Armis CTO Details Business Impact of BlueBorne Security Risks

Nadir Izrael, co-founder and CTO of Armis Security first brought his company out of stealth mode in June 2017, with the promise of helping organizations to improve Internet of Things (IoT) visibility and control. Now in November 2017, Armis is growing quickly, thanks in part to the company's discovery of the BlueBorne Bluetooth security vulnerability that was first publicly disclosed on Sept. 12.

BlueBorne is a set of vulnerabilities that could have potentially enabled an attacker to take control of a vulnerable device, via Bluetooth. The initial report of the flaw impacted a large number of vendors including Google, Microsoft and the Linux community, requiring them to release multiple patches.

On Nov. 15, Armis revealed that the popular Amazon Echo and Google Home voice assistant devices were also at risk from BlueBorne. Both Google and Amazon have now patched their devices.

In a video interview with eWEEK, Izrael provides insight on the latest BlueBorne disclosure and how the Bluetooth vulnerability has impacted Armis' business and its product direction.

"A lot of companies took it (BlueBorne) very seriously," Izrael told eWEEK. "Part of the realization that people are coming to is that all of this hyper-connectivity with devices is putting the devices, the networks and the environments they are in, at risk."

With the expanded impact of BlueBorne reaching to Amazon Echo, Izrael said that Armis just didn't initially look at the home assistants, when evaluating which devices were at risk. As it turns out, the Amazon Echo runs an older version of Linux, based on the Linux 2.6 kernel which was still vulnerable to BlueBorne. More recent branches of Linux were patched for BlueBorne in September.

Izrael said that people tend to think of the Amazon Echo and Google Home as consumer devices used in the home, but there are a lot of them deployed in corporate environments as well.

"An organization can find itself full of devices that basically have open microphones that can listen to everything and the organization has no idea they are even there," Izrael said. "Our statistics show that 82 percent of companies have Amazon Echo devices in their environments and sometimes in very sensitive environments."

Watch the full video interview with Nadir Izrael above.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.