Home Home Automation Smart Speakers vs Lasers & voice injection hacking

Smart Speakers vs Lasers & voice injection hacking

Protect your home from "lasers"

Last night, I watched a video made by Dustin from “SmarterEveryDay” about using lasers to trigger your smart speakers (Alexa, Google and Siri enabled gadgets). I read about this concept before, but this was the first time I have seen it in action.

Attacked by lasers

The laser hacking is a physical attack where the attacker is stimulating a microphone membrane with laser light. The light stimulates the membrane in the same way as the sound waves would, creating an illusion that the command is being issued by the device owner, not a hacker standing outside of the window.

Unless you are willing to brick-up your windows or keep your blinds closed all the time (you could use automated curtains like these ones from Zemismart), there is very little you can do to protect yourself from laser hacking attempt (attempt, not a successful attempt!). The best action is to limit what the attacker can do. Most of the consumer smart home system figured out how to protect voice actions from voice spoofing. While it’s possible to turn the lights on or turn off the heating, you are very unlikely to open a smart lock without providing a pin or unlocking your phone first.

How to combat lasers

I checked my smart speakers and not a single one would be a subject to a laser hack from outside due to their placement. It’s fair to say that the risk of an attack like this small, but not impossible. Dustin suggested that placing devices out of view, and checking with products require additional security steps would be the best way to protect yourself from such attacks.

The whole experiment got me thinking what else could be done to protect yourself not only from laser hacking but voice spoofing in general, especially if you are running a DIY automation server.

3D Printing

The success of the laser hacking depends on how accurately laser can be pointed at the microphone. We can increase the difficulty of an attack like this by printing 3D accessories that will obstruct the direct view of the microphone.

Amazon Echo stand by ftwo on Thingiverse

These 3D designs could range between sophisticated stands and hats that cover up the microphone holes and small and simple stand-offs that would block the access to the microphone hole.

I will point a couple of disadvantages of this approach too. Since the 3D printed part will cover the microphone hole, it may decrease the accuracy of voice interpretation. This method will be also useless against the sound injection attacks as these don’t rely on a direct line of sight to the microphone.

Security: Consumer vs DIY

You don’t have to tie yourself down to a specific security standard if you plan your home automation smart. Most of my readers are probably using HASS or NodeRED already, but if you rely on consumer systems, you are limited to what the manufacturer provides you with.

Standard Home Automation (top) flow vs DIY (bottom)

Voice spoofing and laser hacking work on the premise that the action will be executed without the safety check and for most of the devices that hold true (lights, thermostats, smart plugs). You can, however, introduce an additional level of security for these devices too.

The strength of the DIY security is probably the same as its greatest weakness. You are in charge of solutions for the security of your home automation setup. This means that at the positive side, you will create a unique ecosystem resistant to attacks, that work with consumer solutions, but at the negative side, implementation of the security on your own can expose other vulnerabilities.

Play it to your strength and do it smartly.

2FA

A couple of weeks ago, I came up with a way to trigger a two-factor authentication on your mobile for any action taken by NodeRED server. In a laser hacking scenario, you would get a notification if the action is performed. You can set a default “decline” behaviour and authorise each action independently.

2FA prompt on Android phone

This extra security step would require you to have your mobile phone with you, but you can add the 2FA to any action on your server (from toggling bulbs, turning on devices, to unlocking doors and garages).

Lock your smart home

Outsourcing smart control to a NodeRED server means you can implement an extra level of security as needed. In this example, I will show you how to secure your smart devices against laser hacking and audio injections. The breach will still take place, but the system won’t be compromised as a result of it.

How does it work

Outsourced devices have to go through the NodeRED server before an action can be taken. Thanks to Alexa and Google Assistant integrations in NodeRED, I can intercept the voice command and run it against the extra security steps triggering 2FA or in this case, checking if the system is in a “holiday” mode.

Thanks to IFTT I can disable and enable the lock by creating custom commands to interact with Google Assistant and Alexa (It’s a shame you cannot provide Alexa IFTTT with a number ingredient). While enabling the lock is pretty easy, to cancel it, I want to add a password for added security.

Saying “Alexa/OK Google enable holiday mode” will set the NodeRED system in a shutdown mode where each voice command will be acknowledged but not passed over for execution.

Drop-in a Holiday Mode node

I can use a global variable in NodeRED to store the state of the holiday mode and use it in all my flows. Just remember to preserve the variables so the data would survive a server reboot.

As you can see, I can stop the execution just at the voice command entry, making this compatible with many other systems and skills.

Password Protection

Dustin also mentioned no limits to how many times the pin can be entered to unlock a specific request. This is something I have fixed as well. In my flow, you can specify the number of failed attempts and how often this would reset.

FUNCTION NODE: Pass Check
var count;
var attempts = 5; //flow.get("attmepts");
var pass = msg.payload;
var currentpass = msg.pass;

count = flow.get("count");

var x = isNaN(count);

if(x === true){
    flow.set("count", 0);
}

if(count < attempts){
    if(currentpass === pass){
        global.set("holiday", false);
        flow.set("count", 0);
        msg.payload = "Holiday Mode disabled";
        return [msg, null];
        
    }
    if(currentpass !== pass){
        count = count + 1;
        flow.set("count", count);
        msg.payload = "Wrong password try again you have " + (attempts - count+1) + " left";
        return [msg, null];
        
    }
}

if(count => attempts){
    msg.payload = "Wrong password entered too many times";
    return [null, msg];
}

return msg;

The password is stored in a hashed form in a flow variable. If the password for matches the holiday mode is deactivated and voice commands will work as normal.

Since you can submit a number with your voice command through IFTTT and Google Assistant, you can simply unlock your home with a command: OK Google, holiday mode disabled, pin #1234. With Alexa, you will have to use another way unless you are willing to hardcode the pin into IFTTT phrase (not the best idea).

Passwords are submitted via HTTP POST and I would strongly advise you to read my 5 min security guide to NodeRED to make sure your server lives up to some security standards.

Conclusion

Having a “holiday” mode can increase the security of your smart home system. Yes, you could run around muting each smart speaker every time you want to enable the “holiday” mode too but there is a fine balance between home automation being safe and easy to use. Adding 2FA to lights may seem like an odd idea, but having the prompt available when the garage door is open or disabling the system altogether when you are not going to use it, seem smart! This solution isn’t a fix for every scenario, but it can definitely make it harder to hack your smart system. If you have any questions about the article, let me know in this Reddit thread.

Project Download

Download project files here. Bear in mind that Patreon supporters have early access to project files and videos.

PayPal

Nothing says "Thank you" better than keeping my coffee jar topped up!

Patreon

Support me on Patreon and get an early access to tutorial files and videos.

image/svg+xml

Bitcoin (BTC)

Use this QR to keep me caffeinated in style with crypto-currency

Smart Ideas with

Automate your space in with these ecosystems and integrate it with other automation services

Learn NodeRED

NodeRED for beginners: 1. Why do you need a NodeRED server?

0
To server or not to server? That's a very silly question!

Best Automation Projects

ESP8266 WIFI lights under $5

0
Your Sonoff device can't do this!

Free wireless doorbell (Amazon Dash button hack)

0
The most terrifying situation I can imagine* is missing a parcel

New Amazon Dash Buttons

0
You can teach new buttons old tricks!

ESP8266 ceiling light – demo

0
Testing the ESP8266 as a WIFI light controller

Try Tasker and Raspberry Pi for your home automation needs!

0
Raspberry Pi can help you with your Tasker profiles

Smart Home

Zemismart Zigbee switch

0
Zemismart Zigbee switch to control the light and your wall switch!

IFTTT Pro Alternative: Alexa ed.

0
Bypass IFTTT Pro restrictions for Alexa voice actions with this IFTTT Pro Alternative

The answer to almost all Echo needs: Alexa-remote2

0
Alexaremote2 is a Swiss army knife for Amazon Echo devices. Connect, control and listen to all Alexa enabled gadget at home.

This ESP32 is on FIRE! – M5Stack Core

0
This ESP kit is on fire! M5Stack Core merges IoT platform and learning in a very polished stackable module.

From KettleBot to ANY-Bot – SwitchBot

0
Switching anything on and of with SwitchBot -an insanely cute robot that does all the finger pressing for you