According to the boffins the trick is to shine laser pointers, and even flashlights, at the devices' microphones. In one case, they said, they opened a garage door by shining a laser beam at a voice assistant that was connected to it. Another team at the University of Michigan climbed 140 feet to the top of a bell tower at and successfully controlled a Google Home device on the fourth floor of an office building 230 feet away. And by focusing their lasers using a telephoto lens, they said, they were able to hijack a voice assistant more than 350 feet away.
Opening the garage door was a doddle. With the light commands, the researchers could have hijacked any digital smart systems attached to the voice-controlled assistants.
They said they could have easily switched light switches on and off, made online purchases or opened a front door protected by a smart lock. They even could have remotely unlocked or started a car that was connected to the device.
The researchers, who studied the light flaw for seven months, said they had discovered that the microphones in the devices would respond to light as if it were sound. Inside each microphone is a small plate called a diaphragm that moves when sound hits it. That movement can be replicated by focusing a laser or a flashlight at the diaphragm, which converts it into electric signals, they said.
The rest of the system then responds the way it would to sound. While the researchers said they had notified several companies to the light vulnerability, most microphones would need to be redesigned to remedy the problem. And simply covering the microphone with a piece of tape wouldn't solve it.