these devices will also accept “signal injection” commands sent to them using pulses of laser light over distances of a hundred metres or more.

Hitherto, hacking such systems has been about sending them audible commands without their owner’s knowledge. Now the research confirms that it’s possible to achieve the same result over considerable distances in ways that might allow attackers to unlock “smartlock-protected front doors, open garage doors, shop on e-commerce websites at the target’s expense, or even locate, unlock and start various vehicles” that are connected to the victim’s Google account.

…Currently, the stock microphones that receive voice commands perform no authentication beyond checking wake phrases such as “OK Google” are in the owner’s voice and even this can be spoofed using voice synthesis.

The authentication problem could be mitigated in different ways – for example, by requiring that more than one microphone detect the same command simultaneously, something a laser attack would find difficult to overcome.

Smartphone and speaker voice assistants can be hacked using lasers – Naked Security

hmmmm