Fooling Voice Assistants with Lasers
1 min read
Nov 12, 2019
Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible -- and sometimes invisible -- commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a variety of phones. Learn more in an interesting Schneier on Security blog post:
Shining a low-powered laser into these voice-activated systems allows attackers to inject commands of their choice from as far away as 360 feet (110m). Because voice-controlled systems often don't require users to authenticate themselves, the attack can frequently be carried out without the need of a password or PIN. Even when the systems require authentication for certain actions, it may be feasible to brute force the PIN, since many devices don't limit the number of guesses a user can make. Among other things, light-based commands can be sent from one building to another and penetrate glass when a vulnerable device is kept near a closed window.
The link for this article located at Schneier on Security is no longer available.
Related Articles
1 - 0 min read
Hacked VMs Reveal New Attack Risks
1 - 0 min read
Linux Kernel 'Make-Me-Root' Flaw Threatens Popular Distros
1 - 0 min read
Multiple Chromium DoS, Info Disclosure Vulns Fixed [Updated]
