Smart speakers have always been linked to privacy issues and hacking concerns and now security researchers have found a surprising vulnerability that would allow an attacker to take over voice-controlled devices like Amazon's Alexa, Apple's Siri and Google Assistant with a simple laser pointer.
Microphones in smart devices convert sound like the user's voice commands into electrical signals, which then relay the commands to the device. However, an international team of researchers from the University of Michigan and University of Electro-Communications in Tokyo have discovered that microphones respond the same way when a focused light is pointed directly at them.
This is a huge security risk that can allow hackers to gain control over voice-controlled devices with nothing more than a $13.99 laser pointer and good aim, even if they're hundreds of feet away. In the report, which was published on Monday. The team revealed that they were able to trick a Google Home device into opening a garage door by shining a laser beam at the device's microphone.
They were also able to gain access to a Google Home device on the fourth floor of an office building from the top of a bell tower 230 feet away. Moreover, just by focusing their lasers with the help of a telephoto lens, they were able to hijack a voice assistant from a distance of 350 feet. The researchers pointed out that they could've easily turned light switcher on and off, made online purchases, remotely unlock or start a car, or even open the front door if it was secured with a smart lock.
"This opens up an entirely new class of vulnerabilities," said Kevin Fu, an associate professor of electrical engineering and computer science at the University of Michigan. "It's difficult to know how many products are affected, because this is so basic." This vulnerability poses a risk not only to smart speakers but also smartphones like the iPhone XR, Samsung Galaxy S9, and Google Pixel 2, though the researchers found that they had to be much closer to hack into the devices.