Researchers discover how Alexa and Siri apps are hacked

A group of researchers from Tokyo and the University of Michigan discovered a technique that violates the virtual assistants of Amazon, Google or Apple called Light Commands (orders of light, according to its acronym in English). It allows to send commands through a laser that can be located more than 100 meters away from the device.

The problem is that devices such as Echo, Facebook Portal Mini, Google Home and even the iPhone XR have been hacked by the team. The laser “convert the sound into electrical signals … Even the microphones react to a light aimed directly at them” so hackers only need to “adjust an electrical signal in the intensity of a beam of light” to make the app believe it is receiving an order.

The equipment consisting of a laser, a tripod and a telephoto lens that has a value of approximately $ 600. However, this vulnerability has several layers of security that can protect the computer.

Although it is true that from one end to another equivalent to 110 meters away voice assistants can be attacked, one of the security measures is voice recognition, which will be allowed only for those who have been authorized to give orders to the assistant.

Investigators highlight the importance of activating this measure because it is not always present by default, because “it is weak and can be exceeded by an attacker” if he uses voice generation programs to try to imitate the victim’s oral command. Another option to protect the device is to relocate the equipment that is in danger.

K. Villarroel

Source: elmundo