Light Commands: Hacking Voice Assistants with Lasers

Presented at Black Hat Europe 2020 Virtual, Dec. 10, 2020, 2:20 p.m. (40 minutes).

<p class="p1"><span class="s1">In the near future, our homes will employ potentially dozens of IoT devices. These devices listen to our voice commands using sophisticated microphones. Our laser-based injection attack Light Commands shows how microphones can respond to light as if it was sound. By simply modulating the amplitude of laser light, we can inject fully inaudible and invisible commands into microphones of smart speakers, phones, and tablets, across large distances and through glass windows.</span></p><p class="p1"><span class="s1">In this talk, we will show:</span></p><ol class="ol1"><li class="li1"><span class="s1">How Light Commands works by exploiting a physical vulnerability of MEMS microphones,</span></li><li class="li1"><span class="s1">How it's possible to remotely inject and execute unauthorized commands on Alexa, Portal, Google, and Siri voice assistants</span></li><li class="li1"><span class="s1">How the ecosystem of devices connected to these voice assistants, such as smart-locks, home switches, and even cars, fail under common security vulnerabilities (e.g. PIN bruteforcing) that make the attack more dangerous</span></li></ol>

Presenters:

  • Sara Rampazzi - Assistant Professor, University of Florida
    Sara Rampazzi is an Assistant Professor in the Department of Computer and Information Science and Engineering at the University of Florida. Dr. Rampazzi&rsquo;s research areas include cyber-physical systems security, embedded systems design, modeling, and simulation techniques with applications in Healthcare, Automotive, and the Internet of Things. Dr. Rampazzi&rsquo;s work focuses on investigating security risks and developing hardware and software defense strategies against hardware-based attacks.
  • Benjamin Cyr - PhD Student, University of Michigan
    <p>Benjamin Cyr is a 3rd Year PhD student at the University of Michigan. He is working with Dr. Kevin Fu in the SPQR Lab, an academic research lab focusing on the cyber-physical security of sensing systems. His research focus is on defenses against light-based injection attacks on cyber-physical systems.</p>
  • Daniel Genkin - Assistant Professor , University of Michigan
    <p>Daniel Genkin is an Assistant Professor at the Department of Electrical Engineering and Computer Science at the University of Michigan. Before joining Michigan, he was a Postdoctoral Fellow at the University of Pennsylvania and the University of Maryland. Daniel&rsquo;s research interests are in cryptography and system security, with particular interests inside channel attacks and secure computation.</p>

Links:

Similar Presentations: