• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Bleedingbit Bleeds Bluetooth

November 2, 2018 By Trevor Collins

A new Bluetooth vulnerability called Bleedingbit came out yesterday, affecting Bluetooth APs if they use a Texas Instruments chip. With many IoT devices using Bluetooth including TVs, cellphones, locks, and modern cars there are a lot of potential devices that could be exploited.

Before we dive in, if you are a WatchGuard customer, you’re probably wondering if you are affected. Only the WatchGuard AP325 includes a Bluetooth radio, which remains disabled in current firmware. Furthermore, the AP325 does not use a Texas Instruments Bluetooth chipset and is not affected by this vulnerability.

Bleedingbit consists of 2 separate vulnerabilities. The first one affects only Aruba Access Point Series 300 and allows attackers to run their own firmware on the Bluetooth chip if they obtain a hard-coded password, which all Aruba Access Point Series 300 devices use. This password appears to be a leftover from development that wasn’t removed for production. The 2nd vulnerability is far more widespread. This one allows any user within Bluetooth range to run malicious code on affected Bluetooth chips. Once their code executes on the Bluetooth chip they can read any connection over Bluetooth from the AP. The attacker could also use the Bluetooth chip as a jump point to exploit other chip vulnerabilities on the AP to take over the AP. This could allow them access to every network segment that is connected to the AP. The researchers haven’t released the details of the vulnerability, so it will be difficult to know what devices are affected. The current list of affected devices is here.   So far only Cisco, Meraki, and Aruba devices are known to be vulnerable, however any device with a Texas Instruments Bluetooth chip may be vulnerable. Fortunately, Bluetooth must be enabled for an attacker to exploit this vulnerability.

If your device is affected and is a Cisco or Meraki AP, then we recommend patching the vulnerability. If it is an AP where it is unknown if it has the vulnerability, then we recommend disabling Bluetooth on the device. Check with the vendor to see if your AP is vulnerable to this vulnerability. If you must have Bluetooth enabled then we recommend segmenting the entire AP, including management of the AP. Any traffic should be treated like external traffic. We recommend not sending any sensitive information over the AP.

If you have a vulnerable Aruba Access Point Series 300 then update with the latest security patch once it is released.

If you are in a high security environment, then we recommend not using Bluetooth at all. Bluetooth has a long list of past vulnerabilities due to its vagueness in the protocol.

Because this vulnerability requires the agent to be within Bluetooth range, physical security of the premise will also mitigate this exploit. However, Bluetooth has a range of 100 feet and can be more with a directional antenna. It would be better to disable Bluetooth altogether.

Keep an update for security patches from your access point vendor if you own an affected model. Once a patch is released for your device be sure to install it to keep your network safe.

Share This:

Related

Filed Under: Editorial Articles Tagged With: Hacking, Infosec news, Zero day exploit

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Cybersecurity’s Toll on Mental Health
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use