BlueBorne Vulnerability Hits Up to 20 Million Amazon Echo, Google Home Devices

Armis researchers recently determined that several home IoT devices, including the Amazon Echo and Google Home, were impacted by the BlueBorne Bluetooth flaw the same researchers disclosed in September 2017.

As many as 20 million Amazon Echo and Google Home devices were open to compromise by hackers who could use the devices to spread malware and launch man-in-the-middle attacks.

Armis has notified both companies, and Amazon and Google have released security updates for the devices. “Customer trust is important to us and we take security seriously,” Amazon said in a statement. “Customers do not need to take any action as their devices will be automatically updated with the security fixes.”

Crucially, the devices aren’t just for home use. Armis’ own data indicates that 82 percent of its customers have Amazon Echo devices in their businesses, and in many cases, IT isn’t aware that they’re on the network.

What’s more, Armis notes, the Wynn Las Vegas has announced that it’s placing an Amazon Echo in every room, and Best Western and Marriott are considering doing the same.

Rising Threats

“Burgeoning demand for digital personal assistants is expanding the avenues by which attackers can infiltrate consumers’ lives to steal personal information and commit fraud,” Armis CEO Yevgeny Dibrov said in a statement.

“Rising airborne threats such as BlueBorne and KRACK are a wakeup call to the enterprise and traditional security simply cannot defend against new attack vectors that are targeting IoT and connected devices in the corporate environment,” Dibrov added.

Still, a recent Keeper Security survey of more than 1,000 U.S. adults found that 65 percent of millennials (ages 25-34) aren’t aware of growing concerns about IoT device security, and the same percentage don’t take the evaluation of security seriously in choosing an IoT device.

Seventy percent of millennials don’t know that IoT devices are generally sold with preset default passwords, and half of millennials who own IoT devices don’t change the default password.

Almost a quarter of all respondents already own at least one IoT device. Of those, 34 percent own three or more.

“These findings should set off concerns regarding the overall security of IoT devices, given the huge growth numbers expected for this hot device segment,” Keeper Security CEO and co-founder Darren Guccione said in a statement.

“Our data in this survey clearly shows an ongoing lack of attention to detail and good password hygiene as it relates to IoT devices,” Guccione added. “Hackers know that, and consumers need to be aware that they know.”

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles