Smart Home Devices Are More Vulnerable to Hacks than We Might Think

Buying and using smart home products requires a certain level of risk tolerance. Smart home devices have privacy and security risks, which seem to keep piling up. A recent case comes from researchers that discovered a laser pointer can be used to hack into voice-controlled digital assistants like Amazon’s Alexa, Google Home, or Apple’s Siri.

Assistants Process Light Stimuli the Same as Voice Stimuli

Researchers from the University of Michigan and Japan say they discovered a method for taking control of digital assistants from hundreds of feet away by shining laser pointers at assistants. In one case, researchers opened a garage door by aiming a laser beam at a voice assistant that was connected to the door’s opener, saying it was easy to do. In another, they commandeered a Google Home device by climbing to the top of the University of Michigan’s bell tower and shining a beam from 230 feet away. “This opens up an entirely new class of vulnerabilities,” says Kevin Fu, an associate professor of electrical engineering and computer science at the University of Michigan. “It’s difficult to know how many products are affected, because this is so basic.”

The researchers uncovered that a diaphragm in the devices’ microphones reacts to light the same way as if it were sound. So instead of a voice command controlling the assistant, a light beam can act in the same way. For now, there have been no reports of hackers exploiting this vulnerability, and device manufacturers have been alerted to the flaw. Nonetheless, the weakness poses a risk, which can be mitigated by setting up a voice PIN or by placing the device where it cannot be seen from the outside. This would prevent a hacker from using a light source to take it over.

Device Vulnerability Is Not Limited to Voice Assistants

A recent study found 22 of 24 popular smart home devices had critical design flaws, according to researchers at North Carolina State University. The brands included belkin, Wyze, and SmartThings. Given such a high percentage of devices with flaws, the problem is, “not just a vulnerability here or there, but a design flaw that smart home manufacturers really need pay attention to,” says William Enck, a computer scientist at the university who led the study. North Carolina State University researchers found the devices can leak user information that can be exploited by an attack. With that user information a hacker could disrupt the flow of data and disable a smart home device all without the owner's awareness.

These newly discovered vulnerabilities represent a disturbing trend. Just when consumers might expect some progress in reducing security risks in smart home devices, it appears the problem is worsening. No connected device can be completely free from a hack, but manufacturers need to up their game in this ongoing battle.

Vendors Should Take Action

About a year ago I said it was time for swift action by vendors to fix vulnerabilities. Now, it seems the need is even more pressing. If vendors fail to offer stronger security in their smart devices, they risk several possible outcomes. One outcome is a backlash among consumers who will avoid the products, leading to a market that fails to reach its potential. Another outcome is more stringent government regulations that will drive up costs. A final possible outcome is a damaging cyber attack affecting thousands or millions of customers’ devices, leading to a significant drop off in adoption. I’m still waiting for that swift action.