Amazon, Google inject Bluetooth vuln vaccines into Echo, Home AI pals

The BlueBorne ultimatum

Updated Amazon and Google have automatically patched people's Echo and Home AI assistant devices, respectively, to defend against recently discovered Bluetooth-related security vulnerabilities.

BlueBorne – described in the video below – is the collective name for eight exploitable flaws found in Bluetooth stacks used by major hardware vendors. The eight blunders affect an estimated 5.3 billion Android, iOS, Linux, and Windows devices, California-based IoT security biz Armis disclosed in September. Amazon Echo and Google Home were also vulnerable, but this info was held back pending the development of patches now pushed to endpoints.

By exploiting unpatched bugs in voice-driven personal assistant devices, hackers can take over the gizmos, spread malware, and establish a "man-in-the-middle" attack to siphon off data or hack other devices on the same home networks, the researchers warned. BlueBorne is potentially attractive to miscreants because vulnerable Bluetooth-enabled devices cane be hacked without having to fool users by clicking on malicious links, downloading a file, or interacting with them in any way – the holes can be attacked and gadgets compromised over the air, provided the attackers are physically in range.

A close up at atomic level of limpits' teeth. Image via Portsmouth University

Bluetooth bugs bedevil billions of devices


About 15 million Amazon Echoes and five million Google Home devices have been sold, according to September estimates from Consumer Intelligence Research Partners (CIRP). Smart devices and assistants are also making their way into some corporate environments.

"Rising airborne threats such as BlueBorne and KRACK are a wakeup call to the enterprise that traditional security simply cannot defend against new attack vectors that are targeting IoT and connected devices in the corporate environment," said Yevgeny Dibrov, chief exec of Armis. "Every organisation must gain visibility over sanctioned and unsanctioned IoT devices in their environments."

Armis has released a bespoke vulnerability scanning app on the Google Play Store that can be used to identify impacted devices.

Youtube Video

In a statement, Google told El Reg it automatically released patches to people's devices to address the BlueBorne vulnerabilities some weeks ago:

Users do not need to take any action. We automatically patched Google Home several weeks ago, and neither Google nor Armis found evidence of this attack in the wild. As always, we appreciate researchers' efforts to help keep all users safe.

A spokesperson for Amazon, which released updates today for the Echo, told The Register its gizmos will also be automatically patched: "Customer trust is important to us and we take security seriously. Customers do not need to take any action as their devices will be automatically updated with the security fixes."

In other words, by the time you read this, your AI chatty pal is already inoculated against BlueBorne. ?

Updated to add

A spokesperson for Google has been in touch to stress Homes have been updated in the field, and there is no need to manually update the gizmos.

Biting the hand that feeds IT ? 1998–2017

<acronym id="haujiCA"></acronym>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<acronym id="haujiCA"><small id="haujiCA"></small></acronym>
<acronym id="haujiCA"><small id="haujiCA"></small></acronym>
<acronym id="haujiCA"><optgroup id="haujiCA"></optgroup></acronym>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<acronym id="haujiCA"><optgroup id="haujiCA"></optgroup></acronym>
  • 397531913 2018-01-24
  • 792411912 2018-01-24
  • 235953911 2018-01-24
  • 51841910 2018-01-24
  • 439944909 2018-01-24
  • 593438908 2018-01-24
  • 378341907 2018-01-24
  • 947792906 2018-01-24
  • 188953905 2018-01-24
  • 6206904 2018-01-23
  • 722120903 2018-01-23
  • 3141902 2018-01-23
  • 352694901 2018-01-23
  • 219550900 2018-01-23
  • 49328899 2018-01-23
  • 839992898 2018-01-23
  • 887926897 2018-01-23
  • 468948896 2018-01-23
  • 491400895 2018-01-23
  • 643446894 2018-01-23