A team of researchers including Kevin Fu and Daniel Genkin, U-M professors of electrical engineering and computer science, have found a way to take over Google Home, Amazon’s Alexa, or Apple’s Siri devices from hundreds of feet away by shining laser pointers, and even flashlights, at the devices’ microphones.
“We’ve shown that hijacking voice assistants only requires line-of-sight rather than being near the device,” said Genkin. “The risks associated with these attacks range from benign to frightening depending on how much a user has tied to their assistant.”
The team showed that this method could enable an attacker to remotely inject inaudible and invisible commands into smart speakers, tablets and phones to:
- Unlock a smart lock-protected front door
- Open a connected garage door
- Shop on e-commerce websites at the target’s expense
- Locate, unlock and start a vehicle that’s connected to a target’s account