New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research

Search

BleedingBit Bluetooth Vulnerabilities

Bluetooth plays a major role in modern society whether it’s connectivity for music or the keyboard used to type on. Corporations around the world have also adopted access points as well as other network devices that also use Bluetooth, for example, a local area network (LAN) that uses a wireless access point. This becomes a problem when vulnerabilities such as BleedingBit arise, allowing cybercriminals to place arbitrary code and operate with full capabilities on a susceptible device. Bluetooth Low Energy (BLE) Stack chips made by Texas Instruments are specifically where the vulnerabilities lie. Identified first was CVE-2018-16986 in TI chips CC2640 and CC2650 which are used in quite a few Meraki and Cisco Wi-Fi access points. Using a buffer overflow attack, malicious code is able to be placed on the devices. For this to be pulled off, the attacker must be near the targeted device, but once they’re in they can pull their stunts over the internet. The second vulnerability affected four more chips than the previous, CC2642R2, CC2640R2, CC2640, CC2650, CC2540, and CC2541 were the ones in the Aruba Series 300 devices that were hit. “By default, the Over the Air firmware Download (OAD) feature is not automatically configured to address secure firmware updates. It allows a simple update mechanism of the firmware running on the BLE chip over a GATT transaction. An attacker… can connect to the BLE chip on a vulnerable access point and upload a malicious firmware containing the attacker’s own code, effectively allowing a completely rewrite its operating system, thereby gaining full control over it,” researchers explained. Patches have already been issued by the affected companies and vendors aren’t aware of the zero-day vulnerabilities being passed around in the wild.

Analyst Notes

Zero-day vulnerabilities present genuine security dangers, leaving users defenseless to zero-day assaults which can result in potential harm to their PC or personally identifiable information (PII). It is advised to stay up to date with the latest vulnerabilities to help secure against a zero-day threat and always check for an answer when a zero-day weakness is reported. Most programming sellers work rapidly to fix a security threat. Risks should never be minimalized, as cybercriminals will look to misuse security openings to access devices and users’ data. They can utilize data for a scope of cybercrimes including wholesale fraud, bank extortion, and ransomware. Continuously utilize dependable security programming to help keep gadgets sheltered and secure.