Amazon Echo and Google Home were vulnerable to Bluetooth exploit

Don’t worry, these vulnerabilities have already been patched out. Back in September, Bluetooth-connected device owners got a little scare when security firm Armis disclosed a new hack exploit known as BlueBorne. In theory, bad actors could target smartphones, tablets and such using specific vectors in Bluetooth connectivity. Armis had informed Apple, Microsoft and Google months before and they patched up the vulnerabilities ahead of the news release. But today the firm disclosed that it wasn’t just handheld devices that might have been affected — Amazon’s Echo and Google Home were vulnerable, too.

Once again, Armis notified the companies in question long enough for them to patch out the vulnerabilities, so updated devices should be safe. (Echo owners can verify for themselves by making sure their devices are using version v591448720 or newer.) But the firm noted in its release that each of the 15 million Amazon Echoes and 5 million Google Homes sold were potentially at risk from BlueBorne.

The former used Linux code that could have been targeted by a remote code execution vulnerability in the Linux kernal, while the latter had an information leak vulnerability in Android’s Bluetooth stack. That means Amazon Echoes could have been taken over and Google Homes shut down via denial-of-service. Below, Armis simulated how an Echo would be taken over.

Just like the other BlueBorne vulnerabilities, users wouldn’t have known if their Echoes or Homes had been affected. But those devices posed additional risk given that they’re constantly listening to Bluetooth communications and, thanks to their limited UI, there’s no way to turn it off.

Source:https://www.engadget.com/2017/11/15/amazon-echo-and-google-home-were-vulnerable-to-bluetooth-exploit/

Alisa Esage G

Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.

Amazon Echo and Google Home were vulnerable to Bluetooth exploit

The 11 Essential Falco Cloud Security Rules for Securing Containerized Applications at No Cost

Hack-Proof Your Cloud: The Step-by-Step Continuous Threat Exposure Management CTEM Strategy for AWS & AZURE

Web-Based PLC Malware: A New Technique to Hack Industrial Control Systems

The API Security Checklist: 10 strategies to keep API integrations secure

11 ways of hacking into ChatGpt like Generative AI systems

How to send spoof emails from domains that have SPF and DKIM protections?

Silent Email Attack CVE-2023-35628 : How to Hack Without an Email Click in Outlook

How to Bypass EDRs, AV with Ease using 8 New Process Injection Attacks

TunnelCrack: Two serious vulnerabilities in VPNs discovered, had been dormant since 1996

How to easily hack TP-Link Archer AX21 Wi-Fi router

US Govt wants new label on secure IoT devices or wants to discourage use of Chinese IoT gadgets

24,649,096,027 (24.65 billion) account usernames and passwords have been leaked by cyber criminals till now in 2022

How Chinese APT hackers stole Lockheed Martin F-35 fighter plane to develop its own J-20 stealth fighter aircraft [VIDEO]

Hacking with MagicDots: Exploiting Dots & Spaces in Filenames/Pathnames for Permanent Admin Rights

Compromising Cryptographic Key Security Through PuTTY: A Deep Dive into CVE-2024-31497

How to hack a LG Smart TV via vulnerabilities in LG WebOS?

How to Check if a Linux Distribution is Compromised by the XZ Utils Backdoor in 6 Steps

CVE-2023-5528: Kubernetes Flaw Jeopardizing Windows Node That Can’t Be Ignored

The 11 Essential Falco Cloud Security Rules for Securing Containerized Applications at No Cost

Hack-Proof Your Cloud: The Step-by-Step Continuous Threat Exposure Management CTEM Strategy for AWS & AZURE

Web-Based PLC Malware: A New Technique to Hack Industrial Control Systems

The API Security Checklist: 10 strategies to keep API integrations secure

11 ways of hacking into ChatGpt like Generative AI systems

How to send spoof emails from domains that have SPF and DKIM protections?

Silent Email Attack CVE-2023-35628 : How to Hack Without an Email Click in Outlook

How to Bypass EDRs, AV with Ease using 8 New Process Injection Attacks

Is Your etcd an Open Door for Cyber Attacks? How to Secure Your Kubernetes Clusters & Nodes

CVSS 4.0 Explained: From Complexity to Clarity in Vulnerability Assessment

Major Python Infrastructure Breach – Over 170K Users Compromised. How Safe Is Your Code?

How to exploit Windows Defender Antivirus to infect a device with malware

Inside the Scam: How Ransomware Gangs Fool You with Data Deletion Lies!

How to Bypass EDRs, AV with Ease using 8 New Process Injection Attacks

How hrserver.dll stealthy webshell can mimic Google’s Web Traffic to hide and compromise networks

Cyber Security Channel

US Govt wants new label on secure IoT devices or wants to discourage use of Chinese IoT gadgets

24,649,096,027 (24.65 billion) account usernames and passwords have been leaked by cyber criminals till now in 2022

How Chinese APT hackers stole Lockheed Martin F-35 fighter plane to develop its own J-20 stealth fighter aircraft [VIDEO]