Bleedingbit: Two New Bluetooth Vulnerabilities
Armis, a firm focused on Internet of Things (IoT) security, has discovered two new vulnerabilities dubbed Bleedingbit in BLE (Bluetooth Low Energy) chips made by Texas Instruments (TI).
The first vulnerability (cc2640, cc2650) affects the BLE chips used in Cisco and Meraki WiFi access points. If exploited, the proximity-based vulnerability triggers a memory corruption in the BLE stack, which could allow attackers to compromise the main system of the access point – thereby gaining full control over it.
The second vulnerability (cc2540) affects the Aruba WiFi access point Series 300. The device uses a TI BLE chip for over-the-air (OTA) firmware updates. Armis said that the issue is technically a backdoor in BLE chips that was designed to allow firmware updates.
“The ‘Bleedingbit’ vulnerabilities endanger enterprises using vulnerable access points in their networks. Beyond access points, the health sector is potentially affected by these vulnerabilities, because the affected BLE chips are used in many medical devices, such as insulin pumps and pacemakers. Even private users might be affected by the vulnerabilities if they use an IoT device that embeds one of the vulnerable chips,” said Armis in a blog post.
According to Armis these BLE chips are used widely in devices manufactured by players that include Cisco, Meraki, and Aruba.
An attacker can exploit these proximity-based vulnerabilities to gain access to the enterprise network. “Once an attacker takes control over an access point, they can move laterally between network segments and create a bridge between them — effectively breaking network segmentation,” wrote Armis in the blog post.
Armis notified TI, and the chip maker has already released security patches. Device manufacturers, Cisco, Meraki (owned by Cisco), and Aruba have released pushed updates to their devices.