iPhone and HomePod Vulnerable to Line of Sight Attacks Using Lasers

2019-11-05 483 Posted by 3uTools

iPhone and HomePod Vulnerable to Line of Sight Attacks Using Lasers

A new laser-based hack discovered for devices with MEMS (micro-electro-mechanical systems) microphones makes iPhone, HomePod, Google Home, Amazon Echo, and more vulnerable to line of sight attacks from up to several hundred feet away.

Reported by Ars Technica, the type of attack is called ‘Light Commands’ and was discovered by researchers at the University of Electro-Communications and the University of Michigan. Light Commands make it possible to hack Siri, Google Assistant, Alexa, and more from a distance as long as the attacker has line of sight to the device’s microphones.

Here’s how it works: Shining a low-powered laser into these voice-activated systems allows attackers to inject commands of their choice from as far away as 360 feet (110m). Because voice-controlled systems often don’t require users to authenticate themselves, the attack can frequently be carried out without the need of a password or PIN. Even when the systems require authentication for certain actions, it may be feasible to brute force the PIN, since many devices don’t limit the number of guesses a user can make. Among other things, light-based commands can be sent from one building to another and penetrate glass when a vulnerable device is kept near a closed window.

As noted by Ars, the researchers have done limited testing with iPhones, tablets, smart speakers, and smart displays but they believe that “all devices that use MEMS microphones susceptible to Light Commands attacks.”

Light Commands do have some limitations, like a malicious party needing to have a direct line of sight to a device and be able to very accurately position a laser on a device’s microphone.

However, the researchers have carried out attacks in moderately realistic conditions and the lack of authentication for voice assistants that can control smart home devices like door locks, garage doors, and more is certainly concerning.

More interesting, some of the tests were even done with just an $18 laser pointer, laser driver, and an audio amplifier for less than a $400 total.

The researchers have created a website detailing how Light Commands work and are already partnering with Apple, Google, and Amazon and more to come up with “defensive measures.”

Source: 9to5mac

Related Articles

Apple Still Signing iOS 11.3 Beta 5/6, Downgrade to It to Jailbreak Your iPhone How to Download Apple’s Official iOS IPSW with One Simple Step? Backup Your iOS Device When It's Disabled or in Password in Normal Mode ICCID Activation Bug can Factory Unlock Any iPhone with a Turbo SIM iPhone X to be Available in New "Blush Gold" Color on Jan, 2018 PanGu Won’t Release iOS 10.3.1 jailbreak Tool? iFixit Releases Fun x-ray and Internal Wallpapers for iPhone XR Apple iPhone 7 Plus with Leaked Photos and iPhone 7's Packaging Box