Armis security researchers have found a vulnerability in Bluetooth Low Energy chips from Texas Instruments. This makes access points from Cisco, Cisco Meraki and Aruba Networks vulnerable to hacking. The vulnerabilities affect the routers in various ways, depending on the manufacturer.
The researchers have called the vulnerability BLEEDINGBIT. In the case of Cisco and Meraki access points that have TI BLE chips, there is a vulnerability that can be exploited to trigger memory corruption in the BLE stack, allowing a hacker to compromise the overall system of the device. There’s gotta be a hacker around for this.
Another vulnerability relates to a TI BLE chip that is used in Aruba’s access points. This allows a hacker to abuse the function to download firmware over-the-air. This allows a hacker to install a different version of the device’s firmware, a version that can be modified to allow access outside the usual parameters.
The vulnerabilities were discovered in Wi-Fi access points, but according to the researchers, the vulnerabilities can also occur in various other devices. “This may go beyond access points, as these chips are used in many other types of devices,” said Ben Seri, vice president of research at Armis. “They are used in various industries, including healthcare, automotive and retail. As we add more connected devices using new protocols such as BLE, we see the risk landscape grow with it.”
According to Nick Murison, managing consultant at Synopsys Software Integrity, the vulnerability is not in the protocol, but in the way the protocol is implemented. It emphasizes how important it is for vendors to test that their implementations not only meet the specifications of a protocol, but also respond in a safe way when faced with rogue traffic, says Murison.
According to Murison, there are more steps that companies can take earlier in the development process to prevent implementation errors. “Companies should find ways to ensure that developers understand the consequences of such errors through a variety of training offerings that fit in with the developers’ work style. As part of the design phase, companies should also look at threat modeling or a risk analysis of the architecture to identify potential security vulnerabilities.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.