Research Paper - Light Commands: Laser-Based Audio InjectionAttacks on Voice-Controllable Systems

[Nitin Bhide]

https://lightcommands.com/20191104-Light-Commands.pdf

This is an absolutely crazy way of attaching Voice systems like Alexa, Google Assitant etc. 

From abstract of the paper.

We show how an attacker can inject arbitrary audio signals to the target microphone by aiming an amplitude-modulated light at the microphone’s aperture. We then proceed to show how this effect leads toa remote voice-command injection attack on voice-controllable systems. Examining various products that use Amazon’s Alexa,Apple’s Siri, Facebook’s Portal, and Google Assistant, we show how to use light to obtain full control over these devices at distances up to 110 meters and from two separate buildings.Next, we show that user authentication on these devices is often lacking or non-existent, allowing the attacker to use light-injected voice commands to unlock the target’s smart lock-protected front doors, open garage doors, shop on e-commerce websites at the target’s expense, or even locate, unlock and start various vehicles (e.g., Tesla and Ford) that are connected to the target’s Google account. Finally, we conclude with possible software and hardware defenses against our attacks

Regards,

Nitin