Light shone on the ease of hacking Siri, Alexa
SAN FRANCISCO — Since voicecontrolled assistants were introduced a few years ago, security experts have fretted that systems such as Apple’s Siri and Amazon’s Alexa were a privacy threat and could be easily hacked.
But the risk presented by a cleverly pointed light was probably not on anyone’s radar.
Researchers in Japan and at the University of Michigan said Monday they found a way to take over Google Home, Amazon’s Alexa or Apple’s Siri devices from hundreds of feet away by shining laser pointers, and even flashlights, at the devices’ microphones.
In one case, they said, they opened a garage door by shining a laser beam at a voice assistant that was connected to it. They also climbed 140 feet to the top of a bell tower at the University of Michigan and successfully controlled a Google Home device on the fourth floor of an office building 230 feet away. And by focusing their lasers using a telephoto lens, they said, they were able to hijack a voice assistant more than 350 feet away.
Opening the garage door was easy, the researchers said. With the light commands, the researchers could have hijacked any digital smart systems attached to the voice-controlled assistants. They said they could have easily switched lights on and off, made online purchases or opened a front door protected by a smart lock. They even could have remotely unlocked or started a car that was connected to the device.
The computer science and electrical engineering researchers released their findings in a paper Monday. They said they notified Tesla, Ford, Amazon, Apple and Google to the light vulnerability.
There is a commonsense solution to the light vulnerability: If you have a voice assistant, keep it out of the line of sight from outside, according to the findings.