According to a report by Arstechnica.com an inaudible command can be sent to language assistants like Amazon Echo, but also to many smartphones using a laser. The devices then react as if they were ghostly and execute the command without audible sound. The vulnerability was discovered by scientists at the University of Michigan. Details have been published by the discoverers on their own website Lightcommands.com.
As demonstrated in the videos, the hack uses a low-frequency beam of light that is interpreted as a voice command by the speech assistants’ microphones. For example, the scientists succeeded in opening a garage door from a distance.
The affected devices also include current smartphones such as the Samsung Galaxy S9 and the iPhone XR. Curiously, the scientists admitted that they, too, could not fully understand the physics that triggered the hack. So far, it’s only certain that the laser can trigger the microphone in speech assistants, smartphones and tablets. All so-called microelectromechanical systems (MEMS), which can interpret light as well as audio, are vulnerable. Due to their compact design and high speech quality, they are installed in almost all mobile devices. The incident laser light on the membrane probably causes vibrations similar to those of the voice, which is otherwise interpreted by the devices as an audio command.
The experiments showed that the hack can be used over distances of up to 110 metres. The scientists were thus able to execute a voice command across two buildings that opened a door. So the security problem poses a real danger. In the meantime, the manufacturers of the widely used voice assistant have announced that they are working on corresponding security updates. Because the hack is technically demanding due to the necessary laser and visual contact, the companies assume that it has not been misused so far.