Armis Security discovered a set of Bluetooth flaws, named as BlueBorne, back in September. The flaw could allow hackers leverage Bluetooth connections to penetrate and take complete control over targeted devices. To plug that flaw, Google and Amazon have rolled out automatic updates for their respective smart home speakers, Google Home and Amazon Echo.
BleuBorne is an attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. It can spread through the air and attacks devices via Bluetooth. It is a set of eight Bluetooth flaws, four of which are classified as critical. BlueBorne allows attackers to take control of devices, access corporate data and networks and spread malware laterally to adjacent devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode.
Armis Security discovered the flaws back in September and notified the world about them, including Google and Amazon. Acting upon this, both the companies have issued automatic updates for the Amazon Echo and Google Home. Customers do not need to take any action as their devices will be automatically updated with the security fixes. Amazon Echo users can verify of the update by checking if their device is using a version newer than v591448720.
As per the report from Armis, almost all the Bluetooth devices, including IoT products, may be affected depending how their manufacturers implemented Bluetooth. That’s a staggering 8.2 billion devices. Armis have also released a smartphone app, BlueBorne Vulnerability Scanner, which scans your bluetooth devices’ to see how much your device is vulnerable to BlueBorne.
As all the attacker needs is to be in Bluetooth range, BlueBorne is a serious issue, specially in dense cities. Device manufacturers have already started acting on the issue. Google, Microsoft and Linux have addressed the issue, while many other tech companies are expected to follow the suite soon. So we hope the Bluetooth world will once again be a safer place.