Bluetooth Chip – Vulnerable Part of Connected Devices

Bluetooth Chip – Vulnerable Part of Connected Devices

bluetooth chip

This post is also available in: heעברית (Hebrew)

Wireless access points can come in many forms, such as a router or an internet of things device. If a hacker gains access to the network, it becomes much easier to attack devices connected to it. That’s why the US and UK governments warned in April that Russian hackers were targeting millions of routers around the world.

Popular Wi-Fi access points of internet of things devices are open to critical security flaws. A hacker could completely take over network access points using the vulnerabilities on Bluetooth Low Energy (BLE) chips. This was found in tests executed by researchers at Armis Labs, a security company.

BLE is a different standard from Bluetooth. First introduced in 2011 as Bluetooth 4.0, it boasts a much longer battery life than its predecessor. Because of that longevity, BLE chips are more likely to be used in IoT devices and medical devices.   

The BLE chip vulnerabilities would let attackers hijack vulnerable networks and spread malware to any devices connected to those networks, though the hacker would have to be in the device’s Bluetooth range, and the Wi-Fi access point would also need to be in scanning mode for the attack to work. Many customers don’t even know that the devices they bought are using these BLE chips, according to the company.

Hospitals, offices, factories and stores use devices that rely on these chips. The vulnerabilities impact industries across the board, including health care, automotive and retail. Affected devices aren’t limited to just routers. The chips are used in pacemakers and insulin pumps too.

These new vulnerabilities highlight the extent of possible openings an attacker has to infiltrate a network: While there may not be anything wrong with the wireless network itself, these hidden BLE chips provide a way in.

Armis Labs said the vulnerabilities are found in four BLE chips made by Texas Instruments, and are used in Wi-Fi access points from Cisco, Meraki and Aruba. A security patch is expected for the flaws, according to cnet.com.

The first vulnerability affects Cisco’s and Meraki’s Wi-Fi access points, and works by taking advantage of a flaw in how the BLE chips analyze incoming data, security researchers said.

Each time data is sent to the BLE chip, the traffic is supposed to have a field that’s only six bits long. But these chips look at an extra two bits, and attackers can inject whatever values they want in those fields.

The second vulnerability affects Aruba’s Wi-Fi access point Series 300 and stems from an issue with Texas Instruments’ firmware updates.