Bluetooth Hack Affects 20 Million Amazon Echo, Google Home Devices

In September, security researchers discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. We have now learned that an estimated 20 million Amazon Echo and Google Home devices are also vulnerable to attacks leveraging the BlueBorne vulnerabilities. The Hacker News reports: Amazon Echo is affected by the following two vulnerabilities: a remote code execution vulnerability in the Linux kernel (CVE-2017-1000251); and an information disclosure flaw in the SDP server (CVE-2017-1000250). Since different Echo's variants use different operating systems, other Echo devices are affected by either the vulnerabilities found in Linux or Android. Whereas, Google Home devices are affected by one vulnerability: information disclosure vulnerability in Android's Bluetooth stack (CVE-2017-0785). This Android flaw can also be exploited to cause a denial-of-service (DoS) condition. Since Bluetooth cannot be disabled on either of the voice-activated personal assistants, attackers within the range of the affected device can easily launch an attack. The security firm [Armis, who disclosed the issue] notified both Amazon and Google about its findings, and both companies have released patches and issued automatic updates for the Amazon Echo and Google Home that fixes the BlueBorne attacks.

Problem Already Solved

[Freshly+Exhumed]

Thankfully any exploits against Bluetooth were quickly ruined by... well... Bluetooth.

Re:Problem Already Solved

I wish I was a registered user capable of modding you up, registration and login feels like too much of a hassle though.

Bluetooth is quite possibly the worst commercial technology I have ever seen widely implemented. It's inability to stay connected, weird issues cropping up all the time, battery usage, distance problems etc. I have a logitec wireless keyboard/mouse with a very tiny usb dongle, works perfectly, works across the room, takes a year to wear down a AA battery, always is connected and requires no setup to do so.

When I compare the two it feels as though bluetooth was going for what the logictec has, but never really got there and didn't bother to go back and fix the issues before rushing it into production. Now years later it still has not been properly fixed and it seems that the companies who create bluetooth devices are completely fine with having the architecture behind it all remain a complete user experience mess with no end in sight.

I used to do technical support for Dell, one of my most common and least favorite calls was about bluetooth devices because even if you follow the tree of steps the same each time, the outcome was different and it seemed like you might as well just cut the head off a chicken and dance around naked as it would have about the same effect on the damned things.

Bluetooth should in my opinion be disabled as a non functional incomplete architecture/standard/hardware, I don't know wtf is wrong with it, but it NEVER works correctly. It seems to come pre-enabled on most operating systems, however I'd much rather it was something you downloaded and added on vs having it just detect the chip is there and immediately proceed to install the drivers and wake the stupid chip up.

I have an uneasy suspicion that if it's basic operation is so flawed and random, the security is more than likely a total cluster F just waiting to happen. This article begins to confirm that fear for me, though more examples must arrive before I am entirely convinced that the security of this standard is also fatally flawed like the rest of it.

Re:Problem Already Solved

Heh, no brother, pimp out your site, but only on certain terms. We only respect those who can wield rather than merely regurgitate technology.

Did you create the site?

It appears to have been created from something similar to wordpress and not hand written. The lack of javascript to generate the page is not in line with modern methods which are moving away from having a static HTML page to one which starts static and then has the content generated via javascript.

I did notice a few comments in the code of the page which indicate that someone perhaps wrote parts of it. Just a heads up

when you code

jQuery(function($){

you can now simply say

$(function(){ //code to execute on document load here
});

If I had advice for you, the site seems nice, the layout however is crowded and the point of it is lost by having a giant top bar, and then a 3 column under-top-bar layout.

You should watch a TED talk about flag design, it makes a great case that simplicity and clarity have much to offer over bombardment (think google vs yahoo)

You might also want to switch your webserver, if it is old apache then your going to be cutting off your own possibilities in terms of dynamic content. You should switch to the simpler and more robust node.js which offers much more for web developers.

Re:Problem Already Solved

Stop, you're adding flammables to the flammables.

Re:Problem Already Solved

You know how to kill a troll? Kindness, right to the brain, no mercy

Re:Problem Already Solved

I can't help but picture one of the most spastic nerd rage people screaming you post.

Regardless, you obviously have no clue about anything tech related. Stop making any guesses or conjectures. Your end result may be the same as others, but everything else is shit from your own brain.

FWIW, what logitech does for keyboards and mice has a very specific data pattern.
If you don't know how a scroll wheel works, you should star there. It's basically sending a button press a whole lot of times every time you rotate the wheel. Mouse button presses are the same as a keyboard press. All of them send a signal and a state (possibly a bunch of them). It's a VERY simple data pattern, and very compact.

Bluetooth, on the other hand, can create a true layer 2 transport. There is a huge amount of overhead in being flexible. The logitech controllers, while great for their purpose, are absolutely shitty at doing much of anything else (AFAIK). Can they send high def stereo audio out to wireless headphones? Transfer files? Route TCP/IP traffic over it? etc etc etc?

Bluetooth is just as ok as any other tech. You're just an idiot.

Re:Problem Already Solved

When I compare the two it feels as though bluetooth was going for what the logictec has

Um, you realise logictec use Bluetooth for that?

Re: Problem Already Solved

[Brockmire]

If Bluetooth NEVER works for you, you're probably the problem. I had a nice pair of Bluetooth headphones. Worked perfectly. I saw the knock off version from China for a quarter of the price. It was clearly inferior product and couldn't maintain connection with phone in pocket two feet away. The original, legit LG headphones worked like 30meters away through a wall. It was clearly the device at fault, not my phone or protocol. Not to say I don't experience issues, just rarely, not often.

Most worrisome problem not mention in TFS

The biggest problem wasn't even mentioned - the complete loss of control over personal data and privacy and the intention of Google and Amazon to collect as much information about you and your life as possible. This is one hole that isn't going to be plugged ... ever.

Re:Most worrisome problem not mention in TFS

Don't use Google or Amazon?

(or Twitter, or Facebook, .....)

Jailbreaks

[Actually,+I+do+RTFA]

Does this mean I can finally jailbreak the hardware to talk to a different (local) server? Because the hardware is nice...

Hacked schmacked

[SpankiMonki]

To me the astonishing thing is that there are 20 million of these devices in service.

Re:Hacked schmacked

[Actually,+I+do+RTFA]

Shipped, not in service. IIRC, there were quite a few given out as part of signing up for some other service.

Re: Hacked schmacked

Perfectly good units get upgraded and junked. I was really surprised that my parents did that with their echo. They only had it a few months.

Re:Hacked schmacked

[JustAnotherOldGuy]

To me the astonishing thing is that there are 20 million of these devices in service.

Even if there were only a million, that's still a shitload no matter how you slice it.

I can't imagine having one in my home, but that's just me.

Re:Hacked schmacked

Fleshlight and iPad mounted to Roomba wired to an Alexa. The future is now.

Duh?

It affects every bluetooth device, why would IOT be any different?

Sad

I would love to buy a computer, but the machine just isn't ready for prime time. They are so frail! You people are building a house of cards with the damn things. One little glitch, and... POOF! everything is all gone, bye bye... Your whole society is going to collapse.

Re:Sad

[93+Escort+Wagon]

Thank you for taking the time to post, Mr. Bezos.

Re:Sad

You sir are not incorrect. There are however hardened laptops which can be purchased. I did technical support for Dell for awhile, we sold these units to construction folks and the military alike. You can get a hardened laptop which can withstand massive trauma as well as moisture. The specs for the system are however lowered because of heating issues. This does not really matter though, most things you need a computer for today (document writing, web surfing, image viewing) in a professional environment you can use a computer from 10 years ago (it worked then, still works now) to get done (on linux anyways, MS purposely made sure this was not the case).

I believe you would probably benefit from a particular setup which I use now as a web developer.

I keep one machine at home, a small raspberry pi. It is frail, and small, but barring the entire place burning down it's simplicity and lack of moving parts make it neigh on immortal. I then remotely connect to this machine using a regular laptop to do my work. The laptop could be destroyed by a cup of coffee or other misadventure and it does not really matter as it's just a portal I use to get to the pi which holds my work. The pi itself also has an 8gig USB stick I purchased for doing data backup in the event that the pi itself somehow is destroyed.

The cost of this arrangement is very reasonable, the pi itself with a lithium ion battery pack and shipping/handling is 88 $. The USB stick is roughly 10 $, and the small laptop I use on the go is roughly 400 $. Total cost of the entire setup comes in under the cost of a large television but obviously offers far superior function.

Better idea

[Templer421]

Don't buy a home spying device!

Not that hard to walk five feet or expend the effort to look at a cell phone or tablet.

Just for fun with a PA system at an apartment building...."Alexa Buy Adult Diapers"

Floors it!

Re: Better idea

Cellphone and tablet are portable spying devices.

Re:Better idea

This is a good sentiment, but a difficult reality.

You often require a cellphone for work, and a smartphone helps with it's blinken lights, socializing, and data etc to calm our monkey minds.

It extends beyond that though.

Your vehicle most likely has a black box installed, your vehicle possibly has a factory or dealership added GPS tracker. If you are utilizing something like OnStar, your vehicle is part of a collective and is monitored and tracked, with the possibility that an outside actor can manipulate your vehicle.

The comfort our lawmakers have with these companies spying on us is what disturbs me. Companies are dumb animals that just want to feed any way they can. Our elected officials are supposed to act as our wise elders and ensure that it is a symbiotic rather than parasitic relationship and they appear to no longer desire to perform this function.

Re: Better idea

[nnull]

And that just as inexcusable. The very intention that most big brand tablet and phone makers are making it difficult to root and install your own custom roms onto your device is evidence enough for me of their nefarious activities. Already had enough with my LG phone pushing random app installs and standby ads.

Re: Better idea

[Brockmire]

It's also not that hard to STFU and not talk about something you don't know about, either. I have no idea how walking to and LOOKING at a phone replaces what an Alexa does. You clearly don't have a fucking clue. All you paranoid people, we get it. Now keep it to yourself.

Soon to be Seen On TV?

Will Mr Robot hack Dom's Amazon Echo?

C is such a wonderful language

[Pinky's+Brain]

The 6 most exploitable ones are overflow/underflow related, what a surprise.

TheHackerNews? Really?

So a site that registered it's name after another site and then copies articles from other news outlets is now featured on /.?

I thought we had some standards? Half of articles on that site are written in an incomprehensible English.

Wireless USB

[DrYak]

FWIW, what logitech does for keyboards and mice has a very specific data pattern.

This isn't relevant.

The relevant part is that Logitech manufactures both the device and the receiver.
And as a company with Swiss roots (R&D is still done in Lausanne) they are attentive to the details and make sure that they implementation works.

Fun fact : a sizeable part of Logitech's devices (most frequently the non-gamer fraction) do use some variation of Bluetooth (instead of their proprietary protocol) and work just as well. Mainly for the exact same reason : Logitech is providing both the dongle and the device and has paid attention to the details.

Bluetooth, on the other hand, can create a true layer 2 transport. There is a huge amount of overhead in being flexible.

As are Logitech's own receivers, too.
Logitech basically phagocyted the defunct Wireless USB standard that wanted to be competitor to Bluetooth.
They are more or less comparable in what they can achieve, even if in Logitech's case, it is more often under utilized (lots of their product only use it for HID).

The logitech controllers, while great for their purpose, are absolutely shitty at doing much of anything else (AFAIK). Can they send high def stereo audio out to wireless headphones?

Actually, you'd be surprised, but yes.
There are a few among all of the Logitech wireless headsets which don't use Bluetooth but Logitech's own proprietary 2.4Ghz technology (i.e.: their rebranded Wireless USB).
In these cases, Logitech's device are litterally sending high-def multichannel audio over the same proprietary 2.4Ghz tech that is used in their HID devices.

But again, being the maker of the sender AND the receiver helps making sure that basic quality standards are met.

Bluetooth is just as ok as any other tech.

Bluetooth is, most significantly, just a standard.

It's up to the individual companies to implement it correctly (e.g.: Logitech. Or Ericsson - being the initiator of the technology. Or the former Palm. Etc.)
Or do an excruciatingly shitty job at it (e.g.: lots of no-name Asian USB dongles, lots of poor phone implementation in cheap smartphones, etc.)

Protocole nit-picking

[DrYak]

Um, you realise logictec use Bluetooth for that?

Actually Logitech make use of both protocols :

- most often in general consumer products (like their speakers, headsets, and some keyboard and mouses) they tend to use Bluetooth for general purpose compatibility.
(But you're still better off using the packaged-in bluetooth transceiver, because of Logitech's attention to details making sure that their products work together, unlike the crappy bluetooth implementation in your no-name chinese tablet)

- most often in gamer oriented products, they tend to use their own proprietary 2.4Ghz tech, which is derived of the defunct "Wireless USB" wannabe bluetooth-competitor.

- Specially now that the Bluetooth LE (a.k.a Smart) variant has arrived with lower battery requirement, similar to Logitech's proprietary tech, there are a few products (like the MX Master mouse) which support BOTH protocols simultaneously. (You can either pair the mouse with a Bluetooth LE/Smart enabled device, or with a "Logitech Unifying Reciever").

RedOx

[DrYak]

Then shut the fuck up, stop complaining here, and join the rest of Rust developers in trying to write a full operating system (RedOx) instead of bitching and moaning about the language that the majority of the world has settled upon.

Re:RedOx

[Pinky's+Brain]

No, the rest of the world needs to know they are wrong.

Update

[AVryhof]

So, can I do "alexa sudo apt-get update" "alexa sudo apt-get upgrade linux-image"?

Now that's a lazy hacker!

[holophrastic]

"anyone within Bluetooth range..." can always disable the device. Isn't Bluetooth range ~30 feet?

So someone in my kitchen is going to disable my device (not that I'd have one) with a Bluetooth exploit? They could disable it with a glass of orange juice, a tennis ball, or by simply pulling the power.

Bluetooth exploit is a long way to go to cover a few steps.

nnnd

[bico540]

href="http://www.al-awa2el.com/%D9%85%D9%83%D8%A7%D9%81%D8%AD%D8%A9-%D8%AD%D8%B4%D8%B1%D8%A7%D8%AA-%D8%A8%D8%A7%D9%84%D8%AE%D8%B1%D8%AC/219-%D8%B4%D8%B1%D9%83%D8%A9-%D9%85%D9%83%D8%A7%D9%81%D8%AD%D8%A9-%D8%AD%D8%B4%D8%B1%D8%A7%D8%AA-%D8%A8%D8%A7%D9%84%D8%AE%D8%B1%D8%AC"> , , , a href="https://www.al-awa2el.com/%D9%85%D9%83%D8%A7%D9%81%D8%AD%D8%A9-%D8%AB%D8%B9%D8%A7%D8%A8%D9%8A%D9%86-%D8%A8%D8%A7%D9%84%D8%B1%D9%8A%D8%A7%D8%B6/270

Imagine that

[slick7]

Overbearing surveillance in the guise of convenience, hmmm.

nnn

[bico540]

, , , a href="https://www.al-awa2el.com/%D9%85%D9%83%D8%A7%D9%81%D8%AD%Dawa2el.com/%D9%85%D9%83%D8%A7%D9%81%D8%AD%D8%A9-%D8%B9%D9%82%D8%A7%D8%B1%D8%A8-%D