Researchers used a laser to hack Alexa and other voice assistants

Nov 5, 2019, 10:05 AM

google smart speaker alarm...

A Google Home smart speaker sits on a kitchen counter in a photo taken on January 9, 2019. Full credit: Olly Curtis/Future via Getty Images

(CNN) — Usually you have to talk to voice assistants to get them to do what you want. But a group of researchers determined they can also command them by shining a laser at smart speakers and other gadgets that house virtual helpers such as Amazon’s Alexa, Apple’s Siri and Google’s Assistant.

Researchers at the University of Michigan and Japan’s University of Electro-Communications figured out they could do this silently and from hundreds of feet away, as long as they had a line of sight to the smart gadget. The finding could enable anyone (with motivation and a few hundred dollars’ worth of electronics) to attack a smart speaker from outside your house, making it do anything from playing music to opening a smart garage door to buying you stuff on Amazon.

In a new paper, the researchers explained that they were able to shine a light that had a command encoded in it (such as “OK Google, open the garage door”) at a microphone built into a smart speaker. The sounds of each command were encoded in the intensity of a light beam, Daniel Genkin, a paper coauthor and assistant professor at the University of Michigan, told CNN Business on Monday. The light would hit the diaphragm built into the smart speaker’s microphone, causing it to vibrate in the same way as if someone had spoken that command.

The researchers exploited the vulnerability in tests to do things like trigger a smart garage door opener and ask what time it is.

A list of devices that the researchers tested and said are vulnerable to such light commands includes Google Home, Google Nest Cam IQ, multiple Amazon Echo, Echo Dot, and Echo Show devices, Facebook’s Portal Mini, the iPhone XR, and the sixth-generation iPad. Smart speakers typically don’t come with any user authentication features turned on by default; the Apple devices are among a few exceptions that required the researchers to come up with a way to work around this privacy setting.

The findings could concern consumers, as well as the companies that offer voice assistants. Over the past five years, the market for assistant-using smart speakers — Amazon’s Alexa and its Echo smart speakers in particular — has ballooned. According to data from tech market researcher Canalys, companies shipped 26.1 million smart speakers in the second quarter. Amazon is sitting on top of this market: Canalys reports Amazon shipped a quarter of these speakers, or an estimated 6.6 million between April and June.

The cost for anyone to do likewise could be less than $400: On a website related to the work, researchers outline the equipment needed, which includes an under-$20 laser pointer, a $339 laser driver, and a $28 sound amplifier.

“If you have a laser that can shine through windows and across long distances — without even alerting anyone in the house that you’re hitting the smart speaker — there’s a big threat in being able to do things a smart speaker can do without permission of the owner,” said Benjamin Cyr, a graduate student at the University of Michigan and a paper coauthor.

Researchers said the Google Home device and first-generation Echo Plus could be commanded over the longest distance: 110 meters (about 361 feet). The researchers said that distance was the longest area they could use (a hallway) when conducting tests.

The researchers noted that they haven’t seen this security issue being taken advantage of. One way to avoid any potential issues, though, is to make sure your smart speaker can’t be seen by anyone outside your home.

Researchers said the weakness can’t truly be fixed without redesigning the microphones, known as MEMS microphones, that are built into these devices, however, which would be a lot more complicated. Takeshi Sugawara, a visiting scholar at the University of Michigan and the paper’s lead author, said one way to do this would be to create an obstacle that would block a straight line of sight to the microphone’s diaphragm.

Gekin said he contacted Google, Apple, Amazon and other companies to address the security issue.

A Google spokesperson said the company is closely reviewing the research. Apple declined to comment. Amazon did not respond to a request for comment at the time of publication.

The-CNN-Wire
™ & © 2019 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.

We want to hear from you.

Have a story idea or tip? Send it to the KSL NewsRadio team here.

A hiker who was struck by lightning and then fell from the east summit of Twin Peaks has died. Salt...

Becky Bruce

Body of hiker found after lightning strike, fall

Search and rescue crews recovered the body of a hiker who was struck by lightning, then fell near the east summit of Twin Peaks, above Snowbird Ski Resort.

10 hours ago

This Google Maps screenshot shows the location of the Sunglow Campground near Bicknell, Utah, where...

Becky Bruce

Provo Fire Captain and four family members found dead after Wayne County flash flood

Wayne County Sheriff Micah Gulley says a flash flood swept up five family members who were there to hike and go canyoneering.

12 hours ago

Damage from the Cottonwood Fire can be seen from Highway 153 in Beaver County on Thursday, July 9, ...

Heather Peterson

Beaver County suffers from loss of tourism due to Cottonwood Fire

The Cottonwood Fire is ruining summer tourism in Beaver County, as businesses and county leaders grapple with the lost income.

1 day ago

FILE - This photo provided by the U.S. Geological Survey shows polymetallic nodules in a sample fro...

Dánica Coto, Associated Press

The US plans to auction off sections of water around American Samoa in a push for deep-sea mining

The U.S. government plans to auction off massive sections of water surrounding American Samoa for potential deep-sea mining in an unprecedented move expected to draw criticism from many countries.

1 day ago

A woman flashes a victory sign while walking at Tehran's traditional main bazaar, Iran, Thursday, J...

Jon Gambrell, Associated Press

US and Iran escalate strikes across Mideast; bridges and a water plant hit

The US and Iran escalated attacks across the Middle East on Friday, trading strikes aimed at infrastructure and military targets as their battle over the Strait of Hormuz intensified.

1 day ago

Jon Anderson speaks after being named as Utah Valley University's next president on Friday. The Uta...

Logan Stefanich, KSL

‘Best days at UVU are ahead’: Jon Anderson appointed president at Utah Valley University

The Utah Board of Higher Education on Friday voted unanimously to appoint Jon Anderson as the next Utah Valley University president.

1 day ago

Sponsored Articles

...

Bear Lake

Road trip ready: How Bear Lake became the go-to destination for Western U.S. travelers

Whether you are chasing pristine beaches, fresh raspberry shakes, or endless water sports, this sponsored guide—brought to you in partnership with Bear Lake —uncovers everything you need to plan the ultimate getaway.   There’s nothing quite like the thrill of hopping in the car with your favorite snacks in tow and heading out for a […]

...

Harper Clinic

A new standard of care: How Harper Clinic’s IOP is changing the face of mental health treatment in Utah

This article is sponsored by Harper Clinic, a Utah-based clinic offering FDA-approved TMS therapy for treatment-resistant depression.    Utah’s mental health crisis is leaving many residents caught in an uncomfortable middle ground: struggling too much for weekly therapy alone, but unable to step away from work, parenting or daily life for inpatient treatment. As demand […]

...

Harper Clinic

Breaking free from depression: How Harper Clinic’s TMS Therapy can help

This article is sponsored by Harper Clinic, a Utah-based clinic offering FDA-approved TMS therapy for treatment-resistant depression.    The weight of depression is real. Many people spend years fighting it, adjusting medications, managing side effects and wondering if this is simply how life is going to feel.   According to the World Health Organization, depression affects […]

mental health...

Andrew Adams, KSL

Library discussions bring men’s mental health to the surface

Therapists say it’s common for men to repress things like trauma, grief, stress and anxiety. Now, a new weekly series of discussions aims to help men bring it all to the surface.

...

Bear Lake Convention & Visitors Bureau

Cozy up in Bear Lake: Discover the magic of a winter getaway

SALT LAKE CITY – The holiday season shines brightest when time slows down and loved ones gather. Gifts, decorations and festive music come and go, but shared experiences tend to last much longer. Research supports that idea. Dr. Theresa E. DiDonato told Psychology Today that vacations can strengthen relationships by creating meaningful time away from daily […]

...

Harper Clinic

Rewriting the path to healing: Inside Harper Clinic’s whole-person mental health model

OREM — A few decades ago, you’d have had a hard time finding a doctor to treat both your mind and body; And a century ago, you’d have been hard-pressed to find a doctor to treat your mind at all. Today, medical professionals are understanding more and more the undeniable connection between the body and […]

Researchers used a laser to hack Alexa and other voice assistants