Lasers can hack your smart speaker

Smart speakers such as the Amazon Echo and Google Home have become hugely popular since their release in 2014 and 2016. These digital assistants have entered their way into our homes and become an essential part of our daily lives. They provide us with the latest news and weather updates, play our favourite music and answer all sorts of questions we throw at them!

However the security of these devices remains a concern for many, with the fear of our privacy being exposed and also the risk of being hacked.

It has recently been reported that a team in Tokyo and at the University of Michigan were able to control Alexa, Siri and Google Assistant by using beams of light to hit the devices’ microphones.
In an article published by The New York Times, researchers discovered that they could fool a Google Home smart speaker into opening a garage door by using a technique which focused lasers with a telephoto lens. The researchers were able to hijack voice assistants from several hundred feet away as they also accessed a voice assistant within an office building 230 feet away.

The researchers who spent months studying the light flaw, discovered that the microphones inside the devices would respond to light as if it were sound.

They published “Microphones convert sound into electrical signals. The main discovery behind light commands is that in addition to sound, microphones also react to light aimed directly at them.”

Ultimately, the lasers trick the microphones into making electrical signals to therefore make it believe they’re hearing a voice.

What else could happen if your smart speaker is hacked?

The huge concern here is that a hacker could put this method into practice and gain access to your other connected devices, such as a smart lock on a front door or alarm system, potentially deactivate them and then access your home. They could also make online purchases and even remotely unlock or start up a car that’s connected to the speaker.

How can you secure your smart speaker?

There are some actions you can take to add a layer of protection to your smart speaker.

Set up a password or switch off purchasing – Smart speakers can be set to make purchases on demand, therefore anyone who accesses your device could use your account to start buying goods. You should set up a purchase password and keep it private, this will eliminate unauthorised orders not only from hackers but also the kids! The other option is to disable purchasing if that’s a feature you’re not planning to use.

Set up email notifications – You can set up email notifications for just about anything these days so do it with your smart speaker too! If you regularly check your emails this is a step definitely worthwhile doing.

Strengthen your passwords and use 2FA – Ensure the password for the account linked to your device has a strong password and also set up two-factor authentication if available.