Date: 4 months ago   Category: Hi-Tech

The vulnerabilities in Bluetooth chips TI allowing to execute far off a code


Researchers of safety from the Armis company have reported about detection of two critical vulnerabilities in BLE (Bluetooth Low Energy) the chips from the Texas Instruments company (CC2640, CC2650 and CC1350) used in models of wireless points of access Cisco, Meraki and Aruba for the enterprises. Vulnerabilities allow to execute a code in the context of the BLE chip then to get exclusive access to the main program environment of a point of access. The attack doesn't demand passing of authentication and can be made when finding the malefactor within reach of Bluetooth Low Energy (about 10 meters).

of BLE in a wireless point of access is usually applied to connection of IoT-devices and various specialized equipment (for example, medical sensors) and also to tracking of movement of visitors in shops. As one of vectors of the attack replacement of an insertion by option with a malicious code which can analyze traffic (for example, to intercept passwords) is called, to attack users (for example, to substitute harmful JavaScript-inserts in not ciphered HTTP sessions) and to be used as the base for expansion of the attack to elements of corporate network. the First vulnerability (CVE-2018-16986) affects by

points of access of Cisco Aironet (1540, 18xx, 4800) and Meraki MR (30H, 33, 42E, 53E, 74) and allows to initiate overflow of the buffer in a chip insertion when processing definitely of the issued broadcasting BLE messages. Operation of vulnerability is carried out in two stages. At the first stage the usual advertizing-package which remains the BLE chip in memory goes. At the second stage the incorrect advertizing-package of the modified flags in heading which otbrabotka leads to allocation of the buffer of the insufficient size and mastication of data outside the buffer goes. The first package allows to keep the malicious code intended for performance in memory, and the second package gives the chance to redefine the index for transfer of management to this code. The problem is shown only at inclusion of BLE and activation in settings of the mode of scanning of devices (it is disconnected by default).

the Second vulnerability (CVE-2018-7080) is shown in wireless points of access of Aruba (AP-3xx, IAP-3xx, AP-203R, AP-203RP) and is caused by a defect in a code of loading of OTA updates of insertions for TI BLE chips. An essence of vulnerability in use of the predetermined password of access to function of updating of an insertion which is identical on all devices and which can be learned analyzing traffic during regular updating of an insertion or having carried out the return engineering of an insertion. This password can be used for the organization of installation by the malefactor of the modified updating of an insertion.

of the Cisco, Meraki and Aruba Company have already released updates of the insertions blocking vulnerability. The Texas Instruments company has fixed a problem in an insertion of BLE-STACK 2.2.2. The danger of vulnerabilities is estimated as insignificant as, first, the attack is possible only at inclusion of an option the scan

URL:




Today

just now

"It is very difficult to describe Gareth in a word. I would tell that he very talented, but is a pity that so often this talent is hidden from light. Ya I live as the person who was born and grew up...

just now

The popular actress can give birth to herself to the kid not to feel loneliness. Users of Network consider that Olga Buzova needs to give birth to herself to the child for a long time to have own fa...

just now

The ballerina appeared on Sunday service in the temple and bragged of it to admirers in Instagram. 43-year-old Anastasia Volochkova visited on Sunday church service again. Probably, the ballerina ha...

just now

The only thing that now interests investors - results of elections which they are afraid that is expressed in rates. About it there is a speech in the blog by Sergey Fursy, the specialist of sales d...

just now

According to the deputy of Kyiv City Council (Solidarnost fraction) Yaroslav Didenko, he knew of the preparing attack on its office located in Pechersky district of the capital. The person whom malefa...

just now

In Russia a lot of time hoped that sanctions will be removed as several countries signaled that and will be, the cochairman of the European Council concerning the external relations Carl Bildt said....

just now

Now many driving schools train in control of cars with the automatic transmission as for the beginning drivers the car has to be budgetary and reliable. TOP-5 the car with "automatic machine" for the...

just now

The famous actor saw the criminal. Murder of the singer Igor Talkov is still shrouded in mystery. Relatives of the died actor Evgeny Belousov said that he saw the murderer. They told about it on a b...