Bluetooth chip has serious security vulnerabilities that widely affect smart electronic products
The latest analysis released by the Israeli security company ARMIS pointed out that there are two serious security vulnerabilities, bleedingbit in the low-power Bluetooth chip produced by Texas Instruments.
These security vulnerabilities allow an attacker to control a device and invade the intranet directly remotely. What is worse is that the Bluetooth chip is widely used in smart electronic products.
For example, smart electronic locks in the smart home field, as well as insulin pumps and pacemakers in the medical area, as well as corporate wireless routers.
The chip has been identified to include Cisco’s various enterprise-class wireless routers, and Cisco is currently busy fixing these vulnerabilities.
CVE-2018-16986 security vulnerability:
This vulnerability can be exploited by an attacker to trigger memory corruption on the German low-power Bluetooth chip, and then no authentication is required to allow the hacker to take over the device.
Then use the wireless router-specific advertising package to take advantage of this error, such as an attacker can run malware or backdoor on the target device.
Of course, the attacker already can fully control the device, so it can easily invade the intranet, waiting for the opportunity to steal potential confidential data and intelligence.
CVE-2018-7080 security vulnerability:
The security company believes that the security vulnerability is more like a backdoor. The vulnerability is located in the firmware update module of the Texas Instruments Bluetooth chip to download the new version of the firmware automatically.
This feature has a default administrative password used to connect to the device for updates remotely, and the firmware update is also updated without verification.
This problem is not a backdoor or a flaw because Texas Instruments has warned that this update feature is only suitable for development tests and should not be used in a formal environment.