Date: 7 months ago   Category: Hi-Tech

The vulnerabilities in Bluetooth chips TI allowing to execute far off a code


Researchers of safety from the Armis company have reported about detection of two critical vulnerabilities in BLE (Bluetooth Low Energy) the chips from the Texas Instruments company (CC2640, CC2650 and CC1350) used in models of wireless points of access Cisco, Meraki and Aruba for the enterprises. Vulnerabilities allow to execute a code in the context of the BLE chip then to get exclusive access to the main program environment of a point of access. The attack doesn't demand passing of authentication and can be made when finding the malefactor within reach of Bluetooth Low Energy (about 10 meters).

of BLE in a wireless point of access is usually applied to connection of IoT-devices and various specialized equipment (for example, medical sensors) and also to tracking of movement of visitors in shops. As one of vectors of the attack replacement of an insertion by option with a malicious code which can analyze traffic (for example, to intercept passwords) is called, to attack users (for example, to substitute harmful JavaScript-inserts in not ciphered HTTP sessions) and to be used as the base for expansion of the attack to elements of corporate network. the First vulnerability (CVE-2018-16986) affects by

points of access of Cisco Aironet (1540, 18xx, 4800) and Meraki MR (30H, 33, 42E, 53E, 74) and allows to initiate overflow of the buffer in a chip insertion when processing definitely of the issued broadcasting BLE messages. Operation of vulnerability is carried out in two stages. At the first stage the usual advertizing-package which remains the BLE chip in memory goes. At the second stage the incorrect advertizing-package of the modified flags in heading which otbrabotka leads to allocation of the buffer of the insufficient size and mastication of data outside the buffer goes. The first package allows to keep the malicious code intended for performance in memory, and the second package gives the chance to redefine the index for transfer of management to this code. The problem is shown only at inclusion of BLE and activation in settings of the mode of scanning of devices (it is disconnected by default).

the Second vulnerability (CVE-2018-7080) is shown in wireless points of access of Aruba (AP-3xx, IAP-3xx, AP-203R, AP-203RP) and is caused by a defect in a code of loading of OTA updates of insertions for TI BLE chips. An essence of vulnerability in use of the predetermined password of access to function of updating of an insertion which is identical on all devices and which can be learned analyzing traffic during regular updating of an insertion or having carried out the return engineering of an insertion. This password can be used for the organization of installation by the malefactor of the modified updating of an insertion.

of the Cisco, Meraki and Aruba Company have already released updates of the insertions blocking vulnerability. The Texas Instruments company has fixed a problem in an insertion of BLE-STACK 2.2.2. The danger of vulnerabilities is estimated as insignificant as, first, the attack is possible only at inclusion of an option the scan

URL:




Today

just now

Department checked quality of beef cutlets of 7 popular brands: "Ложкаревъ", "Black Bull", Morozko, "MLM", Miratorg, "Every Day" also "We twist-mold". Experts Roskontrolya found antibiotics and anti...

just now

There were rumors that the ByteDance company which possesses TikTok develops paid service of stream transfer of music. Moreover, many claim that service will appear already in the nearest future. By...

just now

Fosu-Mensah against Zinchenko. of Opta Sports published the list of ten fastest players of the nuclear submarine following the results of the past season. B it not was Ukrainian Alexander Zinchenk...

just now

Near Kiev per day the police found several people who stored houses the unregistered weapon. The pensioner from the village Babble the self-made gun and a fowling piece stored houses, the resident of...

just now

According to data of the international organization of health care, use of a car seat helps to save the child from injuries in 54% of cases. For this reason careful parents do not save on safety of ch...

just now

The Ministry of Internal Affairs tests video recorders with the function of face recognition developed by the Russian company NtechLab write Vedomosti. If tests take place successfully, then function of recognition will appear at the portable video recorders which are already used by police officers. of NtechLab wants to define requirements of th...

just now

In 2017 the THQ Nordic company released a role action of ELEX from Piranha Bytes also known on Gothic and Risen, and recently declared purchase of this well-known German studio. Everything indicates t...

just now

The Korean cross-hatchback surpasses "Frenchman" in many parameters. began to enjoy popularity hatchbacks Now with the increased passability to which it is possible to carry Renault Sandero Stepway...