Connect with us

Vulnerability

New Bluetooth Chip Vulnerabilities Expose millions of Devices to Attacks

Malware Vulnerability

Prometei Botnet Infects Systems with Latest Version, Warns Cybersecurity Experts

Vulnerability

Critical Vulnerability Discovered in FortiOS and Palo Alto Networks Firewalls

Hacker News Vulnerability

Lazarus Group Found Exploiting Zero-Day Vulnerabilities in Latest Cyber Attack

Hacker News Vulnerability

Researchers Uncover New Security Vulnerabilities in TPM 2.0 Library

Hacker News Vulnerability

Backdoors to the Home

Hacker News Vulnerability

Zyxel, the Dangers of Hard-coding Credentials

Hacker News Vulnerability

Instagram: User Accounts And Phone Numbers Exposed

Malware Vulnerability

Notepad, New Attack Vector?

Hacker News Vulnerability

WPA3 Still Rough on the Edges

Vulnerability

New Bluetooth Chip Vulnerabilities Expose millions of Devices to Attacks

Published

5 years ago

on

New Bluetooth Chip Vulnerabilities Expose millions of Devices to Attacks

Security researchers at Israeli security company Armis have discovered two vulnerabilities in Bluetooth Low Energy Chips (BLE) that could allow attackers to take control of affected devices, without authentication.

The set of vulnerabilities has been called “BleedingBit“. This isn’t the first time Armis have discovered Bluetooth affecting security flaws, in 2017 they discovered 9 zero-day Bluetooth related flaws that affected Android, Windows, iOS and Linux.

Bluetooth Low Energy (BLE) is a wireless personal area network technology designed to use considerably less power than traditional chips. The chips are made by Texas Instruments and are being used by Aruba, Meraki and Cisco across a range of products in their enterprise suite.

The first vulnerability (CVE-2018-16986) works by taking advantages of the way Bluetooth chips analyze incoming data. An attacker could overload the chip with more traffic than it knows how to handle, which commonly causes memory corruption, then allowing the attacker to execute malicious code onto the device.

 

This does require that the attacker is in close proximity to the device in order to gain the control, however, once the control has been gained the attacker would be able to launch attacks remotely over the internet.

 

The second vulnerability (CVE-2018-7080) affects Aruba’s Wi-Fi access point Series 300. The issue is with a firmware update by Texas Instruments called Over Air Firmware Download (OAD). All of the Aruba WiFi access points share the same OAD password, which means if an attacker managed to reverse engineer Aruba’s BLE firmware they can gain access and execute malicious code to rewrite and control the operating system.

“By default, the OAD feature is not automatically configured to address secure firmware updates. It allows a simple update mechanism of the firmware running on the BLE chip over a GATT transaction,”  Armis researchers stated.

Texas Instruments, as well as Cisco and Meraki, were informed of the vulnerabilities earlier this year by Armis and given the time to create patches. Texas Instruments released a security patch on Thursday, Aruba has also released a security patch. It should be noted that Cisco and Aruba have noted that Bluetooth is disabled by default on their devices so they were unlikely to be successfully targeted in this way.

 

Related Topics:

Technology Enthusiast with a keen eye on the Cyberspace, Entrepreneur, Ethical Hacker

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *