INSUBCONTINENT EXCLUSIVE:
Researchers from the enterprise IoT security company, Armis have discovered two severe vulnerabilities in several popular wireless access
points that, if exploited, could allow hackers to compromise enterprise networks.The two critical vulnerabilities are related to to the use
of Bluetooth Low Energy (BLE) chips manufactured by Texas Instruments (TI) that are used in wireless access points from Cisco, Meraki and
vulnerabilities can be detected or stopped by both traditional network and endpoint security solutions.Impact on enterprise networksThe
first BLEEDINGBIT vulnerability affects the cc2640 and cc2650 TI BLE chips embedded in Cisco and Meraki Wi-Fi access points
If exploited, this proximity-based vulnerability could trigger a memory corruption in the BLE stack which could allow attackers to
compromise the main system of the access point and gain full control over it.The second vulnerability impacts the Aruba Wi-Fi access point
Series 300 with TI BLE chip cc2540 and its use of TI's over-the-air firmware download (OAD) feature
This issue relates to the built-in backdoor feature of BLE chips that allows for firmware updates.If exploited, a nearby attacker could
access this feature and use it to install a completely new and different version of the firmware which would rewrite the operating system of
the BLE chip if the manufacturer failed to correctly implement it
By default, the OAD feature does not automatically differentiate between a trusted firmware update from a potentially malicious update
Therefore an attacker could abuse this feature to gain a foothold on an access point through which they could penetrate secure
networks.Patches incomingTI has already released software updates to address the first vulnerability with patches from Cisco, Meraki and
Aruba expected by the beginning of November.Technical strategist and research lead at Synopsys, Travis Biehn offered further insight on the
microcontroller controlling the executive router functions
ability to compromise their runtime on those TI chips, an attacker needs to identify another vulnerability between the TI chip and the main
