I love a good scientific mystery—stuff like quantum weirdness, dark matter and dark energy, strange gravitational behaviour, or even why smart speakers respond to light waves as if they were sound. That last one was the topic of a recently published paper from researchers at the University of Electro-Communications Tokyo and the University of Michigan, who used lasers to remotely control smart speakers, phones, and tablets from hundreds of feet away using “Light Commands.” While it’s a fascinating discovery that currently has no mechanical explanation, it’s also yet another vulnerability of using smart devices.
Using light commands to control smart devices
The researchers used lasers and infrared signals to activate micro-electrical-mechanical systems (MEMs) and perform commands without sound. MEMs are microscopic components found in the microphones used in smart speakers like the Amazon Echo, Google Home, and the Facebook Portal, as well as on phones, tablets, and smart appliances. The group was able to execute light-based commands as far away as 360 feet, and from varied angles and elevations. It even works through glass windows.
The speakers responded to the light as if it was voice-based sound waves, which raises serious security concerns—especially since most of these devices do not require user verification in order to be used, at least not by default. A savvy hacker with the proper setup could potentially hijack your smart home network and even access other remotely synced devices using easily accessible equipment like laser pointers.
The good news is, for now, light-command attacks can be difficult to pull off effectively. They’re also risky, since the most accessible hardware setup uses visible lasers and because smart devices audibly respond to all commands regardless of if they were initiated via light or sound, both of which would be immediately noticeable to anyone in the home. Furthermore, no one knows exactly why or how any of this is possible in the first place, and the researchers are puzzled over the physics that enable such attacks; they’ve simply proven light commands work in ideal scenarios—though the researchers also expect more effective methods will be developed once the mechanisms have been identified and understood.
Preventing light-command hacks
Regardless of whether light-command attacks become more sophisticated, now that the hack has been demonstrated and replicated, we know it’s possible that someone could try to use light commands to control your smart home device, adding yet another risk to consider when owning a smart speaker—just like strangers listening in on your conversations or having sensitive information recorded. There are, fortunately, some simple preventative steps that can help keep you safe from hypothetical light-command attacks:
Disable your devices when not in use: The simplest solution is to just turn off and/or unplug your smart devices when you’re not using them; hackers can’t exploit devices that aren’t powered on.
Keep them out of sight: Light-command attacks require precise line of sight in order to work, so keep your voice-controlled smart devices out of windows and obstructed by other objects, especially when not in use and while you’re out of the house but don’t want to (or can’t) unplug your devices. Routinely moving your smart device(s) may also be worthwhile if you’re especially concerned about these kinds of hacks.
Step up security settings when possible: The other preventative measure is to set up the highest-possible security measures on each of your devices. Set up PINs and other user authentication requirements where available. Doing so will be different for each device, but you should be able to find out how with a quick internet search or by consulting any user manuals that were included with your devices.