Researchers hack Google Home, Echo and HomePod using a remote laser

Updated: Nov 27, 2019

Smart speakers are devices with a growing presence in homes around the world. They answer questions and follow orders such as "what will the weather be like tomorrow" or "turn off the lights in the room", the latter provided that there are appliances with a wireless connection.

Three of the world's largest companies, Apple, Google, and Amazon, have a smart speaker in their product catalog. Each of them has its own artificial intelligence, Alexa being Amazon's, Google Assistant's Google's, and Siri's Apple's.

These devices are not without controversy. Being connected to the Internet, there is a question of whether they are as reliable as the manufacturers announce. Some of them, such as Siri or Alexa, have a team to evaluate the quality of responses and requests, although they now offer the possibility of not participating in the improvement program.

After discovering that some Amazon Echo and Google Home applications cause these speakers to constantly spy on you, a group of researchers has managed to manipulate them in a most curious way: with a laser pointer.

A hack that allows you to induce commands of all kinds

The guys from ArsTechnica comment that it is possible to hack smart speakers Google Home, Amazon Echo and Apple HomePod using a laser pointer. With this technique, they can inject inaudible or even sometimes invisible commands that allow opening doors or entering websites.

Apparently, aiming with a low-intensity laser at one of these systems opens the ban on entering commands from up to 110 meters away. Also, since most of these systems do not need authentication, attacks do not require a password or PIN code. Even if it were, the code could be discovered by "brute force" as there are no limits of attempts.

In the case of Apple HomePod, personal requests are activated by default. This function allows you to send messages, make calls or create reminders when our iPhone is close, authenticated and connected to the Wi-Fi network. In addition, authentication is also enabled by default for secure requests such as reading notes, reminders or calendar events.

Although one of these smart speakers could be manipulated with a long-distance laser, for example, from another building, or even a telephoto lens can be used to go even further, the device must be visible, that is, near a window.

A vulnerability of MEMS microphones

It is possible to hack smart speakers due to the vulnerability of microphones that use MEMS technology (microelectromechanical systems). These components respond to light as if it were a sound. Although this method has only been tested with Siri, Alexa, Google Assistant, Facebook Portal and a small number of tablets and smartphones, it is believed to affect all microphones with this technology.

But not only is it enough that the device in question is visible but also, in most cases, the laser has to be aimed at a specific part. On the other hand, attendees usually respond with visual or audible signals when they detect an activation command (Hey Siri, Alexa, Ok, Google), so the user, if close, is notified.

More from WirelessCave


Receive an email so you don't miss any posts:

  • Facebook
  • Instagram
  • YouTube
  • Twitter

Other recommendations

Contact Us

Follow Us

  • Black Facebook Icon
  • Black Instagram Icon
  • Black YouTube Icon
  • Black Twitter Icon