BlueBorne Cyber Threat Impacts Amazon Echo and Google Home
20 million Amazon Echo and Google Home individual accessory devices have been at risk of hacking attacks accepting a security blind-spot called BlueBorne, US-Israeli IoT cybersecurity firm Armis said Wednesday.
“By exploiting unpatched devices, hackers can take them over, spread malware, and establish a ‘man-in-the-middle’ attack to gain access to critical data, personal information, traffic, and networks,” Aramis said in a statement.
The firm announced it informed both Google and Amazon of the vulnerabilities before it began its budget, providing the US monsters to release security applications and updates are hackers got to know about the security flaws. Google has already released patches to its partners to address the BlueBorne vulnerabilities, Armis said. Both Amazon and Google have released security updates to the Echo and Home respectively. Updates are automatic and users do not have to do anything to get them, the statement said.
BlueBorne is one of eight vulnerabilities discovered in the Bluetooth protocol that affect billions of devices globally, using the short-range wireless communication technology.
“BlueBorne is exceptionally critical, as hackers etc perform airborne illnesses within any exposed Bluetooth-enabled device externally having to fool users by clicking on malicious links, downloading a file, or interacting with them in any way,” Armis said in the statement. During the first flow of BlueBorne vulnerabilities discovered by Armis in September, the firm announced that more than 5 billion devices were subject to attack.
There are some 15 million Amazon Echoes sold and 5 million Google Home devices sold, according to September report by market research firm Consumer Intelligence Research Partners (CIRP). Further surveys show that higher than 128 million Echoes will be introduced by 2020, Armis said in the statement. These devices are also making their way into businesses, with Armis data showing that 82 percent of its customers have the Amazon Echo in their offices.
“Burgeoning demand for digital personal assistants is expanding the avenues by which attackers can infiltrate consumers’ lives to steal personal information and commit fraud,” said Yevgeny Dibrov, CEO of Armis. “Consumers and businesses need to be aware how their devices are connecting via Bluetooth, and the networks they may be accessing, in order to take security precautions to protect their information.”
Armis implies privately maintained organization and headquartered in Palo Alto, California, with an office in Tel Aviv.
“Users do not need to take any action,” a Google spokesperson said by email. “We automatically covered Google Home several weeks ago, and neither Google nor Armis found evidence of this attack in the wild. As always, we appreciate researchers’ efforts to help keep all users safe.”
There was no immediate response from Amazon in Israel to an email requesting a comment.