A researcher at corporate IoT security firm Armis found two serious vulnerabilities in some popular wireless access points where hackers could compromise a corporate network if exploited.
Two important vulnerabilities are Bluetooth low energy (BLE) chips manufactured by Texas Instruments (TI) used in wireless access points for Cisco, Meraki and Aruba.
If Armis exploits a vulnerability called "BLEEDINGBIT," an attacker could break into the enterprise network and take over the access point, propagate malware, and move across the network segment without being detected.
Impact on Enterprise Networks
The first vulnerability in BLEEDINGBIT affects the cc2640 and cc2650 TI BLE chips. Cisco and Meraki Wi-Fi access points. Exploitation of this proximity vulnerability can cause memory corruption in the BLE stack, allowing an attacker to compromise and control the access point's key system.
The second vulnerability affects Aruba Wi-Fi access point-series Series 300 with TI BLE chip cc2540 and TI's Over-the-Air Firmware Download (OAD) It is related to the back door function of the chip.
An attacker near you accesses this feature and installs an entirely new version of the firmware, causing the manufacturer to fail to properly implement the BLE chip's operating system. By default, the OAD feature does not automatically distinguish between trusted firmware updates for potential malicious updates. As a result, an attacker can exploit this feature to create a platform for access points that can penetrate secure networks.
TI has already released software updates to address the first vulnerability due to a patch from Cisco, Meraki, and Aruba.
Synopsys technical strategist and research director Travis Biehn said, providing a deeper insight into the patch process.
"How do I connect a microcontroller to control the router function that you run a BLE microcontroller is arbitrary for each device that is affected."
"TI chips are inherently a It seems to have a vulnerability that could compromise the runtime. The attacker must identify other vulnerabilities between the TI chip and the primary access point microcontroller to achieve the access level they describe. "It will depend on whether there is a firmware update method on TI's BLE microcontroller B) The access point microcontroller has the following features and connectivity:
TI's firmware update routine can be reached. "
- The best antivirus