CanSecWest 2025 _newtype

Presentations

Hetian Shi Robert Yuen Hetian Shi Robert Yuen

Cross-Medium Injection: Exploiting Laser Signals to Manipulate Voice-Controlled IoT Devices

With the increasing adoption of voice-controlled devices in various smart technologies, their interactive functionality has made them a key feature in modern consumer electronics. However, the security of these devices has become a growing concern as attack methods evolve beyond traditional network-based threats to more sophisticated physical-layer attacks, such as Dolphin Attack and SurfingAttack, which exploit physical mediums to compromise the devices. This work introduces Laser Commands for Microphone Arrays (LCMA), a novel cross-medium attack that targets multi-microphone VC systems. LCMA utilizes Pulse Width Modulation (PWM) to inject light signals into multiple microphones, exploiting the underlying vulnerabilities in microphone structures that are designed for sound reception. These microphones can be triggered by light signals, producing the same effect as sound, which makes the attack harder to defend against. The cross-medium nature of the attack—where light is used instead of sound—further complicates detection, as light is silent, difficult to perceive, and can penetrate transparent media. This attack is scalable, cost-effective, and can be deployed remotely, posing significant risks to modern voice-controlled systems. The presentation will demonstrate LCMA’s capabilities and emphasize the urgent need for advanced countermeasures to protect against emerging cross-medium threats.

Read More