• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Surveillance

Amazon Echo and Google Home Devices Vulnerable to BlueBorne Attack

November 15th, 2017 Waqas Security, Malware, Privacy, Surveillance, Technology News 0 comments
Amazon Echo and Google Home Devices Vulnerable to BlueBorne Attack
Share on FacebookShare on Twitter

In September 2017, the IT security researchers at Armis found eight zero-day vulnerabilities in Bluetooth protocol. Dubbed BlueBorne by researchers, these vulnerabilities affected millions of IoT and Windows, Linux, iOS and Android-based devices when their Bluetooth was enabled. Although Windows issued a quick patch for the vulnerability, Armis has now discovered that Amazon Echo and Google Home smart speakers are also vulnerable to BlueBorne attack.

Researchers warn that [PDF] if targeted device is unpatched, attackers can take over them to spread malware and establish a “man-in-the-middle” attack to gain access to critical data, personal information, traffic, and networks. The vulnerability is different and dangerous from others since it doesn’t require attackers to trick users into downloading malware or click on a link. Everything can be done remotely and without triggering a warning.

Furthermore, researchers found that Amazon Echo is vulnerable to CVE-2017-1000251 and CVE-2017-1000250 and Google Home is vulnerable to CVE-2017-0785. 

According to the survey, five million Google Home and more than 20 million Amazon Echo devices have been sold so far. That means millions of devices are currently vulnerable to BlueBorne attacks worldwide while they are being used by people at home and businesses respectively.

“Rising airborne threats such as BlueBorne and KRACK are a wakeup call to the enterprise that traditional security simply cannot defend against new attack vectors that are targeting IoT and connected devices in the corporate environment,” said Yevgeny Dibrov, CEO of Armis. “Every organization must gain visibility over sanctioned and unsanctioned IoT devices in their environments. If they don’t, they’ll be victimized by a breach that can lead to stolen identities for customers and employees, impact their bottom lines, and even cost top executives their jobs.”

Armis has also released an app called BlueBorne Vulnerability Scanner that will scan if your device is vulnerable to BlueBorne.

In an email conversation with HackRead, Google said that “Users do not need to take any action. We automatically patched Google Home several weeks ago, and neither Google nor Armis found evidence of this attack in the wild. As always, we appreciate researchers’ efforts to help keep all users safe.”

Amazon, on the other hand, said the company had released security patches today to protect Amazon Echo from BlueBorne attack. In a conversation with The Register, Amazon said that “Customer trust is important to us and we take security seriously. Customers do not need to take any action as their devices will be automatically updated with the security fixes.”

Both Amazon Echo and Google Home users are advised to download and install patches right now and secure their devices from BlueBorne attack. Also, disable your Bluetooth feature.

Previously, Amazon Echo 2015 and 2016 models were vulnerable to physical hack attack while Google Home was caught secretly recording user conversations however Google claimed it wasn’t intentional but due to a bug.

[fullsquaread][/fullsquaread]

  • Tags
  • Amazon Echo
  • BlueBorne
  • Bluetooth
  • Google Home
  • Infosec
  • internet
  • Malware
  • Privacy
  • security
  • Surveillance
Facebook Twitter LinkedIn Pinterest
Previous article 10-year-old kid uses his face to unlock mom's iPhone X with Face ID
Next article Woman scammed for $60,000 through fake Police website
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials

Hackers using malicious Firefox extension to phish Gmail credentials

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks
Microsoft

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials
Security

Hackers using malicious Firefox extension to phish Gmail credentials

Apple Glass may feature 3D Audio and Self-Cleaning in new patent
Technology News

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us