IoT
11/15/2017
12:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Airborne Cyber Threats Reach Amazon Echo and Google Home, Reveals IoT Security Company Armis

PALO ALTO, Calif., NOV. 15, 2017  Armis, the enterprise IoT security company, today announced that popular, voice-activated personal assistant devices including the Amazon Echo and Google Home were impacted by BlueBorne vulnerabilities recently discovered by Armis researchers. By exploiting unpatched devices, hackers can take them over, spread malware, and establish a "man-in-the-middle" attack to gain access to critical data, personal information, traffic and networks. BlueBorne is especially dangerous as hackers can execute airborne attacks through any vulnerable Bluetooth-enabled device without having to fool users by clicking on malicious links, downloading a file, or interacting with them in any way.  

In the first wave of BlueBorne vulnerabilities announced, Armis revealed that more than 5 billion devices were subject to attack. In this new phase, researchers have confirmed the attack surface includes as many as 20 million Amazon Echo and Google Home devices running on Android and Linux. BlueBorne is the first severe airborne vulnerability found to affect the Amazon Echo; it doesn’t require an extensive physical attack.

Device Demand Climbing

Amazon and Google voice-activated intelligent personal assistants have created a multibillion-dollar market. It is estimated that there are 15 million Amazon Echoes sold and 5 million Google Home devices sold, according to September report by Consumer Intelligence Research Partners (CIRP).  Additional estimates indicate that more than 128 million Echoes will be installed by 2020 and that they will drive more than $10 billion in revenue for the company by then.

“Burgeoning demand for digital personal assistants is expanding the avenues by which attackers can infiltrate consumers’ lives to steal personal information and commit fraud,” said Yevgeny Dibrov, CEO of Armis. “Consumers and businesses need to be aware how their devices are connecting via Bluetooth, and the networks they may be accessing, in order to take security precautions to protect their information.”

Enterprise Impact

In addition to Echo and Google-powered smart devices and assistants being present in consumers’ homes around the world, both are making their way into business environments, with usage taking place from the boardroom to the copy room. Armis data shows that 82% of its customers have the Amazon Echo in their businesses. A 2016 survey from Spiceworks revealed that almost half of IT professionals polled are either using intelligent assistants or will be within three years at their organizations. With the increased adoption of the devices, it become all the more critical that they are secured in their interactions.    

“Rising airborne threats such as BlueBorne and KRACK are a wakeup call to the enterprise that traditional security simply cannot defend against new attack vectors that are targeting IoT and connected devices in the corporate environment,” added Dibrov. “Every organization must gain visibility over sanctioned and unsanctioned IoT devices in their environments. If they don’t,  they’ll be victimized by a breach that can lead to stolen identities for customers and employees,  impact their bottom lines, and even cost top executives their jobs.”

Coordinated Disclosure

Armis coordinated the disclosed these latest BlueBorne vulnerabilities directly with Google and Amazon ahead of making the discovery publicly known. This allowed them to to release appropriate security patches and updates ahead of hackers gaining knowledge of the vulnerabilities. Google has already released patches to its partners to address the BlueBorne vulnerabilities. Both Amazon and Google have released security updates to the Echo and Home respectively. Updates are automatic and users do not have to do anything to get them.

Scanning App, Patching Available

To help consumers, device manufacturers and business users determine if any devices in use are vulnerable to BlueBorne, Armis has released an app on the Google Play Store that can be used to identify impacted devices. It has been downloaded between over 260,000 times since being released in September, and  can be downloaded here.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Gee, these virtual reality goggles work great!!! 
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.