A red laser slices through the air, landing on the top of an Amazon Echo sitting inside a house. Suddenly, the garage door opens, a burglar slides in, uses another laser to have the Echo start the car and drives off.
Sound far-fetched? It's not anymore.
Researchers from the University of Michigan have used laser lights to exploit a wide variety of voice-activated devices, giving them access to everything from thermostats to garage door openers to front door locks. The researchers have communicated their findings to Amazon, Google and Apple, which are studying the research.
Working with researchers from the University of Electro-Communications in Japan, U-M's researchers published a paper and a web site detailing how it works. There are also videos showing it in action.
The researchers discovered the microphones in the smart devices would respond to light as if it were sound. Inside each microphone is a small plate called a diaphragm that moves when sound hits it. Using focused light, like lasers or even a focused flashlight, they were able to access the system.
This can create security issues, because while most of these devices are locked inside houses, light can travel through windows. It can easily travel long distances, limiting the attacker only in the ability to focus and aim the laser beam.
Researchers worked in a 110-meter long hallway and got a voice-activated system to respond. All the equipment needed to hack the system was available on Amazon.
The attack can be mounted using a simple laser pointer, a laser driver and a sound amplifier, researchers said on the website. A telephoto lens can be used to focus the laser for long range attacks.
So how does it work?
"Microphones convert sound into electrical signals," the research says. "The main discovery behind light commands is that in addition to sound, microphones also react to light aimed directly at them. Thus, by modulating an electrical signal in the intensity of a light beam, attackers can trick microphones into producing electrical signals as if they are receiving genuine audio."