A new Bluetooth vulnerability ‘BleedingBit’ is causing trouble for Aruba, Cisco and Meraki Wi-
Fi access point vendors using vulnerable Bluetooth Low Energy (BLE) IT chips made by Texas
Instruments. The Vulnerability could allow hackers to control over a wireless network and this is
bad news for the three leading access point vendors that make up just under 70% of the Wi-Fi
access point market.
The vulnerability CVE-2018-16986 exists in the overflow field that stores additional information
to notify the access point. An attacker can send a number of well-formed packets containing
code followed by a malformed packet that causes a stack overflow that could allow the execution
of the earlier sent code such as a backdoor.
The second vulnerability, CVE-2018-7080, affects only Aruba AP’s and the over-the-air
download (OAD) feature through BLE used for development purposes. If the feature is active in
a production system, an attacker can obtain the hardcoded password and rewrite the AP's
operating system. The underlying problem with BLE is currently no one considers this a risk, so
a company could be completely blindsided by this attack vector.
Bleedingbit was publicly announced by IoT security firm Armis on Nov. 1; it impacts Bluetooth
Low Energy (BLE) chips made by Texas Instruments (TI) that are used in Cisco, Meraki and
Aruba wireless access points. According to Armis, the impacted vendors were all contacted in
advance of the disclosure so that patches could be made available.