Cybersecurity researchers from the United States and Japan have shown a way to remotely activate voice assistants using a laser. Using a directional beam, they were able to use all the functions of the devices: from online shopping to managing smart home locks. This is stated in a study conducted by teams from Japan and the University of Michigan.
According to the report, cybercriminals can remotely activate devices with voice assistants like Siri and Alexa. As the researchers found out, for this it is enough to encode the command into the laser and direct it to the microphone of the “smart” speaker.
Usually, when activated by voice, the iris of the device’s microphone starts moving and creates electrical signals that the speaker software recognizes. However, if you send a beam of light to the microphone, then the command can be said without a voice – the diaphragm will move as usual.
During testing, the researchers found that they could “hack” Siri and Alexa speakers up to 110 meters – this is the longest corridor they could find. They were also able to control the devices by directing light through the window of a neighboring building from a distance of 70 meters.
According to the researchers, anyone can buy the necessary equipment to repeat the experiment – it will cost less than $ 400 (about 25 thousand rubles). For attacks from a greater distance, a telephoto lens will be required, so the cost can grow up to 600 dollars .