Light Commands
US JP
Laser-Based Audio Injection on Voice-Controllable Systems
Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into<br>voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.
In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled<br>devices such as smart speakers, tablets, and phones across large distances and through glass windows.
The implications of injecting unauthorized voice commands vary in severity based on the type of commands that can be executed through voice.<br>As an example, in our paper we show how an attacker can use light-injected voice commands to unlock the<br>victim's smart-lock protected home doors, or even locate, unlock and start various vehicles.
To appear in USENIX Security Symposium 2020
Read the Paper
Cite
@inproceedings{sugawara2020light,<br>title={Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems},<br>author={Sugawara, Takeshi and Cyr, Benjamin and Rampazzi, Sara and Genkin, Daniel and Fu, Kevin},<br>booktitle={29th {USENIX} Security Symposium ({USENIX} Security 20)},<br>year={2020}
See Light Commands in Action
Team
Light Commands were discovered by the following team of academic researchers:
Takeshi Sugawara at The University of Electro-Communications (Tokyo)
Benjamin Cyr at University of Michigan
Sara Rampazzi at University of Michigan
Daniel Genkin at University of Michigan
Kevin Fu at University of Michigan
Contact us at LightCommandsTeam@gmail.com
Q&A
How do Light Commands work?
By shining the laser through the window at microphones inside smart speakers, tablets, or phones, a far away attacker can remotely send inaudible and potentially invisible commands which are then acted upon by Alexa, Portal, Google assistant or Siri.
Making things worse, once an attacker has gained control over a voice assistant, the attacker can use it to break other systems. For example, the attacker can:
Control smart home switches
Open smart garage doors
Make online purchases
Remotely unlock and start certain vehicles
Open smart locks by stealthily brute forcing the user's PIN number.
But why does this happen?
Microphones convert sound into electrical signals. The main discovery behind light commands is that in addition to sound, microphones also react to light aimed directly at them. Thus, by modulating an electrical signal in the intensity of a light beam, attackers can trick microphones into producing electrical signals as if they are receiving genuine audio.
Ok, but what do voice assistants have to do with this?
Voice assistants inherently rely on voice to interact with the user. By shining a laser on their microphones, an attacker can effectively hijack the voice assistant and<br>send inaudible commands to the Alexa, Siri, Portal, or Google Assistant.
What is the range of Light Commands?
Light can easily travel long distances, limiting the attacker only in the ability to focus and aim the laser beam. We have demonstrated the attack in a 110 meter hallway, which is the longest hallway available to us at the time of writing.
But how can I aim the laser accurately, and at such distances?
Careful aiming and laser focusing is indeed required for light commands to work. To focus the laser across large distances one can use a commercially available telephoto lens. Aiming can be done using a geared tripod head, which greatly increases accuracy. An attacker can use a telescope or binocular in order to see the device's microphone ports at large distances.
Which devices are susceptible to Light Commands?
In our experiments, we test our attack on the most popular voice recognition systems, namely Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant.<br>We benchmark multiple devices such as smart speakers, phones, and tablets as well as third-party devices with built-in speech recognition.
Device<br>Voice Recognition<br>System<br>Minimun Laser Power<br>at 30 cm [mW]<br>Max Distance<br>at 60 mW [m]*<br>Max Distance<br>at 5 mW [m]**
Google Home<br>Google Assistant<br>0.5<br>50+<br>110+
Google Home mini<br>Google Assistant<br>16<br>20
Google NEST Cam IQ<br>Google Assistant<br>50+
Echo Plus 1st Generation<br>Amazon Alexa<br>2.4<br>50+<br>110+
Echo Plus 2nd Generation<br>Amazon Alexa<br>2.9<br>50+<br>50
Echo<br>Amazon Alexa<br>25<br>50+
Echo Dot 2nd Generation<br>Amazon Alexa<br>50+
Echo Dot 3rd Generation<br>Amazon Alexa<br>50+
Echo Show 5<br>Amazon Alexa<br>17<br>50+
Echo Spot<br>Amazon Alexa<br>29<br>50+
Facebook Portal Mini<br>Alexa + Portal<br>18
Fire Cube TV<br>Amazon Alexa<br>13<br>20
EchoBee 4<br>Amazon Alexa<br>1.7<br>50+<br>70
iPhone XR<br>Siri<br>21<br>10
iPad 6th Gen<br>Siri<br>27<br>20
Samsung Galaxy S9<br>Google Assistant<br>60
Google Pixel 2<br>Google Assistant<br>46
While we do not claim that our list of tested devices is exhaustive, we do argue that it does provide some intuition about the vulnerability of popular voice recognition systems to Light Commands.<br>Note:<br>* Limited to a...