Security researchers made a worrisome discovery of two major vulnerabilities in chips installed in millions of networking devices and access points around the globe.
Named BleedingBit, the two chip flaws in Bluetooth Low Energy (BLE) chips may allow hackers to run arbitrary code to take complete control of devices that don’t require authentication. This includes point-of-sales and IoT devices and well as critical medical devices such as pacemakers and insulin pumps. The discovery was made by researchers at Armis, an Israel-based security company that was also responsible for recently discovering BlueBorne, a range of Bluetooth-related flaws that affected billions of smartphones, TVs, laptops and watches using Android, Linux, iOS and Windows.
The vulnerabilities unveiled exist in BLE Stack chips manufactured by Texas Instruments and are embedded in a range of their enterprise products, used by companies such as Aruba, Meraki and Cisco. The first flaw affects many of Meraki and Cisco’s Wi-Fi access points. It uses a loophole in how incoming data is analysed by the chips. When excess data is sent to the chip, its memory is corrupted which makes the device vulnerable to malicious code. The second flaw stems from a firmware update done to a feature called Over the Air Firmware Download (OAD). All Aruba access points share the same password to this feature which can easily be obtained by hackers through sniffing a legitimate update or by reverse-engineering the Aruba BLE firmware. A malicious update can then simply be delivered to the access point and full control can be gained.
After making the discovery, Armis reported it to all vendors and duly assisted companies with rolling out updates that address the issues. Texas Instruments confirmed the flaws and subsequently released security patches to affected companies. Cisco, Meraki (owned by Cisco) and Aruba released security patches for the hardware and announced that they are not aware of anybody exploiting these vulnerabilities.