Latest in Gear

Image credit:

Amazon Echo and Google Home were vulnerable to Bluetooth exploit

Don’t worry, these vulnerabilities have already been patched out.
David Lumb, @OutOnALumb
November 15, 2017
Share
Tweet
Share

Sponsored Links

PA Wire/PA Images

Back in September, Bluetooth-connected device owners got a little scare when security firm Armis disclosed a new hack exploit known as BlueBorne. In theory, bad actors could target smartphones, tablets and such using specific vectors in Bluetooth connectivity. Armis had informed Apple, Microsoft and Google months before and they patched up the vulnerabilities ahead of the news release. But today the firm disclosed that it wasn't just handheld devices that might have been affected -- Amazon's Echo and Google Home were vulnerable, too.

Once again, Armis notified the companies in question long enough for them to patch out the vulnerabilities, so updated devices should be safe. (Echo owners can verify for themselves by making sure their devices are using version v591448720 or newer.) But the firm noted in its release that each of the 15 million Amazon Echoes and 5 million Google Homes sold were potentially at risk from BlueBorne.

The former used Linux code that could have been targeted by a remote code execution vulnerability in the Linux kernal, while the latter had an information leak vulnerability in Android's Bluetooth stack. That means Amazon Echoes could have been taken over and Google Homes shut down via denial-of-service. Below, Armis simulated how an Echo would be taken over.

Just like the other BlueBorne vulnerabilities, users wouldn't have known if their Echoes or Homes had been affected. But those devices posed additional risk given that they're constantly listening to Bluetooth communications and, thanks to their limited UI, there's no way to turn it off.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Windows XP source code leak sheds light on Microsoft's OS history

Windows XP source code leak sheds light on Microsoft's OS history

View
NASA wants ideas for keeping Moon missions powered in the dark

NASA wants ideas for keeping Moon missions powered in the dark

View
Apple Watch Series 3 owners deal with random reboots in watchOS 7

Apple Watch Series 3 owners deal with random reboots in watchOS 7

View
Someone bought the new Chromecast and told Reddit all about it

Someone bought the new Chromecast and told Reddit all about it

View
SpaceX scales back plans for Starship's first high-altitude flight

SpaceX scales back plans for Starship's first high-altitude flight

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr