More than 20mil smart speakers branded by Amazon and Google are at risk of a Bluetooth protection failing called BlueBorne. This was discovered in September of this year by Armis, a private digital security company.
The BlueBorne flaw has been known to us for a long time, but we could only envision it being applied to smart mobile devices operating on the Android OS or to computers. Nonetheless, Armis has now tracked the capacity for BlueBorne exploitation to smart speakers as well.
Such an attack is carried out by using eight different flaws in the security of Bluetooth technology, which means that it is a fairly difficult attack to stop. The names of the device flaws that could allow tech-savvy criminals to gain illicit access to Amazon Echos or Google Homes are the following:
- Amazon Echo: CVE-2017-1000251 and CVE-2017-1000250
- Google Home: CVE-2017-0785
The private security firm Armis has described this type of attack as the first fundamentally endangering one with which we are now familiarized regarding the new type of digital device introduced by companies like Google and Amazon. The company also expressed concern as to the potential security measures to be employed against BlueBorne attacks, considering that they are undetectable through classic digital protection means and that the nature of this flaw allows the breach on one device to spread to all the others.
The BlueBorne hack doesn’t simply mean that the cybercriminal takes control of your smart speaker; it’s much worse than that. Once breached, the device grants the hacker access to a variety of personal user data, from account details to purchase history and financial credentials.
The most straightforward solution for users to protect themselves against such a wide-impact hack would be to enlist the help of a VPN provider and use a VPN (short for Virtual Private Network) on their smart speakers or on the router at home. In doing so, wi-fi data traffic to a hacker’s server can be effectively halted. VPNs now offer such boons as trojan, malware, and unsafe digital content identification and protection, such options ensuring a secure digital experience through data upload encryption and blocking. Nonetheless, this isn’t a foolproof security measure, but it’s better than most. We can personally recommend ExpressVPN and NordVPN as two providers of high-quality Virtual Private Networks that we have employed ourselves.
Another potential impact of the BlueBorne vulnerability, albeit speculative in nature, is that hackers could construct a vast network of systems breached through exploit to use in what is known as a DDoS hack – standing for distributed-denial-of-service, it’s a method for hackers to flood a server with a massive amount of requests, essentially granting them capacity to completely take down any digital content provider through sheer numbers.
In spite of the gravity of this flaw, digital security firm Armis was able to give specs and information to both of the smart speaker providers before they released their discoveries to the general population, thus allowing Google and Amazon to code some protective measures and updates to their respective devices.
Both Amazon and Google released press statements, declaring that their clients need not worry or employ any protective measures themselves on account of their already putting out patches solving the issue. In Google’s declaration, they also reported that neither they nor security company Armis discovered this type of hack “in the wild”. This information should serve to ease the minds of any user concerned with their smart speaker’s protection.
On a more technical note, Echo clients need to make sure that the software currently being run on their product is operating on at least the v591448720 patch; the name of the Google patch that resolves the BlueBorne flaw has not yet been released, but it’s safe to assume that it has been safely put in place, considering Home’s automatic-update mechanism.