- Dec 2007
- Pennsylvania, USA
Read the rest here, with proof-of-concept video demonstrations.Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible—and sometimes invisible—commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a variety of phones.
Shining a low-powered laser into these voice-activated systems allows attackers to inject commands of their choice from as far away as 360 feet (110m). Because voice-controlled systems often don’t require users to authenticate themselves, the attack can frequently be carried out without the need of a password or PIN.
In other words, someone could issue commands to your home device by pointing a laser (including an invisible IR laser) from up to 360 feet (110m) away, through your window (perhaps from another building), and modulating the laser beam with a voice command which would be completely inaudible.
Is this likely to be a problem? Doubtful. The vulnerability has been demonstrated under controlled conditions. However, such an attack requires line-of-sight between not just the device; but the device's microphone and the laser emitter. Also, the attack would be limited to devices managed by your device. If you use your digital assistant to lock and unlock doors, this could be a problem. If you're like me, and you use it to turn a few fans/lights on and off, the risk is far less.
Personally, I think it's weirdly cool that an audio microphone can receive commands from a laser.