Jump to content

Recommended Posts



Following the disclosure of the Please login or register to see this link. attack vector this past September, Armis discovered that critical Bluetooth vulnerabilities impact the Amazon Echo and Google Home. These new IoT voice-activated Personal Assistants join the extensive list of affected devices. Personal Assistants are rapidly expanding throughout the home and workplace, with an estimated 15 million Amazon Echo and 5 million Google Home devices sold. Since these devices are unmanaged and closed sourced, users are unaware of the fact their Bluetooth implementation is based on potentially vulnerable code borrowed from Linux and Android.


Which BlueBorne Vulnerabilities Impact the Devices?


Amazon Echo devices are affected by two vulnerabilities:


  • Remote code execution vulnerability in the Linux Kernel (CVE-2017-1000251)
  • Information leak vulnerability in the SDP Server (CVE-2017-1000250)

Other Echo products are affected by either the vulnerabilities found in Linux or those discovered in Android, since different Echo’s variants use different OSs.

Google Home devices are affected by one vulnerability:

  • Information leak vulnerability in Android’s Bluetooth stack (CVE-2017-0785)


These vulnerabilities can lead to a complete take over of the device in the case of the Amazon Echo, or lead to DoS of the Home’s Bluetooth communications.


What is the risk?


These devices are constantly listening to Bluetooth communications. There is no way to put an agent/antivirus on these devices. And given their limited UI, there is no way to turn their Bluetooth off – as is the case of other IoT devices (Smart TVs for example). With BlueBorne, hackers can take complete control over a vulnerable device, and use it for a wide range of malicious purposes; including spreading malware, stealing sensitive information and more.


According to a recent survey of Armis clients and deployments, 82% of companies (including the F1000 and G2000) have an Amazon Echo device in their corporate environment. In many cases, Corporate IT may not be aware that these IoT devices are even on the network.


Given that airborne attacks are virtually invisible to traditional security solutions, a hacker only needs to exploit one device to penetrate further into a network or spread to other devices.


It is also worth mentioning that this is the first severe remote vulnerability found to affect the Amazon Echo, which was an impregnable wall up until now, with the only known vulnerability requiring an extensive Please login or register to see this link. .

Quick demo of how BlueBorne can be used to take control of an Amazon Echo:



Updates Have Been Provided


Armis has notified both Amazon and Google about the findings, and both companies have issued automatic updates for the Amazon Echo and Google Home.


“Customer trust is important to us and we take security seriously. Customers do not need to take any action as their devices will be automatically updated with the security fixes,” says Amazon.


Amazon Echo users can verify that their devices are using version that is newer than v591448720, to validate they have received the patch.


Protecting IoT and Unmanaged Devices


The main concern arising from these new discoveries is this –  what other devices are vulnerable? Unlike in the PC and mobile world, in which two or three main OSs control the absolute majority of the market, for IoT (or unmanaged) devices, no such dominant players exist. This creates an environment even more fragmented than the one currently seen with Android operating systems. A individual or company using an IoT device has no way of knowing whether a new discovered vulnerability will affect them. If there is a patch, there may be a significant delay in getting the patch or it may be very complicated to apply. Too often, no patch is provided.


The Amazon Echo and Google Home are the better examples as they were patched, and did not need user interaction to update. However, the vast bulk of IoT devices cannot be updated. However, even the Echos and the Homes will eventually be replaced by new hardware versions (as Amazon and Google recently announced), and eventually the old generations will not receive updates – potentially leaving  them susceptible to attacks indefinitely.


Amazon Echo is based on an old Linux Kernel version, and the Google Home is based on Android. The reason both companies chose to integrate their Bluetooth implementations from external sources is quite obvious – it is a complex protocol which was difficult to implement in the first place. It is more efficient to use the code is embedded in the proprietary systems. However, it is not updated every time a new version is released. This means the device remains vulnerable to archaic attacks. Moreover, developers often refrain from implementing basic security measures such as stack protectors since they can be inconvenient, making the hacker’s job much easier.


IoT devices are no longer a negligible threat. They are becoming a cornerstone  in every corporate environment and network. These personal assistants are increasingly popular with businesses. Please login or register to see this link. in Las Vegas announced it will install an Amazon Echo in every room on the premises. The Please login or register to see this link. and Please login or register to see this link.  hotels are considering doing the same thing, which will provide productivity and potential risks to consumers and business travelers. This trend which will only increase in coming years.


IoT devices are not only more prevalent today, but also subject to more attack vectors, with virtually no protection. The airborne attack vector is posing a severe threat to all IoT devices, and is completely overlooked by traditional security measures. Aside of BlueBorne, new Wi-Fi vulnerabilities were found in Broadcom’s chips (Please login or register to see this link. ), as well as in the WPA2 protocol itself with the most recent Please login or register to see this link. . Users and businesses should treat IoT devices like any other device in their network, and implement proper protections.


For more information, or to perform a fullPlease login or register to see this link. of your company, visit Please login or register to see this link. .


Via Please login or register to see this link.



Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By usrnm
      Eight Bluetooth-related vulnerabilities (four that are critical) affecting over 5 billion Android, Windows and Linux devices could allow attackers to take control of devices, access corporate data and networks, and easily spread malware to other devices.
      Nearly all devices with Bluetooth capabilities, including smartphones, TVs, laptops, watches, smart TVs, and even some automobile audio systems, are vulnerable to this attack. If exploited, the vulnerabilities could enable an attacker to take over devices, spread malware, or establish a "man-in-the-middle" to gain access to critical data and networks without user interaction.
      The vulnerabilities were found in the Bluetooth implementations in Android, Microsoft, Linux and iOS versions pre-iOS 10. Armis reported the vulnerabilities to Google, Microsoft, and the Linux community. Google and Microsoft are releasing updates and patches on Tuesday, September 12. Others are preparing patches that are in various stages of being released.
      These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date. Previously identified flaws found in Bluetooth were primarily at the protocol level. These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device.
      These proximity-based network vulnerabilities could allow attackers to create broad malware infections that could spread from one infected device to many others by wirelessly connecting to other devices over Bluetooth. The device-to-device connectivity nature of Bluetooth means an airborne (or "BlueBorne") attack could easily spread without any action required by a user.
      "These silent attacks are invisible to traditional security controls and procedures. Companies don't monitor these types of device-to-device connections in their environment, so they can't see these attacks or stop them," said Yevgeny Dibrov, CEO of Armis. "The research illustrates the types of threats facing us in this new connected age."
      There are two specific methods attackers could use with exploit code. They could:
          Connect to the target device in an undetected manner, then remotely execute code on that device. This would allow the attacker to take full control of a system, up to and including leveraging the device to gain access to corporate networks, systems, and data.
          Conduct a Man-in-the-Middle attack — effectively creating a Bluetooth Pineapple — to sniff traffic being sent between Bluetooth-enabled devices or spoof a legitimate Bluetooth device and hijack the connection and redirect traffic. This would enable attackers to download malware to devices and take complete control of them. This attack would not require additional hardware, as it uses the Bluetooth connection on the device against the device itself.
      The automatic connectivity of Bluetooth, combined with the fact that nearly all devices have Bluetooth enabled by default, makes these vulnerabilities all the more serious and pervasive. Once a device is infected with malware, it can then easily broadcast the malware to other Bluetooth-enabled devices in its vicinity, either inside an office or in more public locations.
      While waiting for the patch, users can disable Bluetooth to protect devices.
      SURSA: htp:/www.prnewswire.com/news-releases/armis-identifies-new-airborne-cyber-threat-blueborne-that-exposes-almost-every-device-to-remote-attack-30051700.html
    • By HesizMikelson
      Hey Crackers!!!
      I discovered an IoT based device on 84.241.* which I think it's some kind of smart camera, If you have any malware or exploit to attack corresponding host please don't hesitate to share with me.
      If there's a better discovery technique please let me know.
      Share your experience of the same IoT based platforms.
      Your LOVE