Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems

TL;DR

This paper demonstrates a novel laser-based attack method that injects audio commands into voice-controlled devices from a distance, exploiting microphone vulnerabilities to control various smart devices and systems.

Contribution

It introduces a new physical attack technique using light to inject audio commands into microphones, enabling remote control of voice-activated systems at significant distances.

Findings

Effective remote control of voice assistants up to 110 meters

Ability to unlock smart locks and vehicles via light-injected commands

Lack of user authentication allows unauthorized device access

Abstract

We propose a new class of signal injection attacks on microphones by physically converting light to sound. We show how an attacker can inject arbitrary audio signals to a target microphone by aiming an amplitude-modulated light at the microphone's aperture. We then proceed to show how this effect leads to a remote voice-command injection attack on voice-controllable systems. Examining various products that use Amazon's Alexa, Apple's Siri, Facebook's Portal, and Google Assistant, we show how to use light to obtain control over these devices at distances up to 110 meters and from two separate buildings. Next, we show that user authentication on these devices is often lacking, allowing the attacker to use light-injected voice commands to unlock the target's smartlock-protected front doors, open garage doors, shop on e-commerce websites at the target's expense, or even unlock and start various vehicles connected to the target's Google account (e.g., Tesla and Ford). Finally, we conclude with possible software and hardware defenses against our attacks.