Smart speakers vulnerable to ‘light commands’ that can be used to shop online, open garage doors and more

By Shubham Sharma | Published on 06 Nov 2019
Smart speakers vulnerable to ‘light commands’ that can be used to shop online, open garage doors and more
HIGHLIGHTS

A new way of using light-based commands to hack into smart speakers and phones has been discovered.

It was found by researchers at the University of Electro-Communications (Tokyo) and the University of Michigan.

The vulnerability is in MEMS microphones used on smart speakers and light can be used to directly deliver commands.

Advertisements

Access Open Source Technology

Innovate w/ IBM and Discover New Open Source Technology Today. Learn More.

Click here to know more

Using voice commands to control devices is nothing new as most of us are now more or less used to getting answers from a smart assistant on our phones and smart speakers. Google Home and Amazon Echo smart speakers are also commonplace and their market share is steadily increasing since they offer increased convenience of controlling other smart devices via voice. Of course, there are a multitude of privacy concerns when you have a device that keeps a virtual ear out for your commands and sometimes ‘inadvertently’ eavesdrops during your talks, but what if we told you that there might even possibly be a bigger threat looming? 

Researchers at the University of Electro-Communications (Tokyo) and the University of Michigan have found an unconventional way to communicate with devices that work on voice commands. Takeshi Sugawara, Benjamin Cyr, Sara Rampazzi, Daniel Genkin and Kevin Fu discovered something called Light Commands, which employs modulating an electric signal in the intensity of a light beam. The light beam is aimed directly at the microphone of a smart speaker and can be used by attackers to trick a device’s mic into producing electrical signals as if they are receiving genuine audio, which resembles voice commands given by a user.

This means that an attacker can potentially use a laser to deliver commands directly to a speaker and this is a worrying critical flaw. As for the distance from where this flaw can be exploited, the researchers were able to deliver commands in a 110-meter long hallway. They used a commercially available telephoto lens to precisely target a speaker’s mic and mounted both, a laser and the speaker, on tripods to increase accuracy. The test conducted by the researchers worked on some of the most popular devices like Google Home, Home Mini, Amazon Echo Plus 1st and 2nd Gen, Echo, Echo Dot 2nd and 3rd Gen, Echo Show 5, iPhone XR, iPad 6th Gen, Samsung Galaxy S9, and the Google Pixel 2. 

While there is no mitigation for the vulnerability, the researchers do mention that the manufacturers of such smart speakers can use sensor fusion techniques. This entails using audio from two mics instead of one so that it is difficult for an attacker to use two laser beams precisely and a command picked up by only one mic can be discarded as an injected command. 

Xiaomi Mi Air Purifier 2S Key Specs, Price and Launch Date

Price:
Release Date: 23 Oct 2018
Variant: None
Market Status: Launched

Key Specs

  • Power Consumption (W) Power Consumption (W)
    29W
  • Coverage Area(sq.ft.) Coverage Area(sq.ft.)
    21m² ~ 37m²
  • Noise Level (dB) Noise Level (dB)
    NA
  • Air Flow Rate (cubic m/h) Air Flow Rate (cubic m/h)
    310m³/h
logo
Shubham Sharma

Interested in tech, gaming, cyber-security, anime, and more

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status