Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems
PROCEEDINGS OF THE 29TH USENIX SECURITY SYMPOSIUM(2020)
摘要
We propose a new class of signal injection attacks on microphones by physically converting light to sound. We show how an attacker can inject arbitrary audio signals to a target microphone by aiming an amplitude-modulated light at the microphone's aperture. We then proceed to show how this effect leads to a remote voice-command injection attack on voice-controllable systems. Examining various products that use Amazon's Alexa, Apple's Siri, Facebook's Portal, and Google Assistant, we show how to use light to obtain control over these devices at distances up to 110 meters and from two separate buildings. Next, we show that user authentication on these devices is often lacking, allowing the attacker to use light-injected voice commands to unlock the target's smartlock-protected front doors, open garage doors, shop on e-commerce websites at the target's expense, or even unlock and start various vehicles connected to the target's Google account (e.g., Tesla and Ford). Finally, we conclude with possible software and hardware defenses against our attacks.
更多查看译文
关键词
audio injection attacks,laser-based,voice-controllable
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络