lightcommands.com

What It Is

Light Commands is a MEMS microphone vulnerability study disclosed by researchers from universities in Japan and the United States. Its core finding is that microphones can generate electrical signals not only in response to sound, but also in response to direct light. By modulating the intensity of a laser, an attacker can cause voice assistants to believe they have received real voice commands, potentially affecting systems such as Google Assistant, Amazon Alexa, Apple Siri, and Facebook Portal.

Core Capabilities and Protection Scope

In terms of protection category, this is not a firewall, EDR, or vulnerability scanner. Rather, it is physical-layer/hardware security research focused on voice assistants, smart speakers, phones, tablets, and smart home devices. The main text shows the minimum laser power and attack distance for multiple devices, with the longest experimental distance reaching 110 meters; attacks can also be performed through glass windows. There is no productized deployment model, but the researchers provide mitigation suggestions for vendors: add additional authentication, ask random questions before executing commands, use multi-microphone sensor fusion, reduce the amount of light reaching the microphone diaphragm, and use non-transparent covers. Management and alerting capabilities are limited; the study only notes that users may observe reflected light beams, device voice responses, or changes in indicator lights.

Pricing and Integrations

The page does not provide commercial pricing, licensing, SaaS, or enterprise edition information. It only lists the cost of equipment used to reproduce the experiments, such as a laser pointer costing around a dozen dollars, a laser driver at $339, an amplifier at $27.99, and a telephoto lens at $199.95. Its integration capability is not API or platform integration; instead, it recommends that device manufacturers add sensor fusion and anomaly detection at the hardware and signal-processing layers.

Pros and Cons

The main advantage is the high level of research transparency: it includes the paper, equipment tables, attack distances, reproduction equipment, and mitigation recommendations, which can help IoT and voice assistant vendors with threat modeling. The downside is that it is not a ready-made security product: there is no console, alerting, SLA, compliance certification, or customer support. Reproducing the attack also requires laser safety knowledge, aiming, and focusing skills, making it difficult for ordinary organizations to put into practice directly.

Who It’s For and Access from China

It is suitable as a reference for security researchers, smart home manufacturers, voice assistant platforms, and hardware security teams when evaluating whether voice-controlled systems should add secondary authentication and physical protections. The main text does not specify access from China, payment methods, or local alternatives, so its access status is rated as unknown. In China, relevant alternative areas to watch include IoT security testing, smart home access control, voice assistant permission hardening, and hardware security assessment services.