Bleedingbit zero-day chip flaws may expose majority of enterprises to remote code execution attacks
Bleedingbit is a set of two new zero-day vulnerabilities which have the potential to expose enterprise firms to remote code execution attacks worldwide.
On Thursday, researchers from enterprise security firm Armis revealed the bugs, which together impact Bluetooth Low-Energy (BLE) chips used in millions of Cisco, Meraki, and Aruba wireless access points (APs).
Developed by Texas Instruments (TI), the vulnerable BLE chips are used by roughly 70 to 80 percent of business wireless access points today by way of Cisco, Meraki and Aruba products.
“Because businesses rely on them for mission-critical communications, a compromise at this level can give attackers deep access into enterprise networks,” Armis says.
It is not known at this time how many devices are immediately impacted by Bleedingbit, however, Armis told ZDNet that initial figures estimate that “millions” of devices are affected, and “this number is expected to rise.”
The BLE protocol, also sometimes known as Bluetooth Smart, is based on the standard Bluetooth communications protocol but has been tailored for Internet of Things (IoT) devices. ..Read More..