Light-commands for Alexa, Siri and Google Home

Light-commands for Alexa, Siri and Google Home

I always have a paper to read on my trip into work in the morning, and this week it is [here]:

The paper outlines that Siri, Alexa and Google Home can have commands (Light Commands) injected using a laser. In their experiment the researchers show how a laser can be focused onto device which is 360 feet away, and get it to respond to commands. This means that devices near a window could be vulnerable to the attack, or where there must be a direct line-of-sight connection. At the core of the attack is the usage of MEMS (micro-electro-mechanical systems), and where microphones respond to light in a way that matches sound. Basically the laser is focused on microphone, and where it produces an acoustic pressure wave:

The researchers were even able to brute force a PIN code on the devices. An outline of the attack is:

A building-to-building attack involved a laser being sourced in a tower, and then targeted on a Google Home device within an office building:

Conclusions

Well. I love research, as you just never know what’s coming along next. In our research we investigate side channels, and which are ways to discovering encryption keys from the electrical signals generated by devices and from the radio signals emitted by them. The concept of lasers “speaking” to devices is a scary attack, and researchers will be searching for applications into other devices.