BLEEDINGBIT: Bluetooth firmware vulnerabilities

Many WiFi access points have Bluetooth built into them now, and Bluetooth chips typically have firmware of their own.

In this case, a software stack called “BLE-STACK” that runs on a Cortex-M3 MCU.

https://arstechnica.com/information-technology/2018/11/bluetooth-bugs-bite-millions-of-wi-fi-aps-from-cisco-meraki-and-aruba/

https://armis.com/bleedingbit/

So far, it seems to impact various Cisco, Meraki and Aruba access points.

CVE-2018-7080: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7080

CVE-2018-16986: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16986

Why are there Bluetooth chips in enterprise/commercial grade wifi APs? From Ars:

The BLE chips offer a variety of enhancements to traditional Wi-Fi APs. Retailers, for instance, can use them to monitor customer movements inside stores by monitoring the Bluetooth beacons sent by the customers’ phones. Hospitals can use BLE to keep track of Bluetooth-enabled medical equipment.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s