Posted on November 16, 2017 at 6:30 PM
The dangerous Bluetooth-based virus was found to have infected several smart home devices.
BlueBorne was arguably one of 2017’s most dangerous cyber attacks. The malware that was spread via Bluetooth connection is thought to have affected over 5 billion devices up to date. In addition, new evidence suggests that several smart home devices have also been infected.
The cybersecurity firm, Armis Security, has recently confirmed that over 20 million Google Home and Amazon Echo devices carried certain vulnerabilities which the BlueBorne campaign could have exploited. The statement was released with both affected tech firm’s knowledge, and since the release, both companies have made patches available to address the vulnerabilities.
According to the Armis Security report, smart home systems such as the Google Home and Amazon Echo raises cause for alarm as these devices are not updated are often as other electronic devices such as smartphones, laptops, etc. The lax attitude towards system updates makes the devices much more vulnerable to hacking campaigns than other devices.
BlueBorne is the umbrella terms which refers to eight different security flaws in Bluetooth-enabled devices which enabled attackers to infiltrate and hi-jack targeted devices by using the Bluetooth connection. The attack campaign was launched remotely and could be executed while escaping the victim’s notice. Once the attacker has successfully hijacked the device, they could spread the malware to other devices that operate on the same network.
After a hacker hijacked your device, they could modify the device in several ways, such as reprogram the device with false information and even input false traffic reports to the device.
More worryingly, attackers could utilize BlueBorne affected devices to conduct covert espionage on affected users. One of the security flaws enabled the hackers to record a user’s activity on their affected device and communicate these to other parties, without the user’s consent or knowledge. This function indicates that several users and businesses could have fallen victim to several instances of data theft during the campaign.
Another concerning aspect of BlueBorne is that affected devices could become further exploited to become tools in sophisticated DDoS attacks. In 2016, the notorious DDoS attack which affected Dyn servers caused temporary shutdowns of Netflix, Twitter, and Reddit which lasted for several hours before the attack was rectified. This major attack was orchestrated by using over 100,000 exploited devices.
According to Nadir Izrael, the CTO, and co-founder of Armis Security, BlueBorne is just the start of Bluetooth-based attacks. The security firm has stated that they have every reason to believe that commonly used devices have several more vulnerabilities which hackers are likely to exploit in the future.
According to Nadir, smart home devices such as Google Home are much more vulnerable to being exploited, due to infrequent software updates. Because smart home devices are not traditionally victim to attacks, most users are less concerned with keeping their devices updated.
However, since BlueBorne security experts and researcher across the world have been emphasizing that any Internet of Things (IoT) device should be updated regularly to avoid the attack. Following the BlueBorne attack, users have also been instructed to turn their Bluetooth off when it’s not in use.
If a user is still concerned whether their device might be affected, they are encouraged to download the BlueBorne Vulnerability Scanner which is currently available in the Google Play Store.