A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo.
As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and desktops are also vulnerable to BlueBorne, the name given to the highly sophisticated attack that exploits at least eight Bluetooth implementation vulnerabilities.
Hackers within range of the targeted devices can run malicious code, steal sensitive data, launch man-in-the-middle attacks — or completely take control of the devices, which can also allow attackers to eavesdrop on conversations since the devices are always “listening” for key voices.
Triggering the BlueBorne exploit does not require victims to click any link or open any file, either, say cybersecurity researchers. Also, most security products would likely not be able to detect the attack.
In addition, once an attacker gains control over the devices, he or she could then gain control over other Internet of Things devices on the same network.
The Bluetooth vulnerabilities were patched by Google for Android in September, Microsoft for Windows in July, Apple for iOS one year before disclosure, and Linux distributions also shortly after disclosure.
But many of these 5 billion devices are still unpatched and open to attacks via these flaws. [source]
For the month of November, save 25% on your annual subscription to our threat intelligence newsletters with coupon code NOV25. Click here to subscribe.