Date: a month ago   Category: Hi-Tech

The vulnerabilities in Bluetooth chips TI allowing to execute far off a code


Researchers of safety from the Armis company have reported about detection of two critical vulnerabilities in BLE (Bluetooth Low Energy) the chips from the Texas Instruments company (CC2640, CC2650 and CC1350) used in models of wireless points of access Cisco, Meraki and Aruba for the enterprises. Vulnerabilities allow to execute a code in the context of the BLE chip then to get exclusive access to the main program environment of a point of access. The attack doesn't demand passing of authentication and can be made when finding the malefactor within reach of Bluetooth Low Energy (about 10 meters).

of BLE in a wireless point of access is usually applied to connection of IoT-devices and various specialized equipment (for example, medical sensors) and also to tracking of movement of visitors in shops. As one of vectors of the attack replacement of an insertion by option with a malicious code which can analyze traffic (for example, to intercept passwords) is called, to attack users (for example, to substitute harmful JavaScript-inserts in not ciphered HTTP sessions) and to be used as the base for expansion of the attack to elements of corporate network. the First vulnerability (CVE-2018-16986) affects by

points of access of Cisco Aironet (1540, 18xx, 4800) and Meraki MR (30H, 33, 42E, 53E, 74) and allows to initiate overflow of the buffer in a chip insertion when processing definitely of the issued broadcasting BLE messages. Operation of vulnerability is carried out in two stages. At the first stage the usual advertizing-package which remains the BLE chip in memory goes. At the second stage the incorrect advertizing-package of the modified flags in heading which otbrabotka leads to allocation of the buffer of the insufficient size and mastication of data outside the buffer goes. The first package allows to keep the malicious code intended for performance in memory, and the second package gives the chance to redefine the index for transfer of management to this code. The problem is shown only at inclusion of BLE and activation in settings of the mode of scanning of devices (it is disconnected by default).

the Second vulnerability (CVE-2018-7080) is shown in wireless points of access of Aruba (AP-3xx, IAP-3xx, AP-203R, AP-203RP) and is caused by a defect in a code of loading of OTA updates of insertions for TI BLE chips. An essence of vulnerability in use of the predetermined password of access to function of updating of an insertion which is identical on all devices and which can be learned analyzing traffic during regular updating of an insertion or having carried out the return engineering of an insertion. This password can be used for the organization of installation by the malefactor of the modified updating of an insertion.

of the Cisco, Meraki and Aruba Company have already released updates of the insertions blocking vulnerability. The Texas Instruments company has fixed a problem in an insertion of BLE-STACK 2.2.2. The danger of vulnerabilities is estimated as insignificant as, first, the attack is possible only at inclusion of an option the scan

URL:




Today

5 days ago

One of the most famous and highly paid Hollywood actors Eddie Murphy became a father for the tenth time. As informs Newsmir.info with reference to the western tabloids, at the actor the son was born....

5 days ago

Late at night on December 7 in Kryvyi Rih on residential district Zarechny-5 the driver of BMW on the Lithuanian numbers apparently did not manage to drive and crashed into a concrete fence of parking...

5 days ago

The secret novel was for the woman an occasion of revenge to the traitor which can be turned into reality now. On Channel One was outlined intense scandal on the shouting subject again. The matter i...

5 days ago

Today, on December 8, approximately at 20:00 on Lyustdorfskaya Road the girl driver of BMW on "eurometal plates" did not manage to drive and crashed into a fence of prison. As reports "Newsmir.info"...

5 days ago

Unpleasant incident occurred on December 6 in the city Raisin of the Kharkiv region. As reported in local police station, about five o'clock in the evening to the 80-year-old woman the friendly woman...

5 days ago

In Hamburg the congress of the German conservatives who elected Annegret Crump-Karrenbaueer Angela Merkel successor on a post of the chairman of CDU came to the end. On Saturday, December 8, in Hamb...

5 days ago

The American company Ford on social network "VKontakte" organized and conducted survey which purpose was identification of the most useful automobile options in winter time for the Russian roads. th...

5 days ago

For most of the people suffering from this or that form of diabetes need to constantly take a blood test from a finger is not the most pleasant procedure - for this reason many teams of developers act...