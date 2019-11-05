LASERS ARE PRETTY COOL but we'd have never thought they could be used to hack Alexa, Siri and Google Assistant-loaded smart speakers.

But that's what a bunch of researchers have managed to do, as detailed in their paper Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems.

The clever folks came up with a hack called Light Commands which allows voice commands to be zapped into the likes of the Google Home and Amazon Echo through low-powered lasers.

By exploiting a vulnerability in microphones that make use of micro-electro-mechanical systems (MEMS), the researchers were able to get the smart speakers to unintentionally respond to the light as if it were sound.

By calibrating the lasers to match the frequency of a human voice, the boffins were effectively able to beam commands to a selection of smart speakers as well as an iPhone and a pair of Android devices.

The researchers don't currently know how the microphones actually interpret light as sound, but nevertheless, it happens, opening up a new way in which such smart home devices and virtual assistants could be hacked and exploited.

Laser range and line-of-sight do play a part here, with some speakers needing a precise part of them to be lasered. But in some cases, it just required the speaker to be effectively bombarded with laser light. Infrared lasers also work in some cases, allowing for a light that's invisible to the human eye to be potentially used in stealthy hacks.

The range for the laser-based smart device zappery, er, ranged from 16 feet to some 250 feet away, with a laser being fired through a window of an opposite building.

So there is potential for some high-tech criminal to trick a smart speaker into opening up smart locked doors to sneak into a home and burgle the heck out of it.

However, that would require specialist laser equipment and an academic-level of laser knowledge, something we don't reckon the average garden variety burglar has.

But the laser attack does demonstrate how certain smart devices have inherent flaws built into them and highlights how many smart voice-controlled systems don't have any authentication requirements built into them and are therefore more vulnerable to clever exploits. µ