Если вам есть, что сказать сообществу профессионалов ИБ и ИТ – заведите здесь свой блог

Fooling Voice Assistants with Lasers

Аватар пользователя schneier
Автор: Шнайер Брюс,
(0)
()
Об авторе: 
Американский криптограф, доктор в области компьютерных наук и популярный автор книг по ИБ. Основатель криптографической компании Counterpane Internet Security. Ранее работал на Министерство обороны США.

Interesting:

Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible­ -- and sometimes invisible­ -- commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a variety of phones.

Shining a low-powered laser into these voice-activated systems allows attackers to inject commands of their choice from as far away as 360 feet (110m). Because voice-controlled systems often don't require users to authenticate themselves, the attack can frequently be carried out without the need of a password or PIN. Even when the systems require authentication for certain actions, it may be feasible to brute force the PIN, since many devices don't limit the number of guesses a user can make. Among other things, light-based commands can be sent from one building to another and penetrate glass when a vulnerable device is kept near a closed window.

Оцените материал:
Total votes: 0
 
Комментарии в Facebook
 

Вы сообщаете об ошибке в следующем тексте:
Нажмите кнопку «Сообщить об ошибке», чтобы отправить сообщение. Вы также можете добавить комментарий.