Skip to main content

Your Alexa speaker can be hacked with malicious audio tracks. And lasers.

In Stanley Kubrick’s 1968 movie 2001: A Space Odyssey, a self-aware artificial intelligence system called HAL 9000 turns murderous and begins trying to kill off its crew during a space mission. In 2019, our A.I. assistants — such as Apple’s Siri, Amazon’s Alexa, and Google Assistant — have yet to turn on humans with quite the willful ferocity of HAL. That doesn’t mean they can’t be used against us, however.

Today, some reports place ownership of smart speaker devices at as high as one-third of American adult households. In the process, smart speakers have expanded their abilities far beyond simply helping us select music or set kitchen timers: aiding us in everything from providing pharmaceutical knowledge to controlling our smart homes.

Echo Alexa

So what exactly can go wrong? Two recent studies offer examples of a couple of ways in which malicious actors (or, in this case, researchers hypothetically posing as malicious actors) could exploit fundamental weaknesses in today’s smart assistants. The results aren’t pretty.

Okay, so it’s not exactly HAL 9000 going awry, but it’s a reminder that there’s still plenty to be concerned about when it comes to smart speaker security. And how, in some cases, smart assistants may not be quite so smart after all.

Adversarial attacks on Alexa

The first example involves what are called adversarial examples attacks. You may remember these unusual modes of attacks from research that first raised its head a couple years back, initially with regard to image recognition systems.

Fooling Image Recognition with Adversarial Examples

The first adversarial attacks honed in on a strange weakness in image recognition systems which carry out image recognition by looking for familiar elements that can help them understand what they are seeing. Seizing on this weakness, gleeful researchers showed that a state-of-the-art image classifier could be duped into confusing a 3D-printed turtle with a rifle. Another demo illustrated how a picture of a lifeboat with a tiny patch of visual noise in one corner made it classify the image as a Scottish terrier with almost total confidence.

Both attacks demonstrated unusual strategies that wouldn’t fool humans for a second, but nonetheless had the ability to deeply confuse A.I. At Carnegie Mellon University, researchers have now shown that it is possible to exploit this same feature for audio.

“The majority of state-of-the-art [neural network] models deployed in commercial speech recognition products are the same as the ones used in image recognition,” Juncheng Li, one of the researchers on the project, told Digital Trends. “We motivated ourselves by asking if the same weaknesses of these models existed in the audio domain. We wanted to see if we could compute a similar style of adversarial example to exploit the weakness of the decision boundary of a neural network trained for speech and a wake word model.”

Adversarial Music Demo Video

By focusing on the in-speaker neural network whose only goal in artificial life is to listen for the wake word in an Amazon Echo, Li and his fellow researchers were able to develop a special audio cue that would stop Alexa from being activated. When this particular music cue played, Alexa fails to understand its name being called. With music playing, Alexa responded to its name just 11% of the time. That’s significantly less than the 80% of time it recognizes its name when other music tracks are playing, or the 93% of the time it responds when there is no audio clip playing whatsoever. Li thinks the same approach could work for other A.I. assistants, too.

Stopping your Amazon Echo from hearing your voice might sound little more than a minor irritation, but Li points out that this discovery could have other, more malicious applications. “What we did [with our initial work] was a denial-of-service attack, which means that we are exploiting the false negative of the Alexa model,” Li said. “We’re tricking it to believe that the positive is actually a negative. But there’s a reverse way of doing this we are still working on. We’re trying to get Alexa to generate a false positive. That means that, where there’s no Alexa wake word, we want to make it falsely wake up. That could be potentially more malicious.”

Attacking with frickin’ lasers

While the Carnegie Mellon researchers’ work focused on mysterious audio cues, a separate recent project took a different approach to seizing control of your smart speaker: Lasers. In work part-funded by the U.S. Defense Advanced Research Projects Agency (DARPA), researchers from Japan and the University of Michigan showed that they could hack smart speakers without saying a word (or singing a note), just so long as they had line of sight access to the device.

“The idea is that attackers can use a flickering laser to cause smart speakers and voice assistants to recognize speech commands,” Benjamin Cyr, a University of Michigan researcher, told Digital Trends. “A microphone usually works by picking up changes in air pressure due to sound. But we have discovered that if you change the intensity of the light of a laser beam in the same pattern as the changes in air pressure of sound, then you can shoot a microphone with the laser and it will respond as if it were ‘hearing’ the sound.”

Light Commands Demo #3 - Through a Window

To give an example of how this might work, an attacker could record a specific command such as, “Okay Google, turn off the lights.” By encoding that sound signal onto a laser signal and aiming it at a smart speaker, the device can be made to react as though someone had actually spoken the command. In tests, the researchers showed that they could hack a variety of A.I. assistants from up to 360 feet away, focusing the laser with a telephoto lens. While an attacker would still need to have a laser within proximity of their target smart speaker, the fact that they could carry out the hack from outside a home makes this a possible security risk.

“It depends on what you can activate or execute only using your voice, and which other devices are connected to your smart speaker,” said Sara Rampazzi of the University of Michigan. “If injecting voice commands to your speaker can allow an adversary to play music in your behalf, it is not a threat. On the other hand, in our work we demonstrate that in [cases where] a tech-savvy user connected the speaker to many systems, it is possible [to] unlock smart locks connected to a smart speaker, to start the engine of a car using an app that interfaces with your phone, or purchase things online without permission.”

Vulnerabilities to be patched

Any device will, of course, be subject to attacks. Malware that allows people to hack other users’ computers and smartphones exist, and can prove incredibly damaging in their own way. In other words, smart speakers aren’t alone. And if people weren’t willing to give up their speakers when they heard that companies listen in to a number of user recordings, they’re probably not going to do so because of two (admittedly concerning) research projects.

Voice-assisted technology isn’t going anywhere. In the years to come, it will only become more widespread — and, in turn, more useful. But by highlighting some of these unrobust security features, the researchers in these two projects have shown that there are still plenty of things users need to be aware of in terms of possible attacks. More notably, they are weaknesses that companies like Amazon and Google must work hard to patch.

“As we go forward with home automation and new ways of interacting with systems, we must think of such gaps and carefully address them,” said Daniel Genkin, one of the researchers on the A.I. assistant laser hack project. “Otherwise issues like this will keep on happening.”

Getting people to spill their secrets to a conversational A.I. requires a whole lot of trust. If the technology is ever going to live up to its massive potential, it’s crucial that users are given every reason to trust it. Clearly there’s still some way to go.

Editors' Recommendations

Luke Dormehl
I'm a UK-based tech writer covering Cool Tech at Digital Trends. I've also written for Fast Company, Wired, the Guardian…
Control this robot kit with your voice using Alexa or Google Assistant
ziro robot ai assistant voice img 0366

Who wouldn’t want their very own voice-controlled personal robot? Certainly not anyone that we would care to associate with or have on our Rolodexes, that's for sure! Thanks to the kids’ programmable robotics kit Ziro, however, such a childhood dream is now a reality, courtesy of manufacturer ZeroUI’s newly announced smart assistant integration.

We first covered Ziro in 2016 when it first launched on Indiegogo. The modular kit allowed users, predominantly younger folks learning about robotics, to build a range of robot creations, spanning everything from simple trikes to fearsome robot dragons. These were controlled via gestures, thanks to a smart sensor-equipped glove. Gestures could be mapped to different robot movements using a mobile app.

Read more
Amazon Echos given to people in need to reduce demands on caregivers
Amazon Echo Plus review aux plugged in

Whether it’s telling you whether or not you need to take a raincoat on a walk or controlling the lights in your apartment with a simple verbal command, there are plenty of ways that smart speakers such as Amazon Echo or Google Home make our lives a little bit easier. But can they fundamentally improve people’s lives? That’s the question posed by a trial currently taking place in the U.K., in which a small number of people with learning disabilities are given devices like the Echo to see whether they can help make their lives easier -- and save the care sector some money in the process.

The trial gave these devices to five people in Wales for a six-month period. The study will examine whether, during that time, they reduce the need to staff people’s homes 24/7, by carrying out caregiver jobs including offering reminders about taking medication, attending appointments, and carrying out some household tasks. The Amazon Echo devices being used in the study are linked to several electrical items in the home, including smart lighting, music players, kettles, and televisions.

Read more
IFTTT data reveals what people are doing with Google Home and Alexa

Voice assistants such as Amazon Alexa and Google Assistant are still a long way from being in every home, but sales and lowering price points are quickly changing that. IFTTT, a popular platform that connects multiple devices and services, has compiled data from over 1,500 platform users that shows how people are using their devices.

When it comes to devices, people tend to pick sides. Apple or Android, PC or Mac, and so forth. Currently, the two big competitors are Google Home or Amazon Echo. Based on the survey, 70 percent of users own an Echo, Dot, or Tap. There is some cross-pollination however as 8 percent of users own both brands. Of all these voice assistants, 70 percent were purchased within the last year.

Read more