A new laser-based hack discovered for devices with MEMS (micro-electro-mechanical systems) microphones makes iPhone, HomePod, Google Home, Amazon Echo, and more vulnerable to line of sight attacks from up to several hundred feet away.
Reported by Ars Technica, the type of attack is called ‘Light Commands’ and was discovered by researchers at the University of Electro-Communications and the University of Michigan. Light Commands make it possible to hack Siri, Google Assistant, Alexa, and more from a distance as long as the attacker has line of sight to the device’s microphones.
Here’s how it works:
Shining a low-powered laser into these voice-activated systems allows attackers to inject commands of their choice from as far away as 360 feet (110m). Because voice-controlled systems often don’t require users to authenticate themselves, the attack can frequently be carried out without the need of a password or PIN. Even when the systems require authentication for certain actions, it may be feasible to brute force the PIN, since many devices don’t limit the number of guesses a user can make. Among other things, light-based commands can be sent from one building to another and penetrate glass when a vulnerable device is kept near a closed window.
As noted by Ars, the researchers have done limited testing with iPhones, tablets, smart speakers, and smart displays but they believe that “all devices that use MEMS microphones susceptible to Light Commands attacks.”
Light Commands do have some limitations, like a malicious party needing to have a direct line of sight to a device and be able to very accurately position a laser on a device’s microphone.
However, the researchers have carried out attacks in moderately realistic conditions and the lack of authentication for voice assistants that can control smart home devices like door locks, garage doors, and more is certainly concerning.
More interesting, some of the tests were even done with just an $18 laser pointer, laser driver, and an audio amplifier for less than a $400 total.
The researchers have created a website detailing how Light Commands work and are already partnering with Apple, Google, and Amazon and more to come up with “defensive measures.”
Check out more about Light Commands vulnerabilities in the videos below: