Alexa, disarm the victim’s home security system

Smart home

Kelly Jackson Higgins, Executive Editor at Dark Reading, explores how hacking attempts on ‘smart’ home assistants via laser pointers have raised further security concerns about the devices.

Researchers who last year hacked popular voice assistants with laser pointers take their work to the next level.

It’s still a mystery to researchers at the University of Michigan and The University of Electro-Communications (Tokyo) – just what physically enabled them to inject commands into the embedded microphones of Amazon Alexa, Google Home, and other digital voice assistant devices via laser pointers.


The team in 2019 used light to remotely control Google Assistant, Amazon Alexa, Facebook Portal, and Apple Siri by exploiting a vulnerability in their so-called MEMS microphones. They used the light beams to inject invisible and inaudible commands to the digital voice assistants as well as voice-controlled smartphones and tablets – through glass windows as far away as 110 metres.

They’re now taking their research to a new phase.

“There’s still some mystery around the physical causality on how it’s working. We’re investigating that more in-depth,” says Benjamin Cyr, a Ph.D. student at Michigan who, along with researcher Sara Rampazzi, will be presenting the latest iteration of the research at Black Hat Europe on 10 December. Why do the mikes respond to light as if it’s sound? he says. “We want to try to nail down what’s happening on a physical level, so that future hardware designs” protect them from light-injection attacks.

They are now studying the security of sensing systems overall as well, including those found in medical devices, autonomous vehicles, industrial systems – and even space systems.

Cyr, Rampazzi, an Assistant Professor at the University of Florida, and Daniel Genkin, an Assistant Professor at the University of Michigan, plan to show at Black Hat Europe how a security camera could be manipulated via a hijacked voice assistant with which it interfaces. They’ll be demonstrating their light-injection hack against the Amazon Echo 3, a newer model of the smart speaker system that was not available last year when they…