Vulnerability in Bluetooth opens up opportunities to attack wireless access points
Security experts have found serious vulnerabilities in popular access points, which, if used, will allow attackers to compromise cooperative networks.
Two shortcomings were found in the “Bluetooth Low Energy” chips made by Texas Instruments. Their chips are used by companies such as Cisco, Aruba and Meraki in their solutions for cooperative wireless access points. And although these two shortcomings are different and are aimed at a number of models, the vulnerability allows an attacker to take an access point and get into the cooperative network or jump over the virtual walls separating the networks.
Armis security researchers named this vulnerability the “Bleeding Bit” because the first bug causes a higher bit to be switched into a Bluetooth package that causes memory overflow, or “bleed” - when an attacker can use malicious code in Cisco devices or Meraki.
The second bug allows you to install malicious firmware on one of the devices Aruba, because the software does not check for the truth of the update.
Although experts say that bugs allow you to perform an attack remotely, then the attackers will still have to act next to the devices, because attackers cannot use the exploit via the Internet, and the Bluetooth radius is limited (about 100 meters, well, a little more with antenna).
Ban Seri, vice president of research at Armis, argues that the exploitation process for vulnerability is “relatively straightforward. Although the company has not yet submitted a code that uses one of the exploits, Seri says that the attackers need "only a laptop or a smartphone that has Bluetooth built-in."
He warned that a Bluetooth-based attack could only be part of a major exploitation of a vulnerability.
“If an attacker gets control through these vulnerabilities at least once, he will be able to establish an outgoing connection via the Internet and be able to control the server. Then, he can continue the attack more removed. ”
Bleeding Bit allows an attacker, without authentication, to enter corporate networks that are not detected, intercept access points, distribute malicious software, and navigate through network segments.
“Armis” does not know how many devices are vulnerable, but he warned that this exploit is in many other devices with “Bluetooth Low Energy” chips.
“These chips are used in various industries, such as hospitals, industry, etc.,” says Seri.
Also, Seri added that the vulnerability is not in the Bluetooth protocol itself, but in the chip. Since this is an open standard, the companies themselves decide how to implement the protocol. Critics argued a lot that Bluetooth specifications leave too much room for interpretation, which can cause security problems.
Later, Texas Instruments confirmed the bug and released several patches. Cisco, Aruba and Meraki also released their patches to close the vulnerability, although they claimed that Bluetooth was turned off by default.
Apple Check Point, D-Link and Netgear devices are not affected by this vulnerability.