Bleeding Bits: Undetectable Chip Level Attack Bug in Access Points
Exposes Enterprise Access Points and Unmanaged Devices to Undetectable Chip Level Attack mainly used in IoT devices and Medical devices
BLE chips (different standard from Bluetooth, was introduced as Bluetooth 4.0 in 2011) is been used widely on IoT and medical devices are prone to the critical bug which is named as "Bleeding Bits", would let attackers hijack vulnerable networks and spread malware to any devices connected to that network. But for successful exploitation of the bug, a hacker would have to be in the device's Bluetooth range, and the Wi-Fi access point would also need to be in scanning mode for the attack to work.
Armis Labs point out that BLE chips made by Texas Instruments which are mainly used in WiFi access points from Cisco, Meraki, and Aruba were found vulnerable to Bleeding Bits. Researchers have reported the issue to the respective vendor and they have already released the patch for the bug. Cisco & Meraki have also issued an advisory for their customer.
As researcher found Two vulnerabilities, among that the first vulnerabilities affect Cisco's and Meraki's WiFi access points. The BLE chips used in these access points supposed to have a field that's only six bits long on data transmission. But these chips look at an extra two bits, and attackers can inject whatever values they want in those fields.
This is a Buffer OverFlow type of attack, where attackers send more data to a BLE chip than it's supposed to handle, causing memory corruption. That failure would give an attacker full control over the wireless access point.
The second vulnerability affects Aruba's Wi-Fi access point Series 300 and stems from an issue with Texas Instruments' firmware updates. The BLE chips have a feature called Over Air Download, which allows for software upgrades. This feature has no security measures, which means attackers can install malware posing as updates on these devices. An attacker can just change the code to be his own malicious code and that can be used to access the network.
As vendors have already released the patch for the bug, it is recommended to everyone to update the firmware.