Jump to content

Recommended Posts



Following the disclosure of the Please login or register to see this link. attack vector this past September, Armis discovered that critical Bluetooth vulnerabilities impact the Amazon Echo and Google Home. These new IoT voice-activated Personal Assistants join the extensive list of affected devices. Personal Assistants are rapidly expanding throughout the home and workplace, with an estimated 15 million Amazon Echo and 5 million Google Home devices sold. Since these devices are unmanaged and closed sourced, users are unaware of the fact their Bluetooth implementation is based on potentially vulnerable code borrowed from Linux and Android.


Which BlueBorne Vulnerabilities Impact the Devices?


Amazon Echo devices are affected by two vulnerabilities:


  • Remote code execution vulnerability in the Linux Kernel (CVE-2017-1000251)
  • Information leak vulnerability in the SDP Server (CVE-2017-1000250)

Other Echo products are affected by either the vulnerabilities found in Linux or those discovered in Android, since different Echo’s variants use different OSs.

Google Home devices are affected by one vulnerability:

  • Information leak vulnerability in Android’s Bluetooth stack (CVE-2017-0785)


These vulnerabilities can lead to a complete take over of the device in the case of the Amazon Echo, or lead to DoS of the Home’s Bluetooth communications.


What is the risk?


These devices are constantly listening to Bluetooth communications. There is no way to put an agent/antivirus on these devices. And given their limited UI, there is no way to turn their Bluetooth off – as is the case of other IoT devices (Smart TVs for example). With BlueBorne, hackers can take complete control over a vulnerable device, and use it for a wide range of malicious purposes; including spreading malware, stealing sensitive information and more.


According to a recent survey of Armis clients and deployments, 82% of companies (including the F1000 and G2000) have an Amazon Echo device in their corporate environment. In many cases, Corporate IT may not be aware that these IoT devices are even on the network.


Given that airborne attacks are virtually invisible to traditional security solutions, a hacker only needs to exploit one device to penetrate further into a network or spread to other devices.


It is also worth mentioning that this is the first severe remote vulnerability found to affect the Amazon Echo, which was an impregnable wall up until now, with the only known vulnerability requiring an extensive Please login or register to see this link. .

Quick demo of how BlueBorne can be used to take control of an Amazon Echo:



Updates Have Been Provided


Armis has notified both Amazon and Google about the findings, and both companies have issued automatic updates for the Amazon Echo and Google Home.


“Customer trust is important to us and we take security seriously. Customers do not need to take any action as their devices will be automatically updated with the security fixes,” says Amazon.


Amazon Echo users can verify that their devices are using version that is newer than v591448720, to validate they have received the patch.


Protecting IoT and Unmanaged Devices


The main concern arising from these new discoveries is this –  what other devices are vulnerable? Unlike in the PC and mobile world, in which two or three main OSs control the absolute majority of the market, for IoT (or unmanaged) devices, no such dominant players exist. This creates an environment even more fragmented than the one currently seen with Android operating systems. A individual or company using an IoT device has no way of knowing whether a new discovered vulnerability will affect them. If there is a patch, there may be a significant delay in getting the patch or it may be very complicated to apply. Too often, no patch is provided.


The Amazon Echo and Google Home are the better examples as they were patched, and did not need user interaction to update. However, the vast bulk of IoT devices cannot be updated. However, even the Echos and the Homes will eventually be replaced by new hardware versions (as Amazon and Google recently announced), and eventually the old generations will not receive updates – potentially leaving  them susceptible to attacks indefinitely.


Amazon Echo is based on an old Linux Kernel version, and the Google Home is based on Android. The reason both companies chose to integrate their Bluetooth implementations from external sources is quite obvious – it is a complex protocol which was difficult to implement in the first place. It is more efficient to use the code is embedded in the proprietary systems. However, it is not updated every time a new version is released. This means the device remains vulnerable to archaic attacks. Moreover, developers often refrain from implementing basic security measures such as stack protectors since they can be inconvenient, making the hacker’s job much easier.


IoT devices are no longer a negligible threat. They are becoming a cornerstone  in every corporate environment and network. These personal assistants are increasingly popular with businesses. Please login or register to see this link. in Las Vegas announced it will install an Amazon Echo in every room on the premises. The Please login or register to see this link. and Please login or register to see this link.  hotels are considering doing the same thing, which will provide productivity and potential risks to consumers and business travelers. This trend which will only increase in coming years.


IoT devices are not only more prevalent today, but also subject to more attack vectors, with virtually no protection. The airborne attack vector is posing a severe threat to all IoT devices, and is completely overlooked by traditional security measures. Aside of BlueBorne, new Wi-Fi vulnerabilities were found in Broadcom’s chips (Please login or register to see this link. ), as well as in the WPA2 protocol itself with the most recent Please login or register to see this link. . Users and businesses should treat IoT devices like any other device in their network, and implement proper protections.


For more information, or to perform a fullPlease login or register to see this link. of your company, visit Please login or register to see this link. .


Via Please login or register to see this link.



Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now