Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices

posted by takyon on Saturday November 18 2017, @10:39AM   Printer-friendly
from the I-hear-you dept.

Fnord666 writes:

A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo.

As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and desktops are also vulnerable to BlueBorne.

BlueBorne is the name given to the sophisticated attack exploiting a total of eight Bluetooth implementation vulnerabilities that allow attackers within the range of the targeted devices to run malicious code, steal sensitive information, take complete control, and launch man-in-the-middle attacks.

What's worse? Triggering the BlueBorne exploit doesn't require victims to click any link or open any fileā€”all without requiring user interaction. Also, most security products would likely not be able to detect the attack. What's even scarier is that once an attacker gains control of one Bluetooth-enabled device, he/she can infect any or all devices on the same network.

These Bluetooth vulnerabilities were patched by Google for Android in September, Microsoft for Windows in July, Apple for iOS one year before disclosure, and Linux distributions also shortly after disclosure. However, many of these 5 billion devices are still unpatched and open to attacks via these flaws.

Source: https://thehackernews.com/2017/11/amazon-alexa-hacking-bluetooth.html

Original Submission

 
This discussion has been archived. No new comments can be posted.
Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices | Log In/Create an Account | Top | 22 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Yog-Yogguth on Saturday November 18 2017, @11:25PM

    by Yog-Yogguth (1862) Subscriber Badge on Saturday November 18 2017, @11:25PM (#598784) Journal

    From the end of the comment:

    "(Post might contain overdose levels of black comedy... this advisory warning is too late!)"

    Gallows humor.

    Maybe not now, maybe not Bluetooth, but soon enough.

    IoT processors have already been used to launch some hefty network attacks, that's old hat.

    Instead someone is bound to want to cycle a large amount of devices (millions, billions, large multipliers) on and off at whichever speed maximizes power draw. Compare this with the substantial usage spikes from a number of British people turning on electric kettles during football (soccer) match half time pauses or during advertising breaks of very popular television programs.

    How many shuddering garage doors does it take to bring down the US power grid? How many light bulbs doing synchronized flashing? How many thermostats raising temperatures as much as possible? How many air conditioners stuck on full blast? How many fridges and freezers dropping their temperatures as low as possible? How many personal eavesdropping devices constantly fiddling with the computers they have legitimate access to?

    Who doesn't want to know?

    --
    Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2