Security

Bluetooth Hack Affects 20 Million Amazon Echo, Google Home Devices (thehackernews.com) 40

In September, security researchers discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. We have now learned that an estimated 20 million Amazon Echo and Google Home devices are also vulnerable to attacks leveraging the BlueBorne vulnerabilities. The Hacker News reports: Amazon Echo is affected by the following two vulnerabilities: a remote code execution vulnerability in the Linux kernel (CVE-2017-1000251); and an information disclosure flaw in the SDP server (CVE-2017-1000250). Since different Echo's variants use different operating systems, other Echo devices are affected by either the vulnerabilities found in Linux or Android. Whereas, Google Home devices are affected by one vulnerability: information disclosure vulnerability in Android's Bluetooth stack (CVE-2017-0785). This Android flaw can also be exploited to cause a denial-of-service (DoS) condition. Since Bluetooth cannot be disabled on either of the voice-activated personal assistants, attackers within the range of the affected device can easily launch an attack. The security firm [Armis, who disclosed the issue] notified both Amazon and Google about its findings, and both companies have released patches and issued automatic updates for the Amazon Echo and Google Home that fixes the BlueBorne attacks.
Android

OnePlus 5T Featuring 6-inch AMOLED Display, 3.5mm Headphone Jack Launched (wired.com) 54

Chinese smartphone maker OnePlus, which has been lauded by consumers for offering phones with top-of-the-line specs at a reasonably affordable price range, on Thursday at an event in New York announced its newest flagship smartphone. Called the OnePlus 5T, the handset sports a 6.01-inch AMOLED screen (screen resolution 1080 x 2160) manufactured by Samsung in a body that is roughly of the same size as the 5.5-inch display-clad predecessor OnePlus 5. The secret sauce is, much like Samsung, LG and Apple, OnePlus has moved to a near bezel-less design. The company is not getting rid of the fingerprint scanner though, which it has pushed to the back side. The front-facing camera, additionally, OnePlus says, can be used to unlock the device. Other features include a 3,300mAh battery with the company's proprietary Dash Charge fast-charging tech (no wireless charging support -- the company says at present wireless charging doesn't really add much value to the device), top-of-the-line Qualcomm Snapdragon 835 processor with Adreno 540, 6GB of RAM with 64GB of storage (there is another variant of the phone which offers 8GB of RAM with 128GB of space). As for camera, we are looking at a dual 16-megapixel and 20-megapixel setup in the back. One more thing: the phone has a headphone jack and it runs Android 7.1 out of the box. The OnePlus 5T will go on sale in Europe, India, and the United States starting November 21st, with the base model priced at Euro 499, INR 32,999, and $499, respectively. The high-end variant is priced at Euro 559, INR 37,999, and $559. Wired has more details.
Privacy

Consumers Are Holding Off On Buying Smart-Home Gadgets Due To Security, Privacy Fears (businessinsider.com) 143

According to a new survey from consulting firm Deloitte, consumers are uneasy about being watched, listened to, or tracked by devices they place in their homes. The firm found that consumer interest in connected home technology lags behind their interest in other types of IoT devices. Business Insider reports: "Consumers are more open to, and interested in, the connected world," the firm said in its report. Noting the concerns about smart home devices, it added: "But not all IoT is created equal." Nearly 40% of those who participated in the survey said they were concerned about connected-home devices tracking their usage. More than 40% said they were worried that such gadgets would expose too much about their daily lives. Meanwhile, the vast majority of consumers think gadget makers weren't doing a good job of telling them about security risks. Fewer than 20% of survey respondents said they were very well informed about such risks and almost 40% said they weren't informed at all.

Slashdot Top Deals