Researchers have discovered that Siri, Alexa, and Google Assistant are vulnerable to a laser attack.
Lasers have recently been used to inject inaudible and invisible commands to hack smart speakers. The laser method could be used to unlock doors, visit websites, unlock vehicles, and more.
A report from Voicebot.ai says at least 26.2% of U.S. households own at least one smart speaker. Accordingly, many music streaming services see smart speakers as a trojan horse device into people’s homes and music remains a top activity on the devices. Case in point: Spotify is giving away free Google Home Mini devices to new Premium subscribers.
The laser-based attack works as far away as 360 feet and can perform a wide variety of functions. That’s because voice-controlled devices often don’t require any form of authentication. The light-based commands can be sent between one building and another if the device is near a closed window.
Ars Technica reports that the attack exploits a vulnerability in microphones that use micro-electro-mechanical systems, or MEMs. The microscopic MEMs components in these microphones respond to light as if it were sound.
“We show how an attacker can use light-injected voice commands to unlock the target’s smart-lock protected front door, open garage doors, shop on e-commerce websites at the target’s expense, or even locate, unlock and start various vehicles (e.g., Tesla and Ford) if the vehicles are connected to the target’s Google account.”
Researchers tested Siri, Alexa, Google Assistant, Facebook Portal, and tablets and phones. All devices that use MEMS microphones are susceptible to this laser attack.
Researchers tested several different attack methods — using a simple laser pointer up to lab equipment lasers. At least one attack successfully injected a command through a glass window at more than 230 feet away.
This research draws concerns for devices that many people use at least once daily. With so much of our lives tied to these smart devices, they shouldn’t be fooled so easily.