Smart home devices have been hit with dozens of attacks from hackers trying to infiltrate your smart hubs, smart cameras, doorbells and more. Now, researchers at the University of Michigan and the University of Electro-Communications in Tokyo have revealed a new and unlikely kryptonite for smart home assistants: Laser pointers.
How can a hacker using a laser pointer accomplish this? The microphones in devices like Google’s Home, Amazon’s Echo and Apple’s HomePod translate sounds from your voice into electrical signals to communicate your commands. One of the lead researchers Takeshi Sugawara explained to Wired.com that microphones will react the same way under focused light.
“It’s possible to make microphones respond to light as if it were sound. This means that anything that acts on sound commands will act on light commands,” Sugawara said.
With a 60 milliwatt laser, researchers were able to communicate commands to 16 different smart hubs, smartphones and other voice-enabled assistants. Almost all smart speakers involved in the study registered the commands from the maximum tested distance of 164 feet away. Android and Apple smartphone devices proved more difficult, only registering commands within a range of 16 feet and 33 feet, respectively.
Shockingly, using just a store-bought 5 milliwatt laser, researchers were able to control a Google Home and a first generation Echo Plus from 361 feet away. Researchers were also able to successfully manipulate a Google Home through a window from 250 feet away. Other tested devices failed to register commands at these frequencies and distances.
So, why should I care?
Now that American consumers have integrated smart home devices into every aspect of their lives, this newly-discovered laser hack has the potential to wreak havoc on user privacy. From disabling smart locks to accessing live smart camera footage, the possibilities are endless and terrifying, according to University of Michigan researcher, Sara Rampazzi.
“You can hijack voice commands. Now the question is just how powerful your voice is, and what you’ve linked it to,” Rampazzi said.
While Apple and Facebook have remained silent on the issue, major smart device retailers like Google and Amazon ensure they’re addressing concerns accordingly.
A spokesperson for Google told Wired that it would be closely reviewing this research paper.
“Protecting our users is paramount and we’re always looking at ways to improve the security of our devices.”
Amazon expressed similar sentiments and ensured a review and follow up of the research.