A scientific report published yesterday shines a light on a bizarre vulnerability found on many popular smart devices/voice recognition systems, including Amazon Echo, Facebook Portal and Google Home.
A team of researchers from the University of Michigan and the University of Electro-Communications in Tokyo have published a new report which reveals how light can be used to hack a range of popular smart home devices.
The research project, titled Light Commands, explores how smart devices equipped with micro-electrical-mechanical systems (MEMS) microphones can be hacked using light.
The researchers demonstrated that they could gain access to a variety of common devices which have voice command capabilities, including the iPhone XR and Samsung Galaxy S9.
The light hack is particularly effective because many voice-controlled devices don’t require a PIN or password for authentication. They are also often linked to important personal property, including home security systems.
Below you can see a video of the researchers using a laser to open a garage door through Google Assistant.
How does the ‘light hack’ work?
The researchers used laser beams to mimic a human voice, effectively tricking the smart devices into thinking a person was talking directly to them.
The light hack works because of a strange quirk in the way MEMS microphones respond to light.
According to reports by Ars Technica, MEMS microphones respond to light as if it were sound. Scientists aren’t quite sure why this specific type of microphone reacts in this way, but a huge number of everyday devices use them.
By shining the laser beam directly at the microphone of a smart device and then modulating the intensity of the light to mimic the pitch variations of a human voice, the researchers were able to ‘talk’ to the device from as far away as 110 meters (360 feet).
How easy is it to pull off this kind of attack?
Laser pointers are now readily available to buy online cheaply and easily. This means that, theoretically, anyone should be able to make use of the ‘light hack’ to gain access to smart devices.
In reality, it’s not quite that simple. The main issue is that the laser beam needs to be able to mimic the sound of a human voice, with all the variations in pitch and volume.
Standard laser pointers can either be turned on or off. There is no way of varying the intensity of the light they emit.
As a result, a few extra bits of equipment are needed in order to set up rig capable of hacking a smart home device.
This includes a laser driver, responsible for varying the intensity of the laser beam, for $399 and an audio amplifier, responsible for translating the sound of a voice into an electrical signal, for $27.99. In order to increase the range of the laser, a $199+ telephoto lens is also required.
All things considered, it’s certainly not a cheap or easy project for anyone to carry out in their spare time.
Additionally, for one of these attacks to be inconspicuous, they have to be carried out from significant range, as well as using an invisible infrared laser which is more expensive and trickier to set up.
But for professional or state actors, for example, this is pocket change for the ability to gain access to sensitive information or property.