Home Products Firmwares Tutorials News Forum
3uTools for Windows/macOS
Windows macOS Detail
3uTools for iOS
Download Detail
NEWS
iPhone and HomePod Vulnerable to Line of Sight Attacks Using Lasers
1699
2019-11-05
Posted by 3uTools

iPhone and HomePod Vulnerable to Line of Sight Attacks Using Lasers


A new laser-based hack discovered for devices with MEMS (micro-electro-mechanical systems) microphones makes iPhone, HomePod, Google Home, Amazon Echo, and more vulnerable to line of sight attacks from up to several hundred feet away.


Reported by Ars Technica, the type of attack is called ‘Light Commands’ and was discovered by researchers at the University of Electro-Communications and the University of Michigan. Light Commands make it possible to hack Siri, Google Assistant, Alexa, and more from a distance as long as the attacker has line of sight to the device’s microphones.


Here’s how it works: Shining a low-powered laser into these voice-activated systems allows attackers to inject commands of their choice from as far away as 360 feet (110m). Because voice-controlled systems often don’t require users to authenticate themselves, the attack can frequently be carried out without the need of a password or PIN. Even when the systems require authentication for certain actions, it may be feasible to brute force the PIN, since many devices don’t limit the number of guesses a user can make. Among other things, light-based commands can be sent from one building to another and penetrate glass when a vulnerable device is kept near a closed window.


As noted by Ars, the researchers have done limited testing with iPhones, tablets, smart speakers, and smart displays but they believe that “all devices that use MEMS microphones susceptible to Light Commands attacks.”


Light Commands do have some limitations, like a malicious party needing to have a direct line of sight to a device and be able to very accurately position a laser on a device’s microphone.


However, the researchers have carried out attacks in moderately realistic conditions and the lack of authentication for voice assistants that can control smart home devices like door locks, garage doors, and more is certainly concerning.


More interesting, some of the tests were even done with just an $18 laser pointer, laser driver, and an audio amplifier for less than a $400 total.


The researchers have created a website detailing how Light Commands work and are already partnering with Apple, Google, and Amazon and more to come up with “defensive measures.”


Source: 9to5mac

Related Articles
Apple Still Signing iOS 11.3 Beta 5/6, Downgrade to It to Jailbreak Your iPhone How to Download Apple’s Official iOS IPSW with One Simple Step? Backup Your iOS Device When It's Disabled or in Password in Normal Mode ICCID Activation Bug can Factory Unlock Any iPhone with a Turbo SIM iOS 17 Update Now Available for iPhone With Better Autocorrect, StandBy, Interactive Widgets, Much More iFixit Releases Fun x-ray and Internal Wallpapers for iPhone XR How to Jailbreak iOS 11– iOS 11.4.1 Using Electra Jailbreak on iPhone or iPad Apple Begins Selling Refurbished iPhone 12 Mini in U.S. For First Time
Connect with us
About Us Legal Statement Disclaimer
© 2010 - 2023 3uTools. All Rights Reserved.
3uTools can manage files, download apps / wallpapers / ringtones, flash, jailbreak
An All-in-one Tool for iOS Devices