Two New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks

[Nov 2, 2018]

Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world.

Dubbed BleedingBit, the set of two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication, including medical devices such as insulin pumps and pacemakers, as well as point-of-sales and IoT devices.

Discovered by researchers at Israeli security firm Armis, the vulnerabilities exist in Bluetooth Low Energy (BLE) Stack chips made by Texas Instruments (TI) that are being used by Cisco, Meraki, and Aruba in their enterprise line of products.

Armis is the same security firm that last year discovered BlueBorne, a set of nine zero-day Bluetooth-related flaws in Android, Windows, Linux and iOS that affected billions of devices, including smartphones, laptops, TVs, watches and automobile audio systems.

Cyber Security Tips:

  • Texas Instruments confirmed the vulnerabilities and released security patches for affected hardware on Thursday that will be available through respective OEMs.
  • Aruba has also released a security patch for its Aruba 3xx and IAP-3xx series access points to address the CVE-2018-7080 ​flaw. However, both Cisco and Aruba noted that their devices have Bluetooth disabled by default.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: