LARCENY WITH A LASER
Hacking Smart Speakers with Laser Light
You have a microphone listening to you right now. If I say, “Alexa, set a reminder to buy groceries”, it’ll probably work for a small percentage of people. But what’s terrifying, is there are ways to get signals into these microphones that you might not know about.
Smart homes are secure. Right?
Smart home speakers are equipped with MEMS (Micro Electro Mechanical System) microphones. These are mostly of two types: one consists of a diaphragm which functions like a capacitor and measures changes in sound via a circuit; these changes are hence converted into digital waveforms. The other type uses piezoelectric elements to measure sound changes.
These MEMS microphones have a vulnerability that makes them susceptible to light and since it is inaudible, the owner will not know that their device has been attacked. This works for devices like Google Home, Alexa, Siri and many more. People can use light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows. Once the attacker has access to a smart home system, they may further use that access to control other smart devices to:
●Control smart home switches
● Open smart garage doors
● Make online purchases
● Remotely unlock and start certain vehicles
● Open smart locks by stealthily brute-forcing the user’s PIN number.
Wait, what? How does that work?
This occurs because microphones, in addition to sound, also react to light aimed directly at them. Thus, by modulating an electrical signal in the intensity of a light beam, attackers can trick microphones into producing electrical signals as if they are receiving genuine audio. This can be done by making a cheap setup similar to what’s shown below.
Since light can easily travel long distances, the only roadblock occurring is the ability to focus and aim the laser beam. But it is still doable. To focus the laser across large distances, one can use a commercially available telephoto lens. The aiming accuracy can be increased by using a geared tripod, and finding out microphone ports can be done by the attacker over large distances using telescopes or binoculars.
Can’t smart speakers recognize my voice?
In case of smart speakers, speaker recognition is off by default so they can be exploited without imitating the owner’s voice. Moreover, if enabled, speaker recognition only checks whether the initial words like “Alexa” or “Hey Google” are said in the owner’s voice, and not the rest of the command. Also speaker recognition, in case of wake-up words, is often weak and can occasionally be bypassed using online text-to-speech synthesis tools.
How do we deal with this?
Since the issue at hand here is due to the physical design of the MEMS microphone that’s already installed in various devices, we definitely can’t get rid of it completely. However, there are certain measures that a user can take to prevent any mishap from occurring.
We can add an additional layer of authentication to somewhat mitigate the attack. In the cases where the attacker cannot eavesdrop on the device’s response, having the device ask the user a simple randomized question before command execution can be effective in prevention.
A physical approach that can be taken by the manufacturers to curb this vulnerability is sensor fusion techniques- such as acquiring audio from multiple microphones.
Another approach consists of reducing the amount of light reaching the MEMS diaphragm by using a non-transparent cover for the microphone, which absorbs all light or by placing the microphone in an angled position inside the device so that light can’t be incident on it.
What do we learn from this?
We need to realize that sometimes when devices are designed with an intended purpose, they might also have features and vulnerabilities that we are unaware of. As an electrical engineer, I’d have never thought about shooting lasers at microphones in order to hack them. Loopholes exist in every product, regardless of how much ever we try to make it perfect. So what’s the bottom line? As consumers, we need to be concerned about our own security and safety and configure our systems to best protect us and our families.
