
Hackers could annoy you by playing loud music at night, or making phony purchases on your account. But the attacks can get more serious if you have an Alexa linked up to other smart home gadgets. They could run up big gas or electricity bills using smart heating and lighting systems and users with smart door locking systems could be put at risk of burglaries. Researchers were able to successfully open a garage door using the laser hack. Some cars are even vulnerable to theft using this technique, researchers warn.
The only requirement for the ‘LightCommands’ hack is a reasonably sophisticated laser set up, and direct line of sight to the speaker. But this could easily be achieved for reasonably low cost, with lasers aimed through a clear window. The researchers said the laser itself was purchased online for around $18.
What is Alexa?
If you’ve never heard of Alexa, here’s what you need to know…Alexa is an “intelligent” personal assistant built by Amazon. You can find Alexa technology on several different devices, including Amazon’s Echo speakers. Alexa responds to voice commands, and can talk back to you. She can perform thousands of different tasks, including telling you about the news or weather. But she can do more complex things too, like ordering a pizza or arranging an Uber taxi pick-up.
To activate Alexa, you just need to say “Alexa” to an Amazon Echo speaker.
Because the device is powered by artificial intelligence, Alexa is constantly getting smarter. Alexa will also get more used to your voice, and better understand what you want her to do over time.
One way of spotting the attack is to look out for laser light on your speaker. But that won’t always work: scientists were also able to execute the hack using invisible lasers. The experiment worked with infrared laser light that can’t be seen by human eyes.
In a public statement an Amazon spokesperson said: “Customer trust is our top priority and we take customer security and the security of our products seriously. “We are reviewing this research and continue to engage with the authors to understand more about their work.”
Do you trust your smart speaker?