Top business news
Commuters arrive from Metro North Railroad trains in Grand Central Station in New York October 19, 2016.
Now playing
US economic growth in 2021 was the strongest since 1984
Now playing
Get an exclusive look at how Bud Light's zero-carb beer is brewed
A man walks past Winter Olympics and Paralympics branding at the Main Press Centre on January 26 in Beijing, China.
Now playing
Olympic sponsors caught in the middle of diplomatic boycotts ​against China
WASHINGTON, DC - NOVEMBER 30:  Federal Reserve Board Chairman Jerome Powell testifies during a hearing before Senate Banking, Housing and Urban Affairs Committee on Capitol Hill November 30, 2021 in Washington, DC. The committee held a hearing on "CARES (Coronavirus Aid, Relief, and Economic Security) Act Oversight of Treasury and the Federal Reserve: Building a Resilient Economy." (Photo by Alex Wong/Getty Images)
Now playing
The Fed signals rate hike coming 'soon'
Apple CEO Tim Cook during a visit to an Apple Store at The Grove Friday, Nov. 19, 2021, in Los Angeles.
Now playing
Apple CEO Tim Cook allegedly threatened, stalked
The 1949 Buick Roadmaster from the movie Rain Man is up for auction.
Now playing
See the 'Rain Man' Buick Roadmaster up for auction
Now playing
EU considers economic warfare against Russia
Now playing
A brief look back at Peloton's bumpy ride
A sign identifies the Internal Revenue Service (IRS) building in Washington, D.C., U.S., on Monday, April 16, 2012. The deadline for individuals to file their 2011 tax returns is April 17. Photographer: Andrew Harrer/Bloomberg via Getty Images
Now playing
Expect another frustrating tax season. Here's why
Now playing
Rising mortgage rates pressure buyers to move quickly
Now playing
Watch self propelled electric camping trailer you can park remotely
Amazon Style will open a store later this year at The Americana at Brand shopping destination, in greater Los Angeles.
Now playing
Watch self-propelled electric RV you can park remotely
People walk by a Help Wanted sign in the Queens borough of New York City on June 04, 2021 in New York City.
Now playing
Where are all the workers? Here are four reasons behind the labor shortage
Now playing
'It's insane': Gas station owner reveals what inflation is doing to his business
Now playing
Experts share 3 tips every first-time homebuyer should know
San Francisco CNN Business —  

Usually you have to talk to voice assistants to get them to do what you want. But a group of researchers determined they can also command them by shining a laser at smart speakers and other gadgets that house virtual helpers such as Amazon’s Alexa, Apple’s Siri and Google’s Assistant.

Researchers at the University of Michigan and Japan’s University of Electro-Communications figured out they could do this silently and from hundreds of feet away, as long as they had a line of sight to the smart gadget. The finding could enable anyone (with motivation and a few hundred dollars’ worth of electronics) to attack a smart speaker from outside your house, making it do anything from playing music to opening a smart garage door to buying you stuff on Amazon.

A Google Home smart speaker photographed on a kitchen counter, taken on January 9, 2019. (Photo by Olly Curtis/Future via Getty Images)

In a new paper, the researchers explained that they were able to shine a light that had a command encoded in it (such as “OK Google, open the garage door”) at a microphone built into a smart speaker. The sounds of each command were encoded in the intensity of a light beam, Daniel Genkin, a paper coauthor and assistant professor at the University of Michigan, told CNN Business on Monday. The light would hit the diaphragm built into the smart speaker’s microphone, causing it to vibrate in the same way as if someone had spoken that command.

The researchers exploited the vulnerability in tests to do things like trigger a smart garage door opener and ask what time it is.

A list of devices that the researchers tested and said are vulnerable to such light commands includes Google Home, Google Nest Cam IQ, multiple Amazon Echo, Echo Dot, and Echo Show devices, Facebook’s Portal Mini, the iPhone XR, and the sixth-generation iPad. Smart speakers typically don’t come with any user authentication features turned on by default; the Apple devices are among a few exceptions that required the researchers to come up with a way to work around this privacy setting.

The findings could concern consumers, as well as the companies that offer voice assistants. Over the past five years, the market for assistant-using smart speakers — Amazon’s Alexa and its Echo smart speakers in particular — has ballooned. According to data from tech market researcher Canalys, companies shipped 26.1 million smart speakers in the second quarter. Amazon is sitting on top of this market: Canalys reports Amazon shipped a quarter of these speakers, or an estimated 6.6 million between April and June.

The cost for anyone to do likewise could be less than $400: On a website related to the work, researchers outline the equipment needed, which includes an under-$20 laser pointer, a $339 laser driver, and a $28 sound amplifier.

“If you have a laser that can shine through windows and across long distances — without even alerting anyone in the house that you’re hitting the smart speaker — there’s a big threat in being able to do things a smart speaker can do without permission of the owner,” said Benjamin Cyr, a graduate student at the University of Michigan and a paper coauthor.

Researchers said the Google Home device and first-generation Echo Plus could be commanded over the longest distance: 110 meters (about 361 feet). The researchers said that distance was the longest area they could use (a hallway) when conducting tests.

The researchers noted that they haven’t seen this security issue being taken advantage of. One way to avoid any potential issues, though, is to make sure your smart speaker can’t be seen by anyone outside your home.

Researchers said the weakness can’t truly be fixed without redesigning the microphones, known as MEMS microphones, that are built into these devices, however, which would be a lot more complicated. Takeshi Sugawara, a visiting scholar at the University of Michigan and the paper’s lead author, said one way to do this would be to create an obstacle that would block a straight line of sight to the microphone’s diaphragm.

Gekin said he contacted Google, Apple, Amazon and other companies to address the security issue.

Spokespeople for Google and Amazon said their companies are reviewing the research. Apple declined to comment.