Smart speakers like Google Home and Amazon Echo have always been in the buzz for the potential security/privacy issues.
However, this time it is something more interesting.
It looks like that you can remotely control a smart speaker powered by Siri, Google Assistant, or Alexa by just using a laser beam.
The concept behind the flaw involves a bug in MEMS (microelectromechanical system) microphones.
The microphones are so sensitive that they detect the laser beam as a sound.
So, just as you would give a command with your voice, a similar command can be transmitted using the laser light. The researches who uncovered the flaw also published a detailed paper if you are curious to find out all the technical details.
For the laser attack to work, the attacker has to have a clear line of sight to the smart speaker.
Practically, this is tough to be implemented but it still counts as a major vulnerability that interprets light as a sound.
Even though it cannot be exploited easily in the wild, integrationg of smart speakers with home security and automation is an important aspect to consider.
If the attack is done right, a smart speaker can end up comprising your home security in a few minutes – which is quite alarming.
We cannot be too sure of an easy fix but we shall keep you updated on a follow up to this story.