Light Commands exploit


#1

Hi All,

Just wondering whether this possible exploit had hit the radar at Mycroft yet - https://lightcommands.com/.

Paper:- https://lightcommands.com/20191104-Light-Commands.pdf

Cheers,
Brian


#2

Hadn’t seen this, thanks for posting it :slight_smile:

Here’s another general link for anyone else interested.

We have talked about various authentication mechanisms that would mitigate this type of attack to a degree. Speaker identification would certainly make it harder in that the attackers need to craft the data transmitted to imitate a specific individual. Or pairing a hardware device that you keep with you like your phone could also be used to restrict voice commands to when that device is in range.