A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo.
As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and desktops are also vulnerable to BlueBorne.
BlueBorne is the name given to the sophisticated attack exploiting a total of eight Bluetooth implementation vulnerabilities that allow attackers within the range of the targeted devices to run malicious code, steal sensitive information, take complete control, and launch man-in-the-middle attacks.
What's worse? Triggering the BlueBorne exploit doesn't require victims to click any link or open any fileāall without requiring user interaction. Also, most security products would likely not be able to detect the attack. What's even scarier is that once an attacker gains control of one Bluetooth-enabled device, he/she can infect any or all devices on the same network.
These Bluetooth vulnerabilities were patched by Google for Android in September, Microsoft for Windows in July, Apple for iOS one year before disclosure, and Linux distributions also shortly after disclosure. However, many of these 5 billion devices are still unpatched and open to attacks via these flaws.
Source: https://thehackernews.com/2017/11/amazon-alexa-hacking-bluetooth.html
(Score: 1, Interesting) by Anonymous Coward on Saturday November 18 2017, @02:35PM (3 children)
My new car has bluetooth to connect my phone and other things to it. I wonder if those are vulnerable, and if there will ever be a patch produced by auto manufacturers?
(Score: 0) by Anonymous Coward on Saturday November 18 2017, @02:38PM (2 children)
Commenting on my own submission - sorry, it's bad form, I know.
As an example, BMW is integrating Alexa into their cars: https://www.theverge.com/2017/9/27/16372566/bmw-alexa-integration-2018 [theverge.com]
(Score: 0) by Anonymous Coward on Saturday November 18 2017, @03:21PM
Alexa let me get in the car. - You are not the owner. Alexa sudo let me get in the car. -Ok.
(Score: 2) by Yog-Yogguth on Saturday November 18 2017, @11:30PM
It's not bad form at all so don't worry about it.
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))