Google Home and Amazon Echo hit by big bad Bluetooth flaws review
Google and Amazon have rolled out patches for their respective smart house speakers, Home and Echo, to plug in the widespread Bluetooth flaws known as BlueBorne.
BlueBorne, a pair of eight Bluetooth flaws, was already known to affect billions of phones and computers running iOS, Android, Windows, and Linux. The flaws were discovered by security vendor Armis, which now warns the flaws in House and Echo could be utilized as an entry point to attacking other apparatus with malware.
An attacker would need to maintain Bluetooth range but can use the flaws to attack any device with Bluetooth permitted without pairing it.
According to Armis, Amazon has given an update to approximately 15 million Echo devices and Google has patched five million Google Home apparatus.
BlueBorne had a more severe effect on Echo than it did on Home. The Echo was vulnerable to a remote code execution vulnerability in its own Linux kernel, and an information leakage defect in its own SDP Server.
Google Home was changed by an information leakage flaw in Android’s Bluetooth stack. An attacker could use the flaws to own an Echo, and prevent Home’s Bluetooth communications from working.
Armis says a poll it conducted found that 82 percent of businesses had an Echo in their corporate environment. It warns that these devices could function as a beachhead into the corporate community.
Although Armis didn’t mention that Echo and Home were changed in its initial disclosure, the business said all Bluetooth devices, including IoT products, may be affected depending how their producers implemented Bluetooth.
The Bluetooth SIG quotes 8.2 billion devices have Bluetooth integrated, spanning vehicles, medical devices, wearables, and Bluetooth beacons used in retail.
Some cases of Linux IoT apparatus that Armis has confirmed are affected by BlueBorne comprise Samsung’s Tizen-based Gear S3 view, Samsung Smart TVs, and Samsung Family Hub smart refrigerator.
Worryingly, Armis informed Samsung on three occasions ahead of its September disclosure, but claims never to have received a response from the company. Google, Microsoft, and Linux have addressed the issue. Only pre-iOS 10 Apple products were changed.
One characteristic of Home and Echo which make BlueBorne potentially more harmful is that there’s no way to turn off Bluetooth.
Amazon Echo devices on a version newer than v591448720 have received the patch. Details about the current firmware versions for your Home and Home Mini are available on Google’s Home support page.