Can you imagine someone hacking into your Amazon Echo through a laser beam and then purchasing stuff online from your account? Read on to know more…
A group of academic researchers demonstrated how light can be used to manipulate a myriad range of digital assistants, including Amazon Echo devices. Moreover, sensing systems in autonomous vehicles, medical devices, industrial systems, and space systems can be manipulated via this technique too.
Technicalities
The team that hacked Amazon Echo and other smart speakers using a laser pointer continue to investigate why MEMS microphones respond to sound. The same team that last year mounted a signal-injection attack against a range of smart speakers merely by using a laser pointer are still unraveling the mystery of why the Microelectro-MEchanical Systems (MEMS) microphones in the products turn the light signals into sound.
Researchers at the time said that they were able to launch inaudible commands by shining lasers — from as far as 360 feet — at the microphones on various popular voice assistants, including Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant.
They broadened their research to show how light can be used to manipulate a wider range of digital assistants — including Amazon Echo 3 — but also sensing systems found in medical devices, autonomous vehicles, industrial systems and even space systems.
Implications
According to the research paper, leveraging a digital assistant as a gateway can permit hackers to take over home devices. Moreover, this becomes more dangerous when these devices are connected with other smart home elements, such as garage doors, smart locks, and cars.
Other Shocking Experiments
Recently, another team of researchers converted a smart vacuum cleaner into a microphone, able to record nearby conversations. Dubbed LidarPhone, the attack leverages the cleaner’s LiDAR laser-based navigational element and converts it into a laser microphone.
Vulnerabilities were discovered in 11 smart doorbells sold on eBay and Amazon. While one flaw could allow adversaries to break into wireless networks by swiping credentials, another bug can help attackers manipulate network data. Moreover, these bugs have been around for quite some time now.
Researchers have unveiled more than 400,000 subdomains with misconfigured CNAME records. As per this evidence, around 139 among Alexa’s 1,000 domains have probably fallen victim to subdomain takeovers.
A Brief Conclusion
The growing adoption of smart home devices shows the ongoing march IoT technology in modern times. However, with greater connectivity come greater cyber threats. Thus, experts recommend not to connect too many devices to your home network. Stay updated and keep your devices updated, too.