Connected to Bluetooth? Beware of BlueBorne

BlueBorne as a new attack vector was discovered in September by Armis Labs. It affected Android, iOS, Windows, Linux, and the devices using them, including Amazon Echo and Google Home devices.

Armis Labs and other researchers have posted online videos with their experiments and proof-of-concept hacks of Samsung Galaxy S8, Amazon Echo devices.

BlueBorne is not something new. And though it was not an eminent danger, it made some problems to every manufacturer that produces devices with Bluetooth capabilities.

What BlueBorne does?

It spreads through the air and attacks devices via Bluetooth, allowing attackers to take the complete control of them, spread malware via the network, access data, etc. Of course, the attack vector is possible via proximity. This limits the scope, but might not limit the impact or damage.

Of course, the problem arises with devices that are updated monthly. For example, wearables, fitness trackers, and the similar items, including the whole array of medical devices like insulin pumps or inhalers. Read more here.

However, Amazon and Google patched the devices from all eight Bluetooth vulnerabilities that were discovered by Armis Labs. These are exemplary, conditionally fast responses to undisclosed vulnerabilities. However, there might still be an enormous number of IoT devices that were left unpatched, so the danger is still out there.

What should you do to protect yourself again BlueBorne?

If there is a possibility to update the device and device manufacturers released the update, do it right away.

Limit the usage of Bluetooth and turn it off whenever it is possible.

In case of Google Home, the updated version is 1.28.99956 and instructions for checking it is here.
In case of Amazon Echo, the updated version is 591448720, and you can check it here .