Once again, Armis notified the companies in question long enough for them to patch out the vulnerabilities, so updated devices should be safe. (Echo owners can verify for themselves by making sure their devices are using version v591448720 or newer.) But the firm noted in its release that each of the 15 million Amazon Echoes and 5 million Google Homes sold were potentially at risk from BlueBorne.
The former used Linux code that could have been targeted by a remote code execution vulnerability in the Linux kernal, while the latter had an information leak vulnerability in Android’s Bluetooth stack. That means Amazon Echoes could have been taken over and Google Homes shut down via denial-of-service. Below, Armis simulated how an Echo would be taken over.