Smart speakers are gradually making itself a space in our homes. I have it, you probably have it, or you’re planning to get one to make your life a bit more seamless and hassle-free. However, as with any smart electronics, there is a never-ending security risk with these speakers sitting quietly at home waiting for your voice command. We saw human workers listening to Google Assistant conversations earlier this year and now, researchers have discovered a security flaw that allows hackers to issue commands to smart speakers using lasers.
According to a recent report from Wired, researchers from the University of Michigan managed to fool smart speakers with a technique they call “Light Commands” which works by varying laser intensity so that the speakers misinterpret laser’s frequency to be a normal voice command.
“It’s possible to make microphones respond to light as if it were sound. This means that anything that acts on sound commands will act on light commands.”, says Takeshi Sugawara, one of the researchers.
The researchers claim to have tested their method with popular smart speakers including Google Home devices, Amazon Alexa devices, and Facebook’s Portal. Smartphones are not immune to this trick as well as the researchers say their trick worked when they tested on smartphones like the iPhone XR, Galaxy S9, Google Pixel 2, and the sixth-generation iPad.
This trick could allow attackers to use light commands to break into homes protected by smart locks, open smart garage doors, make orders on e-commerce websites, steal modern vehicles and much more, as pointed out by the researchers.
If you’re interested to know more about how this trick works behind the scenes, check out the research paper here. Also, take a look at the below demonstration video where the researchers manage to open a garage door.
