ClassX Video Lessons Youtube Channel SmarterEveryDay Breaking Into a Smart Home With A Laser – Smarter Every Day 229
Welcome to an intriguing exploration of smart home technology vulnerabilities. This article is inspired by a video from the “Smarter Every Day” series, where Destin Sandlin collaborates with a researcher named Ben from the University of Michigan. Together, they delve into the fascinating world of smart home devices and uncover a surprising security flaw.
Destin starts by purchasing various smart home products, including a smart lock, thermostat, and light bulb, from a store. The goal is to demonstrate a vulnerability that allows these devices to be controlled remotely using lasers. Ben, who has been researching this topic, explains that many smart devices can be manipulated in ways most people are unaware of.
Smart home devices often rely on voice commands to function. These commands are picked up by microphones, specifically MEMS (Micro-Electro-Mechanical Systems) microphones, which convert sound waves into electrical signals. Ben’s research shows that these microphones can also be triggered by light, such as a laser beam, instead of sound.
By directing a laser at the microphone, the light causes the microphone’s diaphragm to vibrate, mimicking the effect of sound waves. This can trick the device into executing a command as if it were spoken. The experiment uses a 450-nanometer blue laser, but other wavelengths, including infrared, can also be effective.
In the experiment, Ben and Destin successfully use a laser to control various devices. For instance, they manage to adjust a thermostat and change the color of a smart light bulb. They even attempt to unlock a smart lock through a window, demonstrating the potential risk of this vulnerability.
This experiment highlights a significant security concern for smart home devices. While the ability to control devices remotely is convenient, it also poses risks if not properly secured. To protect against such vulnerabilities, it’s advisable to keep devices out of direct line of sight from windows or other accessible areas.
The findings from this experiment underscore the importance of being aware of potential security flaws in smart home technology. As consumers, it’s crucial to configure devices with security in mind, such as setting limits on incorrect pin attempts and ensuring devices are not easily accessible to external manipulation.
If you’re interested in learning more about this topic, consider watching the full video on the “Smarter Every Day” channel. Additionally, supporting creators like Destin on platforms like Patreon can help fund further educational content.
Thank you for exploring this fascinating intersection of technology and security. Stay informed and protect your smart home devices!
Recreate the laser experiment in a controlled environment. Use a safe laser pointer and a microphone to demonstrate how light can mimic sound. Document your findings and discuss the implications with your peers.
Conduct research on other potential vulnerabilities in smart home devices. Prepare a presentation to share your findings with the class, highlighting both the risks and possible security measures.
Perform a security audit of a smart home setup. Identify potential vulnerabilities and propose solutions to enhance security. Present your audit report to the class.
Participate in a debate on the pros and cons of smart home technology. Discuss whether the convenience outweighs the security risks, and propose ways to mitigate these risks.
Work in groups to design a smart home device with enhanced security features. Present your design, explaining how it addresses the vulnerabilities discussed in the article.
Sure! Here’s a sanitized version of the transcript, removing any sensitive information and ensuring a more neutral tone:
—
(Smart Lock Opening)(Smart Lock Dings) – [Destin] It just worked. – [Ben] Yep. – Alexa, Okay Google, Hey Siri, set a reminder to subscribe to Smarter Every Day. You have a microphone listening to you in the room right now; what I just did probably worked for a small percentage of you. That is concerning. Another concerning aspect is that there are ways to send signals to phones and microphones that you might not be aware of. I read an academic paper that initially seemed unbelievable, but it turns out it is real. So, while there’s no need to panic, we should be mindful of how we set up our devices. This video is about inviting a researcher from the team that wrote the paper to my house to perform a test, so I can demonstrate that this really does happen and inform you on how to configure your devices. I hope this video earns your subscription and possibly even your support on Patreon. Let’s get smarter every day.
Hey, it’s me Destin, welcome back to Smarter Every Day. I didn’t plan this out very well, so I’m at Best Buy on Black Friday. We’re going to buy some smart home products because there is a vulnerability in many of them that most people don’t know about. Let’s meet Ben, who has been researching this; he should be in the smart home product aisle. You’re Ben, right? – Yes, I am. – [Destin] Nice to meet you! – Nice to meet you too. – Ben works at the University of Michigan and has been studying how to exploit smart home products using lasers. This is new data. – [Ben] We made it public about a month ago. – We’re going to buy some products, right? – Yep. – Some that we can control with Amazon Alexa and Google Home. – And maybe Siri, if you want to try your phone. – Sure, let’s see what we can find.
After a few minutes of deciding what products to buy, it became clear that Ben had specific knowledge about the vulnerabilities associated with each device. – There are some software issues with how August handles this, which makes it more vulnerable. You can still get a signal into it, but the range is significantly reduced due to interference from fabric. – [Destin] So we have a garage door, a door lock, a thermostat, and now we’re getting a light bulb. There you go. – Thanks. (Destin giggles) I think we should have gotten a cart.
There’s a lot of advertising trying to convince you to install smart home products. There’s no sponsor for this video, but I want to thank everyone who supports me on Patreon. You allow me to make videos like this without sponsor dollars. Thank you to the patrons for enabling me to purchase these products and unbox them.
In a smart home, you have two types of devices: those designed to be controlled, like lights, thermostats, power outlets, and door locks. All of these can be controlled by voice, bypassing password requirements. The question is, can someone input a voice command from a distance and control things in the house without permission? We only had a few hours for this demonstration, so I started setting everything up in the house, which felt a bit like inviting surveillance into my home. Ben began setting up his laser, which was surprisingly low-tech. At one point, he quickly fixed an issue with a soldering iron. He’s going to use a 450 nanometer blue laser for this experiment, but this technique works with several wavelengths, including red, green, or even infrared, which humans can’t see.
Hey Google, we’re about to use a laser on you. – [Google] I’m sorry, I don’t understand. – (chuckles) You will. Let me show you what we’re about to do. If you look closely at these devices, you’ll see small holes. Behind those holes are special microphones known as MEMS microphones. I’ve asked Ben to send me samples of these microphones from different manufacturers. We’re going to use a 3D-printed adapter for the camera to examine these microphones and see how they’re designed.
Let’s start by looking at one manufactured by CUI. As we zoom in, you can see it resembles a gold bar because of its housing. Once we take that off, we can see the tiny diaphragm that vibrates due to sound. It functions like a capacitor, and when it flexes from sound waves, the capacitance changes, which can be detected by the attached circuit. This part is relatively inexpensive, costing about $0.45 depending on the quantity purchased.
Next, let’s look at a microphone manufactured by PUI. This design uses a piezoelectric element instead of a capacitive diaphragm. It’s fascinating to see the complexity of the design. The next one, by Vesper, is also piezoelectric but has a different shape. The last one I want to show you is another design with two diaphragms, which is interesting to observe.
Ben is going to stimulate these microphones with a laser beam instead of acoustic energy, which will somehow provide a command to the device. To understand how light can input sound into a device, we discussed potential mechanisms. Some manufacturers believe it could be a photoelectric effect, while others suggest thermal effects on the microphone’s membrane might cause vibrations.
We finally have all the devices set up, and Ben is ready with the laser. We’re monitoring the devices with cameras. Let’s begin the experiment. Ben will record a command to send via the laser. – Okay Google, set the thermostat to 70. – [Google] Okay, setting entryway to 70 degrees. – It worked! Now, let’s try the Amazon Echo Dot. – [Ben] We’re going to set the light above it to turn green. – [Alexa] Okay. – It turned blue instead of green, but it did respond.
Now we’ll attempt to control an iPhone. With iPhones, there are specific voice recognition settings that make it more secure. We spent some time trying to align the laser to the iPhone, but due to time constraints, we decided to stop for now.
Next, we moved outside to test the August lock through a window. The lock requires a pin code to unlock. We set up two incorrect pin codes and one correct one to see if we could unlock it. – [Google] Can I have your security code to unlock the garage? – [Ben] Bringing up August lock. – [Google] Sorry, it looks like the security code is incorrect. – [Destin] We have no feedback on what it’s saying. – [Google] Sure, requesting to unlock the garage. (Smart lock opens) – It worked!
This demonstrates that light can influence MEMS microphones. The best way to defend against this vulnerability is to keep devices out of direct line of sight. We controlled a device through a window with a laser, and it’s also possible with an infrared laser.
I encourage everyone to share this video. While the ability to unlock doors remotely can be beneficial, there should be limits on the number of pin attempts allowed. This video isn’t about criticizing any specific company but rather understanding that designs can have unintended vulnerabilities. As consumers, we must think about our security and configure our systems to protect ourselves and our families.
Please consider subscribing to this channel if you enjoy this type of content. If you find value in it, supporting me on Patreon helps me create more of this kind of content. Thank you for your time, and a special thanks to Ben Cyr for his contributions to this project. If anyone wants to read the paper, it’s available at LightCommand.com.
Thank you so much for your time.
—
This version maintains the essence of the original transcript while ensuring a more neutral and sanitized presentation.
Smart – Referring to technology that is able to perform tasks or make decisions based on data input, often using artificial intelligence. – The smart thermostat adjusts the temperature based on the time of day and occupancy patterns.
Home – In computing, refers to the primary directory or location where a user’s files and settings are stored on a computer system. – The home directory contains all the configuration files necessary for the user’s environment.
Devices – Electronic tools or machines designed to perform specific tasks, often connected to a network or other systems. – The lab is equipped with various devices to measure electrical resistance and voltage.
Laser – A device that emits light through a process of optical amplification based on the stimulated emission of electromagnetic radiation. – The laser was used to precisely cut the material without causing any thermal damage to the surrounding area.
Microphone – A device that converts sound into an electrical signal, often used in experiments to capture audio data. – The microphone was calibrated to ensure accurate sound level measurements during the acoustic experiment.
Vulnerability – A weakness in a computer system or network that can be exploited to gain unauthorized access or cause harm. – The software update addressed a critical vulnerability that could have allowed attackers to bypass security protocols.
Security – Measures and protocols implemented to protect computer systems and data from unauthorized access or attacks. – The university’s network security team regularly updates firewalls to protect against new threats.
Experiment – A scientific procedure undertaken to test a hypothesis, often involving controlled conditions and variables. – The physics experiment demonstrated the principles of quantum entanglement using photon pairs.
Technology – The application of scientific knowledge for practical purposes, especially in industry and research. – Advances in nanotechnology have led to the development of more efficient solar cells.
Control – A standard of comparison for checking or verifying the results of an experiment, often a group or condition that remains constant. – The control group in the experiment was not exposed to the magnetic field, allowing researchers to isolate its effects.
