This post was made on 11/2/2018.
Armis lab is a security company that specializes in researching software and hardware that use the Internet of Things. Researchers of Armis found a major security flaw in Bluetooth Low Energy chips that could give attackers network access points allowing them to spread malicious code.
These Bluetooth Low Energy Chips (We’ll call them BLE for short.) have a much better battery life then its predecessor and are used in a variety of devices. These BLE’s are used in a lot of devices connected to the Internet of Things and medical devices. Now we know if something is connected to the Internet, then there is a high chance that someone will try to attack it.
In order for a hacker to get access to the device they had to be in the range of the device. But once the hacker was in range of said device they would use a hacking tactic called Buffer Overflow. Buffer Overflow essentially overloads the chip with more data than it can handle causing the system to either shut down or give involuntary access to the attacker. Once the router is accessed by the hacker they are free to spread all sorts of malicious code to the users of the router.
There is also another major flaw in Aruba’s Wi-Fi access point Series 300 that allows malware to be installed on what seem to be updates for the software. This vulnerability comes from the development tool on the program, which has no security. The Aruba Wi-Fi access point Series 300 also has BLE chips, which have access to these development tools. Once these development tools are accessed a user can make malware that disguises itself as a software upgrade and gets access to devices using Over Air Download.
There is an update that fixes the security flaw in most of these systems but Aruba Wi-Fi access point Series 300 still can send disguised updates to devices. The solution for this is to turn off your Over Air Download on your devices. Over Air Download is a completely optional feature that downloads the latest updates to the software on your devices from just about anywhere with a WiFi device.
The are so many devices that use the BLE chips that I’m genuinely surprised that there isn’t many major news sites talking about it. These chips could be used in your local supermarket, banks, business firms and even hospitals. These BLE chips can even be used in insulin pumps and pacemakers! A complete stranger could have access to a device that is attached to your body and that is scary!
Any company that used the BLE chips in their devices should issue a statement that their devices need an update to fix this security flaw. I also think that the general public should know about this too in order to be aware of the dangers of using public WiFi. But let’s be real here, we are two weeks away from midterm elections and the only thing major news organizations care about is politics and if the security flaw is not related to politics, then the general public will go blissfully unaware of this. It’s really annoying seeing that but if you happen to be one the readers of this blog post, then you can thank me(or the news source) for letting you know about it. Now you can go out to shop for ice cream paranoid that someone will send malware to your phone through the Internet. Have fun knowing that!
Source: Security researchers find flaws in chips used in hospitals, factories and stores
Cyberleech 