It is possible to manipulate smart speakers with laser. Cybersecurity researchers the University of Michigan (USA) have shown that pointing a high-power laser to the microphone of an iPad can alter the configuration of the device. This occurs because the iPad's microphone converts the laser light into an electrical signal at the same frequency as the speaker owner's voice. When this happens, the cybercriminal can open the door of his garage or that of his car.
Speakers and voice assistants have a microphone that works with a membrane that vibrates when people make sounds. “We modulate the pressure in the air and the sound waves that reach the microphone membrane vibrate. These vibrations become an electrical impulse, that is, sound. Then, an electronic system interprets the sounds ”, explains Luis Viña, professor of materials physics at the Autonomous University of Madrid (UAM).
Violate outside smart speakers It is an easy task for any physicist or engineer With knowledge in light and sound. Researchers have shown that at 100 meters the speaker's screen can be illuminated so that the light strikes the microphone membrane. “Since the laser has photons and energy, it heats and vibrates the microphone membrane. The more intense the laser, the more it heats the membrane and the more it vibrates and the less intense it makes it vibrate moderately, ”says Viña. That is, when heated it expands and contracts, which is the same if sound waves arrive.
If cybercriminals are capable of producing modulations of that acoustic signal, then they only have to do a Fourier analysis. This system is based on ordering frequencies by intensity. "You modulate the laser in the same way, you reproduce the intensity and instead of creating sound waves you create light waves that produce vibrations exactly the same as the voice of the owner of an intelligent speaker," Viña confirms.
You modulate the laser in the same way, you reproduce the intensity and instead of creating sound waves you create light waves that produce vibrations exactly the same as the voice of the owner of an intelligent speaker
However, researchers are not convinced that this is the method by which the device is violated and leave a second possibility open. The laser reaches an electronic device and has a photovoltaic effect. That is, the absorption of photons creates an electric current. “However, if this were the cybercriminal method, it should be very accurate and know where the membrane is exactly. Therefore, the first theory seems closer to what can happen, ”says Viña.
He hacking It can be carried out with a green or blue light laser. Although it can also be done with infrared lasers, they have the advantage of not being seen. However, they are very dangerous since if an eye interposes between the beam of light and the device it could burn the retina.
Google says it is not easy for these types of cybercriminals to act regularly, but they are following this investigation very closely. "Protecting our users is paramount and we are always looking for ways to improve the security of our devices," says a Google spokesperson. Another company that could be affected is Amazon. "Customer trust is our top priority and we take very much Seriously, your safety and that of our products. We are analyzing this research and continue working with the authors to better understand the details of their work ”, Amazon sources point out.
The only thing that a user can do is to place the devices out of the visible range from the outside of the house, thus avoiding remote manipulation by this method
However, experts say that it is an extremely dangerous vulnerability, not only for everything that a cybercriminal can do, but because, from the point of view of cybersecurity, little can be done from the user position, since they do not exist specific techniques of prevention and protection against such attacks. All they can do is place these devices out of the visible range from outside the home, thus avoiding remote manipulation by this method.
Therefore, they should be attentive to updates of the software of these devices to be able to patch this vulnerability. “In the future, manufacturers could include voice fingerprint recognition to prevent this malicious use or selective authentication of orders that are made through these systems, for example, to place orders, to prevent accidental or malicious use of This type of orders. However, as a result of this fact, the agility and ease of use inherent in these devices will be lost, ”explains Eusebio Nieva, CheckPoint technical director in Spain and Portugal.
Apart from this vulnerability, a security breach was discovered a few months ago that allowed cyber attackers to spy on the conversations of thousands of users of smart speakers from both Google and Amazon. In addition, it allowed to extract personal information such as conversations or passwords. "On some Google devices a bug (error or defect in the software) by which a record of any type of audio was made without notice or prior consent. In addition, it is important to remember that some manufacturers of these systems have recognized that they store for a while the vocal communications of millions of users in order to improve the accuracy of the devices, ”concludes Nieva.
(tagsToTranslate) laser (t) allow (t) hack (t) assistant (t) voice (t) smart speaker (t) (t) command (t) light (t) to be able (t) to send (t) order ( t) device (t) activate (t) talk