Amazon and Google close BlueBorne leak in smart speakers

Amazon and Google have closed the BlueBorne leak in their Echo and Home speakers. The speakers were susceptible to the leaks in the bluetooth technology, according to the security company that BlueBorne revealed.

Amazon Echo users can check if their version number is higher than v591448720 to see if the patch is in, Armis Labs says. With Google Home, it is unclear how users can check whether the patch is already on their speaker. According to the security company, around 20 million speakers were vulnerable to an attack using one of the vulnerabilities in BlueBorne.

BlueBorne leverages eight zero-day vulnerabilities in the Bluetooth implementations of various operating systems. With the Echo there were two vulnerabilities in the software, with Home there was one. Within about ten seconds it is possible to take over a Bluetooth device with the attack, without the user noticing, is the claim. In addition, with speakers there is no screen to display an interface and no antivirus software can run on them, which makes detection much more difficult than with smartphones, for example, the security company says.

According to the researchers, it is possible to use the attack to spread, for example, ransomware or malware to other Bluetooth devices. It is unknown what could have happened if malware had taken advantage of these vulnerabilities. Armis Labs claims it is the first serious vulnerability for the Amazon Echo, the speaker has not been able to withstand any kind of remote attack so far.