Over 20 million Amazon Echo and Google Home devices are also vulnerable to recently discovered BlueBorne Bluetooth vulnerability. Both Amazon and Google have issued the patch for the affected products before IoT cyber-security firm Armis disclosed the details.
If you are not sure what is BlueBorne, it is a set of eight vulnerabilities in the Bluetooth implementations on Android, iOS, Microsoft and Linux platforms. These critical vulnerabilities allow attackers run malicious code, take complete control, launch MIM attack and steal information on devices within the range Affected OS makers and devices cabers have issued the updates to fix the flaws.
The worst thing is that Triggering the BlueBorne exploit doesn’t require the victim to click on any link. It works with user interaction and most of the available security products wouldn’t be able to detect the attack.
IoT security firm Armis initially discovered this vulnerability and later it found Amazon Echo and Google home devices affected by it. Watch the video to see how it affected Amazon Echo.
Since the Bluetooth of Echo or Home cannot be disabled, attackers within the range can launch the attack.
Google patched this for Android in September, Microsoft patched for Windows in July and Apple was quick enough to patch this almost a year before the disclosure. Linux also issued the patch soon after the public disclosure.
If you own Amazon Echo or Google Home, you must update to latest version of firmware to keep your device safe. Update for both devices has been issued.