I’m sure that when the first prototypes of today’s smart speakers were demonstrated it probably felt like part of the bright, shiny future from Star Trek: Next Generation had arrived. Finally we were going to have the modern-day equivalent of Majel Barrett politely making things happen just with the power of our voice. It’s taken a few years for the devices to gain a toe-hold in the home, and they have come with their fair share of problems. In a recent addition to the pile, hackers have discovered a security flaw in the basic hardware design of voice-controlled devices, including smartphones and tablets, that allows them to be exploited at a distance via this feature using a simple laser pointer.
“Alexa, buy blackout curtains.”
In a paper published on Nov 4, a team of academic researchers revealed that by using a focused beam of light they could trick Alexa, Siri and Google Voice controlled devices into acting as if they had received an actual voice command. The researchers were able to mimic sound waves using light pulses that were directed at the device’s microphone diaphragm, and they demonstrated this capability across hundreds of feet through windows and even obstructions on the mic itself. They were able to get the devices to perform tasks that it normally had access to, such as turning lights on and off, opening garage doors, unlocking smartlocks on doors and cars, and even purchasing items online.
What does this mean for you?
If you have a voice-activated device that can control access to things you don’t want strangers accessing, either make sure your device is not in view of any open window, or disable that function. Most smart speaker devices have a way to disable voice control – something you may want to consider engaging when you leave your “smart” speaker unattended. Unfortunately, the nature of this weakness is something that (probably) cannot be fixed by a firmware update as it’s exploiting a core component of the microphone’s analog to digital process. At the moment, there are no documented incidents of this sort of hack occurring “in the wild,” but now that the news is out, it may be time to tuck those devices into a drawer for the time being.
Image courtesy of Miles Stuart from FreeDigitalPhotos.net