Amazon Echo

Lasers Can Take Over Voice Assistant Systems From Long Distances, Research Finds

By pointing a laser or even a flashlight into the microphone of a Google Home, Siri or Alexa system, the researchers were able to control the devices and the systems connected to them.

Security researchers in Japan and the University of Michigan discovered a startling flaw in voice-controlled assistant systems that revealed how easily devices like Siri, Alexa and Google Home could be manipulated.

In a paper published on Monday, cybersecurity experts shared details of how they were able to use easily available laser pointers, and in some cases flashlights, to take over Amazon, Google and Apple digital assistants from hundreds of feet away.

Some examples include opening a garage door by pointing a laser at a voice assistant connected to the system, and even climbing to the top of a bell tower at the University of Michigan to manipulate a Google Home in an office building 230 feet away, The New York Times reported.

The longest distance that the researchers were able to control a voice assistant was more than 350 feet away, showcasing a glaring vulnerability in the systems.

“This opens up an entirely new class of vulnerabilities,” Kevin Fu, a computer science professor at the University of Michigan, told the Times. “It’s difficult to know how many products are affected, because this is so basic.”

All companies affected by the issue, including Tesla, Ford, Amazon, Apple and Google, were alerted to the light vulnerability prior to the release of the paper. Each corporation said they were studying the issues detailed in the research.

Perhaps the most concerning aspect of the report is that by taking over the digital assistant systems, hackers would have the ability to access and control any systems connected to a Google Home or similar product. The researchers pointed out that they could have unlocked cars or started vehicles remotely if they were connected to the devices.

To fix the issue, most microphones on the systems would need to be redesigned because covering the mic with a piece of tape does not address the problem. Dirt shields on several microphones were not able to block the lasers and the commands, according to Fu.

There is no indication that lasers or flashlights have been used to carry out cyberattacks or takeovers of the devices, according to the researchers. As tech companies assess the problem, experts advise users of voice-controlled assistants to move their devices away from areas where it can be seen from the outside and limit the number of systems connected to them.

“This is the tip of the iceberg,” Fu said. “There is this wide gap between what computers are supposed to do and what they actually do. With the internet of things, they can do unadvertised behaviors, and this is just one example.”

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • The Yellow Brick Road

    The road to and throughout Wednesday's and Thursday's ISC West was crowded but it was amazing. Read Now

    • Industry Events
    • ISC West
  • An Inside Look From Napco at ISC West

    Get a look into the excitement at ISC West 2025 from Napco. Hear from some of their top-tech executives live from the show floor. Read Now

    • Industry Events
    • ISC West
  • Upping the Ante

    I am not a betting man in terms of cards, dice, blackjack or that wheel with the black marble racing around the circumference of a spinning wheel, but I would bet on the success of ISC West this year. Read Now

    • Industry Events
    • ISC West
  • It's Show Time

    I am one of those people that likes to see things get bigger and better. As advertised, ISC West is going to be bigger (more exhibitors) and better (more attendees). It’s show time in Las Vegas. Read Now

    • Industry Events
    • ISC West

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.