How Alexa, Google Assistant can be hacked using lasers/flashlight

In a recent blog post, the research team flagged a vulnerability in the MEMS (microelectro-mechanical systems) microphones used by home assistant products.

They said this little known flaw opens the way to inject inaudible and invisible commands into beams of light (laser/flashlight) and then use the same to hack/control Siri, Alexa, or Google Assistant from hundreds of feet away.

The researchers demonstrated the hack and claimed they were able to use laser lights to compromise Google Home and other smart home assistants from as far as 350 feet away.

In one case, they controlled a Google Home device positioned in an office building from the top of the University of Michigan's bell tower some 230 feet away.

According to the researchers, hackers can easily apply this technique to compromise smart home devices that are otherwise marketed as a solution to make your home secure.

For instance, they could use light-inject commands and tell Assistants to open your home's smart-lock protected front door.

However, it is not an easy attack. The attackers need a direct line of sight to the target.

The researchers say the technique can compromise any device using the MEMS microphone and there's no way to stay protected against it.

However, they do claim to be working with researchers at Google, Apple, and Amazon to develop appropriate defense mechanisms that can be incorporated into the future models of their smart home assistants.

So, till then, keep your Assistant indoors, away from lasers!