CATEGORIES
home News

BlueBorne Exploit Could Have Exposed 20 Million Amazon Echo And Google Home Devices To Bluetooth Attacks

by Brandon HillWednesday, November 15, 2017, 02:11 PM EDT
echo 2
We first got a glimpse at the BlueBorne vulnerability back in September, when it was revealed that that Bluetooth-based attack vector was exploitable on phones, computers, and IoT devices -- basically, anything with a Bluetooth radio. BlueBorne was especially nasty since it is capable of man-in-the-middle attacks and remote code execution.

It was initially revealed that both Windows- and iOS-based devices had been updated to defend against BlueBorne, while Android device manufacturers should have already delivered updates to address the exploit. However, we're now learning about another category of devices that are susceptible to BlueBorne's nefarious deeds: digital AI assistants.

blueborne

According to cybersecurity firm Armis, both the Amazon Echo and Google Home could be exploited with existing BlueBorne vulnerabilities (there are eight in total). In the case of the Amazon Echo, those include CVE-2017-1000251 and CVE-2017-1000250. On the Google Home side of things, it is vulnerable to CVE-2017-0785.

There are roughly 15 million Amazon Echo and 5 million Google Home devices out in the wild according to Consumer Intelligence Research Partners (CIRP) and Armis says that BlueBorne represents the first "severe" over-the-air vulnerability that has infiltrated the Amazon Echo. It is especially troubling considering that once hackers are able to wrestle control from a Bluetooth-enabled device, its tentacles can then spread to other vulnerable devices on a connected network.

"Burgeoning demand for digital personal assistants is expanding the avenues by which attackers can infiltrate consumers' lives to steal personal information and commit fraud," said Armis CEO Yevgeny Dibrov. "Consumers and businesses need to be aware how their devices are connecting via Bluetooth, and the networks they may be accessing, in order to take security precautions to protect their information."

If there's any good news out of this latest BlueBorne case, it that Armis disclosed the vulnerabilities both to Amazon and Google ahead of time, giving them the opportunity to push updates out to devices. Since updates to Amazon Echo and Google Home devices are pushed automatically without user intervention, you should now be protected against BlueBorne.

However, there's no way to determine how many devices may have been affected between the time before BlueBorne was first publicly disclosed this summer and when the software patches were released.

Tags:  Bluetooth, IoT, amazon echo, google home, blueborne
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment