Skip to main content

Researchers Have Found A New Security Issue With Bluetooth

By November 17, 2018June 2nd, 2022Cybersecurity

Researchers from the Israeli security firm Armis have discovered a new security flaw in BLE (Bluetooth Low Energy) chips that expose millions of access points and networking devices around the world. This opened the door to a new hack.

The flaw has been dubbed “BleedingBit” and is actually two separate vulnerabilities that could allow a hacker to execute code or take complete control over a vulnerable device without the need of a password.  What makes BleedingBit an especially dangerous flaw is the fact that a wide range of medical devices including pacemakers and insulin pumps can be targeted, along with other IoT devices and point of sale terminals.

According to the research team, the attack works as follows:

“First, the attacker sends multiple benign BLE broadcast messages called Advertising Packets, which will be stored on the memory of the vulnerable BLE chip in the targeted device.

Next, the attacker sends the overflow packet, which is a standard advertising packet with a subtle alteration – a specific bit in its header is turned ON instead of off.  This bit causes the chip to allocate the information from the packet a much larger space than it really needs, triggering an overflow of critical memory in the process.”

It should be noted that in order to execute the attack, a hacker would need to be in close proximity to the target device. Of course, once it has been compromised, it can be accessed again at will remotely, monitoring network traffic, conducting man in the middle attacks, or launching additional attacks on other devices connected to the targeted device.

The Armis researchers responsibly reported their findings and the chip manufacturer, Texas Instruments, has confirmed the vulnerabilities and has already released patches for the affected hardware.

If your company uses BLE chips in any aspect of your business, be sure to grab the latest update.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.