Security vulnerabilities and vulnerabilities are common aspects in the life of any electronic product or service, but a flaw that allows criminals to invade your device through lasers? This is something not seen every day and is exactly what researchers at the University of Michigan and the University of Electro-Communications (Japan) have found.
The information is from Ars Technica: Apparently, researchers have found a way to break into devices with microphones like MEMS (micro-electro-mechanical system, used to create tiny components such as those on smartphones or smart speakers), such as iPhones, HomePods or appliances Google Home and Amazon Echo. And the whole thing revolves around, like I said, such lasers.
Basically, the breach requires the intruder to have an unobstructed line of sight to the microphone in question, and he need not be as close as this: the attack works up to 110 meters away and can be performed through glass or other transparent obstacles. The attack involves issuing a “light command” which is transmitted directly to the microphones and simulates user actions in a completely silent manner.
The problem is that most devices do not require users to authenticate to have their voice command capabilities enabled; As a result, intruders can send instructions to the microphones that breach the device's barrier barrier and potentially take control of the devices. Even in cases where commands require authentication, the attack technique can break the locks with brute force password entry attempts.
The major concern raised here is that attackers are able, for example, to gain control of the devices of a smart home through such attacks. In theory, it would be possible for evildoers to open smart lock doors or perform other actions within your home using the technique.
The researchers were able to assemble a proof of concept only with a laser pointer, a driver and a sound amplifier, spending less than $ 400 in total. They have done tests on smart iPhones, tablets and speakers, but believe that any handset equipped with MEMS-type microphones (ie basically all modern mobile devices) is vulnerable to potential attacks. Three videos below demonstrate the operation:
Now scientists say they are working on vulnerability solutions with the companies involved (such as Apple, Google and Amazon). Let's see if they get any good news about it in the near future.
via 9to5Mac | image: Unsplash