[Nov 2, 2018]
Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world.
Dubbed BleedingBit, the set of two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication, including medical devices such as insulin pumps and pacemakers, as well as point-of-sales and IoT devices.
Discovered by researchers at Israeli security firm Armis, the vulnerabilities exist in Bluetooth Low Energy (BLE) Stack chips made by Texas Instruments (TI) that are being used by Cisco, Meraki, and Aruba in their enterprise line of products.
Armis is the same security firm that last year discovered BlueBorne, a set of nine zero-day Bluetooth-related flaws in Android, Windows, Linux and iOS that affected billions of devices, including smartphones, laptops, TVs, watches and automobile audio systems.
Cyber Security Tips:
- Texas Instruments confirmed the vulnerabilities and released security patches for affected hardware on Thursday that will be available through respective OEMs.
- Aruba has also released a security patch for its Aruba 3xx and IAP-3xx series access points to address the CVE-2018-7080 flaw. However, both Cisco and Aruba noted that their devices have Bluetooth disabled by default.