A recent report alleges that digital assistants such as Apple’s Siri, Amazon Alexa, and Google Assistant can be hijacked with cheap laser pointers.
Business Insider reports that a team of researchers from Tokyo’s University of Electro-Communications and the University of Michigan claim to have discovered a way to “hijack” voice-enabled devices by shining a laser at the microphones of the devices.
Researchers discovered that the most in some of the most popular smart speakers, a bright laser shined at the speaker’s microphone was interpreted as sound. The researchers wrote: “Thus, by modulating an electrical signal in the intensity of a light beam, attackers can trick microphones into producing electrical signals as if they are receiving genuine audio.”
The researchers tested smart-speakers from all major tech firms, the full list of devices includes: “Google Home, various Amazon Echo models, the Apple HomePod, and Facebook’s Portal speaker, which runs Alexa. They also tested an iPhone XR, a Samsung Galaxy S9, and a Google Pixel 2.”
The devices reportedly varied in how vulnerable they were to hijacking, but all were able to be hacked. Researchers found that they could hijack tablets, phones and speakers from some distance away, even hijacking a Google Home speaker from as far away as 110 meters.
Researchers noted that some Android smartphones, the iPhone and iPad needed addition authentication or a “wake word ” from a user in order to perform certain actions, but many smart speakers don’t have this extra layer of authentication. Researchers used laser pointers ranging in price from $13.99 to $17.99 to test the devices. Though it was noted that in order to give specific instructions, the laser pointers required an extra $27.99 sound amplifier and a laser driver device to control the beam intensity which costs $339.
Watch a video below of the hijacking taking place:
A Google spokesperson told Business Insider: “We are closely reviewing this research paper. Protecting our users is paramount, and we’re always looking at ways to improve the security of our devices.”
Amazon also echoed Google’s sentiment stating: “Customer trust is our top priority and we take customer security and the security of our products seriously. We are reviewing this research and continue to engage with the authors to understand more about their work.” Apple declined to comment.