A team of cybersecurity experts has found an ingenious method to remotely inject inaudible and indiscernible commands into voice-controlled devices — all just by shining a laser at the targeted device instead of using verbal words.
Called ‘Light Commands,’ the hack depends on a susceptibility in MEMS microphones entrenched in extremely popular voice-controllable systems that accidentally respond to light.
Experiments conducted by a team of experts from Japanese and Michigan Universities suggest that a remote attacker standing at a distance of numerous meters away from a device can secretly activate the attack by just moderating the amplitude of laser light to produce an audio pressure wave.
“By modulating an electrical signal in the intensity of a light beam, attackers can trick microphones into producing electrical signals as if they are receiving genuine audio,” the researchers said in their paper.
The method eventually lets attackers insert commands as a genuine user, so the effect of such an attack can be assessed based on the level of access your voice assistants have over other associated devices or facilities.
Hence, with the light commands attack, the attackers can also capture any digital smart systems attached to the beleaguered voice-controlled assistants.
In addition to longer-range devices, experts could also test their attacks against various smartphone devices that use voice assistants.
The maximum range for this attack hinges upon the power of the laser, the strength of the light, and certainly, your targeting abilities. What’s more, the range of the attack can be further decreased by physical barriers such as windows and the absorption of ultrasonic waves in the air.