A group of researchers from the University of Michigan ( United States ) has announced, through a project presented this Monday, that it has found a way to hack the main smart speakers on the market through a simple laser pointer. From Amazon Echo to Apple HomePods or Google Home.
All this through a beam of light that is able to simulate the voice through a sine wave. Speaking to Wired, the technician, Takeshi Suguwara, has revealed that a simple laser pointer can make microphones respond to light as if it were sound: “This means that anything that works with sound commands will work with commands of light”.
In order to reinforce their theory, researchers have presented a series of experiments. In the first of them, those responsible for this project used a 60 milliwatt laser at a maximum of 50 meters away.
After completing the test, the researchers concluded that the speakers were manipulable at any distance. But not only that. Also that an iPhone can be controlled about 10 meters away and two Android mobile phones no more than five.
After this first experience, the researchers placed a five milliwatt laser pointer 110 meters from their target. Although most tests failed, the scientists managed to record several voice commands on some devices . In this way, they were able to perform actions such as opening a garage door or making purchases online, for example.
How to Hack a Smart Speaker using a Laser Pointer
To make this possible , the researchers directed the laser to the microphone diaphragm .After it overheats, as The New York Times picks up , the microphone expands the air around it and creates a pressure increase just as the sound would.
Meanwhile, Wired believes that the components of these devices may not be completely opaque. In this way, the light would pass through the microphone and activate the chip that translates the vibrations into an electrical signal.
The researchers say they can manipulate the main smart speakers due to a vulnerability of microphones that use MEMS technology (microelectromechanical systems). Why? Basically because they respond to light as if it were a sound. For that same reason, researchers have notified the problem to companies such as Tesla, Ford, Amazon, Apple and Google, who are already working on a solution.
How to resolve the security breach
As they explain in their study, different companies should redesign the microphones to remedy the problem . Until then, cybercriminals could access an intelligent speaker by changing the intensity of the laser to a specific frequency and pointing to the micro of the device. This would interpret the lightning as if it were a sound emitted by the user and interpret its action.
However, hacking these types of assistants is not easy. For this to be possible, the attacker needs a laser device and specialized equipment capable of modulating the lightning frequency.
But not only that. You should also know how to do it and manage to focus the laser directly on the mic. Therefore, and although it is not as simple as it seems, there is a security breach in which the main technology companies are already working.