Well, here we go again, security researchers at the Israeli firm named Armis have discovered yet another Bluetooth zero-day vulnerability and unfortunately this time in came in pairs. Bluetooth products have computer processors embedded in them which are called Bluetooth Low Energy (BLE) chips. The chips are manufactured by Texas Instruments (TI) and are being purchased by and used in Cisco’s network enterprise infrastructure line of products. Millions of Bluetooth access points and networking devices use these chips and are now vulnerable to exploits based on the existing vulnerabilities within these chips. The vulnerabilities unlike “BlueBorne” has been named “BleedingBit (CVE-2018-16986)”. The first of the two vulnerabilities within the BLE TI Chips CC2640 and CC2650 could possibly allow malicious cyber threat actors to remotely execute arbitrary code and take full control of vulnerable Bluetooth devices without any type of authentication by using a discovered loophole, which only occurs while the Bluetooth chips processor is analyzing incoming data. Unfortunately, some of these devices include critical use medical devices such as insulin pumps and pacemakers. Other devices include point-of-sale devices at big box stores and consumer Internet of Things (IOT) devices, such as refrigerators and closed-circuit TVs and video cameras.
However, as mentioned above the vulnerability came by way of two. The second vulnerability was identified as (CVE-2018-7080), and it resides in the various BLE area of TI chips CC2642R2, CC2640R2, CC2640, CC2650, CC2540, and CC2541 and affects the vendor Aruba's Wi-Fi access point Series 300. The vulnerability stems from an issue with Texas Instruments' (TI) firmware update features in the BLE chips which is called “Over the Air firmware Download” (OAD). Finally, TI has recognized the vulnerabilities that were reported by the security researchers at Armis and therefore released a patch in the last week of October 2018. According to both vendors, Cisco and Aruba they state that The Bluetooth is disabled by default and at this time no one has exploited either vulnerabilities in the wild. Security researchers at Redport IA, LLC have been analyzing the situation and validated the fact that not even a known Proof-of-Concept (PoC) was developed to demonstrate the vulnerability flaws of BleedingBit as this time.

Dr. Randall Sylvertooth

Source:
https://thehackernews.com/2018/11/bluetooth-chip-hacking.html

For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA