With a Laser, Researchers Say They Can Hack Alexa, Google Home or Siri (nytimes.com) 65
Researchers in Japan and at the University of Michigan said Monday that they have found a way to take over Google Home, Amazon's Alexa or Apple's Siri devices from hundreds of feet away by shining laser pointers, and even flashlights, at the devices' microphones. The New York Times reports: In one case, they said, they opened a garage door by shining a laser beam at a voice assistant that was connected to it. They also climbed 140 feet to the top of a bell tower at the University of Michigan and successfully controlled a Google Home device on the fourth floor of an office building 230 feet away. And by focusing their lasers using a telephoto lens, they said, they were able to hijack a voice assistant more than 350 feet away. Opening the garage door was easy, the researchers said. With the light commands, the researchers could have hijacked any digital smart systems attached to the voice-controlled assistants.
They said they could have easily switched light switches on and off, made online purchases or opened a front door protected by a smart lock. They even could have remotely unlocked or started a car that was connected to the device. The researchers, who studied the light flaw for seven months, said they had discovered that the microphones in the devices would respond to light as if it were sound. Inside each microphone is a small plate called a diaphragm that moves when sound hits it. That movement can be replicated by focusing a laser or a flashlight at the diaphragm, which converts it into electric signals, they said. The rest of the system then responds the way it would to sound. While the researchers said they had notified several companies to the light vulnerability, most microphones would need to be redesigned to remedy the problem. And simply covering the microphone with a piece of tape wouldn't solve it.
The findings of the vulnerability can be found here.
They said they could have easily switched light switches on and off, made online purchases or opened a front door protected by a smart lock. They even could have remotely unlocked or started a car that was connected to the device. The researchers, who studied the light flaw for seven months, said they had discovered that the microphones in the devices would respond to light as if it were sound. Inside each microphone is a small plate called a diaphragm that moves when sound hits it. That movement can be replicated by focusing a laser or a flashlight at the diaphragm, which converts it into electric signals, they said. The rest of the system then responds the way it would to sound. While the researchers said they had notified several companies to the light vulnerability, most microphones would need to be redesigned to remedy the problem. And simply covering the microphone with a piece of tape wouldn't solve it.
The findings of the vulnerability can be found here.
Re: (Score:2)
The neighbors might notice a giant ass speaker yelling out "HEY, SIRI, OPEN THE GARAGE DOOR!" and call the cops.
Re: (Score:1, Redundant)
UHM, why hasn't this guy been banned yet?
Re: (Score:1)
Lol. Yeah, that "anonymous coward" guy keeps posting trashy troll posts all over the place.
Or did you mean Trump....banned from America?
Re: (Score:2)
Anonymous Cowards have to be logged in these days to post anonymously.
Re: (Score:1)
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
"burn a hole through the garage", that's some laser pointer you are dreaming of.
Why not tape? (Score:5, Funny)
Why wouldnt tape solve it?
Wrap the whole thing in duct tape, then throw it in the garbage.
Re: (Score:2)
Re: (Score:2)
...and off goes a device with lots of your person data, to who-knows where.
As if the Cloud Overlords would ever entrust you (the product) with control of its own by-product.
All data is moved or synced in damn-near-real-time (also known as the Speed of Profit) to the system that can make yet another product out of their data. Digitally, we own nothing anymore. Refer to any one of the dozens of legal documents behind the words "I Agree" for further evidence.
And there is likely nothing of value sitting on that disposable piece of IoT.
Re: (Score:3)
Wow, you don't trust anyone, even the garbage guys.
there is very minimal person data on these devices, it's comfortably resting on an amazon server that everyone in China already has access to.
Re: (Score:2)
More seriously, you can get foil tape cheap at any hardware store. It's used for joining sheets of continuous foam insulation, or for mylar bubble wrap insulation commonly used on ducting. I can't see how that wouldn't solve this problem, even if (for example) black electrical tape wouldn't do the job.
Maybe putting clear tape over the mic hole wouldn't help, that would make sense, but "tape" covers a lot of... er, ground.
Re:Why not tape? (Score:5, Funny)
Using foil to block out unwanted signals. This seems very familiar.
Re: Why not tape? (Score:1)
Of sharks with lasers..? Or their overlords?
Asking for a friend...
What about a loudly amplified voice? (Score:2)
I stand outside your home -- perhaps hundreds of feet away -- and say "Hey Google, purchase expensive item X." If my voice is amplified enough, the unit will hear me through the wall and execute my voice command, will it not?
Although a voice sounds muffled when passing through a wall, I could compensate by adjusting an equalizer to boost the attenuated frequencies.
This hack is easier if you left your window open to admit a cool evening breeze.
Re: (Score:1)
It becomes worse if the owner of the place is away on vacation.
It becomes double worse if you can convince Alexa that you need one hour delivery.
Or how about "ALEXA, DISARM THE SECURITY SYSTEM AND UNLOCK THE FRONT DOOR". Crazy what people have hooked up to their smart homes these days. "ALEXA, START THE CAR."
Re: (Score:2)
Why not just make sure the mic doesn’t face the window, ffs.
Re: (Score:2)
I don't know about the others, but for the Echo you'd need to be almost directly above it to look down the pores in the top above the microphone. As long as you don't set the thing on the window sill or at an angle there isn't much risk. Still, it's a cool hack.
Re: (Score:1)
If I can physically touch your window (suburbs), I can probably also hook a speaker to it to where Alexa would hear my commands through the window.
Re: Why not tape? (Score:2)
This Is A Feature, Not A Bug (Score:2, Funny)
Re: (Score:1)
Lazy home (Score:5, Insightful)
Re: (Score:2)
It's not a smart home, it's a lazy home. Anyone who trusts their house to a corporation and the cloud deserve what they get for being stupid and lazy.
So far.. I trust a few lights with switches for "override"
Re: (Score:2)
There is a publicly-funded radio station in my area that's hyping the daylights out of smart speakers. They don't favor any brand that I can tell, but it seems there is some kind of strong incentive behind it. They won't STFU about those things. Very odd.
Re:Lazy home (Score:4, Insightful)
That publicly-funded radio station is happy to push the good news about a mic that's always on...
The gov gets an actual person count in the home, voice prints, accents, language use, real time changes to slang use in that community.. . the topics and words and terms not used on other networks.
All the sounds. Medical problems mentioned... when a person sleeps, how long they sleep... any changes to working hours... the role of a cult, faith, support for another nation.
The voice prints of criminals, illegal migrants, citizens who got detected talking in war zones while supporting banned groups... last "holiday" by the security services...
Who are now back home.
Re: (Score:2)
Re: (Score:2)
Google does actually offer protection from this. You can configure your devices to only activate when your voice is heard, not anyone else's. I don't know how accurate it is because I don't have one to try with, but it should be reasonably effective against random opportunistic attacks like this.
Still wouldn't buy one but at least Google has attempted to block this kind of attack. No idea about the other two.
Re: (Score:2)
That's covered in the FAQ.
Moreover, even if enabled, speaker recognition only verifies that the wake-up words (e.g., "Ok Google" or "Alexa") are said in the owner's voice, and not the rest of the command. This means that one "OK Google" or "Alexa" spoken by the owner can be used to compromise all the commands. Finally, as we show in our work, speaker recognition for wake-up words is often weak and can be sometimes bypassed by an attacker using online text-to-speech synthesis tools for imitating the owner's
Counter hack... (Score:1)
Thing about sound-by-laser is that it's going to leave a mark on the building... so notice two attacks to solve for the location of the hacker, send police over, notice stolen stuff on eBay...
Re:Counter hack... (Score:4, Insightful)
What mark? Laser pointers leave no mark.
Re: (Score:2)
But according to movies, all laser beams burn things or are sniper scopes.
Re: (Score:2)
No criminals know to look for strange changes to walls.
Lasers trigger many things (Score:2)
Re: (Score:2)
like motion sensors in places like banks...just saying.
If you can hit them directly, yes, but I've found that most motion sensors have a sensor cover that blocks or diffuses the light from a pointer or laser sight. Something stronger would probably trip it.
No problem, I'm protected (Score:4, Insightful)
No problem, I'm protected from this (at least at home) because I didn't buy a smart gadget.
Re: (Score:2)
I'm safe because I don't live in Japan or Michigan.
Not alone (Score:3)
I don't have a smart gadget plugged in, but I have friends and family. So, you know, me personally not being hurt isn't the only concern I have.
This has implications... (Score:2)
I read TFA, but not with rapt attention.
To move a microphone diaphragm requires mass -- air beating against it, for example. Sound waves.
Are they implying that photons have mass? I thought it was settled that photons are massless?
You need to *move* the diaphragm. I mean theoretically I guess it's possible, anyone who has had a radiometer on their desk has seen it move when enough light hits the vanes.
Color me skeptical on this claim.
Re: (Score:1)
Re: (Score:1)
Re:This has implications... (Score:4, Informative)
It doesn't require mass, momentum is enough, and light waves do carry momentum. However, the pressure from light is absolutely negligible, unless you're talking about megawatt+ lasers. More likely either a) the light heats the (very thin and sensitive) diaphragm, causing it to contract as if being hit by sound waves, or b) some of the electronics in the microphone are themselves sensitive to light directly (basically, something is acting as a photodiode). The paper suggests it's the former (the laser light is causing actual physical mechanical modulation of the microphone) by showing the induced signal largely vanishes when they apply transparent glue to the diaphragm, which is pretty convincing but doesn't completely rule out some optoelectrical effect.
Re: This has implications... (Score:2)
Perhaps some piezoelectric transducer that is also light sensitive?
Re: (Score:2)
These are MEMS microphones, not diaphragm style.
I'm guessing light shining on the active circuitry with the photovoltaic effect is triggering the microphones.
Maybe I should read the full paper? Nah.
Re: (Score:3, Informative)
I had never heard of a MEMS microphone before, so I had to look it up. Sounds neat. I would like to hear comparisons between them and electrostatics or condensers.
From EDN [edn.com]
MEMS microphones use acoustic sensors that are fabricated on semiconductor production lines using silicon wafers and highly automated processes. Layers of different materials are deposited on top of a silicon wafer and then the unwanted material is then etched away, creating a moveable membrane and a fixed backplate over a cavity in the base wafer. The sensor backplate is a stiff perforated structure that allows air to move easily through it, while the membrane is a thin solid structure that flexes in response to the change in air pressure caused by sound waves.
Changes in air pressure created by sound waves cause the thin membrane to flex while the thicker backplate remains stationary as the air moves through its perforations. The movement of the membrane creates a change in the amount of capacitance between the membrane and the backplate, which is translated into an electrical signal by the ASIC.
Re: (Score:3)
I had never heard of a MEMS microphone before, so I had to look it up. Sounds neat. I would like to hear comparisons between them and electrostatics or condensers.
There's only one mike to compare it to. U-47.
https://en.wikipedia.org/wiki/... [wikipedia.org]
And i'm intensely curious about this. Hi-Fi, recording, that kinda thing is a strong side interest of mine.
MEMS vs.Old-School. I wonder.
They've published enough that someone can replicate this.
Re: (Score:3)
Do you have a cell phone or have you ever talked over a phone to someone using one?
If you have you're heard a (badly compressed) MEMS microphone.
Re: (Score:2)
Do you have a cell phone or have you ever talked over a phone to someone using one?
If you have you're heard a (badly compressed) MEMS microphone.
My iphone 5s wasn't *too* terrible.. i had th eoccasion to play back recordings made on the phone, both audio only and video with sound, and they were more than OK.. but none of it was music. One was a circular table saw that I thought sounded magnificent!
Others were shots fired at an indoors range, and that was mostly OK too.. bit of clipping, dunno if mike or lack of headroom was to blame.
Yet others were of DC-3s passing overhead, placed I worked at was right under the approach for Opa-Locka, which is mo
Re: (Score:1)
Re: (Score:2)
That's kind of a poor comparison because phones tend to have a frequency range up to 4000 Hz
Don't have the time or inclination to test it right this second, but that circular saw had hi-freq content from dc to daylight. Obnoxious doesn't even start to describe it.
I don't think the microphones on these are as limited as you think they are. Phone conversation, sure -- wasn't the bell standard 300 to 3400 Hz? But that doesn't mean the device's mike is limited to that century+ standard.
I've done wifi calling on my iphone 8, it's freaky hi-fi if the other end is ip phone. IP to IP is freaky crysta
Re: (Score:1)
from dc to daylight
All right. You've piqued my interest. I need to take some time and decide what's up with these mics. I appreciate your input.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Nah, the Sure SM57 or SM58 is the standard.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
I don't think so (Score:1)
So Google just sent me a Google Home device for free. I mean how bad do they really want to spy on me, and how much must my meager personal data be worth to them that they'd send me a $50 gizmo gratis just so they could listen in?
I don't plan on hooking it up, but my wife is so suspicious that she actually put it in the garage, saying, "Just because it's not plugged in doesn't mean they can't activate it and listen."
I'm thinking of putting it next to my 8 year-old Australian cattle dog's bed so they can li
Ductape removal... (Score:2)
CHANGE WAKE WORD! (Score:2)
In the news... (Score:2)
People shocked that device which listens to everything you say can somehow be used nefariously.