Light Commands: Hacking Voice Assistants with Lasers presented at BlackHatEurope 2020

by Sara Rampazzi, Benjamin Genkin,

Summary : In the near future, our homes will employ potentially dozens of IoT devices. These devices listen to our voice commands using sophisticated microphones. Our laser-based injection attack Light Commands shows how microphones can respond to light as if it was sound. By simply modulating the amplitude of laser light, we can inject fully inaudible and invisible commands into microphones of smart speakers, phones, and tablets, across large distances and through glass windows.In this talk, we will show:How Light Commands works by exploiting a physical vulnerability of MEMS microphones,How it's possible to remotely inject and execute unauthorized commands on Alexa, Portal, Google, and Siri voice assistantsHow the ecosystem of devices connected to these voice assistants, such as smart-locks, home switches, and even cars, fail under common security vulnerabilities (e.g. PIN bruteforcing) that make the attack more dangerous