As helpful as Siri, Alexa and Google Home are, cyber security experts have long warned that smart device are probably not keeping your privacy very secure. It turns out, smart home hacking doesn’t even require much technical skill.
Researchers at the University of Michigan say they have found a way to take over a Google Home, Alexa or Siri from hundreds of feet away by shining laser pointers and flashlights at the devices’ microphones.
The team opened a garage door by shining a lase beam at a connected voice assistant and controlled a Google Home device on the fourth floor of an office building 230 feet away. Another device more than 350 feet away was controlled by focusing lasers through a telephoto lens.
Any digital smart systems could have been hacked using their methods, the researchers said.
The method works by shining a light through the window at microphones inside the smart speakers, tablets or phones, sending inaudibly and potentially invisible commands.
According to the researchers, an attacker could then control smart home switches, open smart garage doors, make online purchases, unlock and start vehicles and open smart locks.
“Microphones convert sound into electrical signals. The main discovery behind light commands is that in addition to sound, microphones also react to light aimed directly at them. Thus, by modulating an electrical signal in the intensity of a light beam, attackers can trick microphones into producing electrical signals as if they are receiving genuine audio.”
It is possible to mitigate the issue, according to the team.
- An additional layer of authentication is suggested, like requiring the device to ask the user a simple randomized question before following through on a command.
- Manufacturers can use sensor fusion techniques, like installing several microphones and requiring commands to be heard by each.
- Manufacturers can also reduce the amount of light that reaches the microphone’s diaphragm.
The team said they notified Tesla, Ford, Amazon, Apple and Google to the flaw, and each said they were studying the group’s paper, released Nov.4.
These companies already aren’t great at keeping your data — or even conversations — private. They probably couldn’t have foreseen this type of attack, but they should all take this seriously and find a solution to smart home hacking as soon as possible.