Texas Instruments Hold ‘em – `BleedingBit’

It’s been a fairly busy week for bug and patch announcements alike. Yesterday came the news that many devices including wireless access points, together with home and industry controllers and medical devices like insulin pumps, may be vulnerable to yet more ‘drive-by’ style attacks, which might enable an attacker to execute code and/or take full control of devices which use Bluetooth Low Energy (BLE) stack chips (not a stack of chips) manufactured by Texas Instruments. Houston we might have a problem.

The two attacks, which have a name ‘BleedingBit’ and a logo (y’all know how we love a vulnerability with a name and a logo, particularly if it has blood in it with the added bonus of being announced around Halloween), were discovered by Bluetooth hacking maestros Armis, are CVE-2018-16986, which affects a plethora of devices including Cisco access points and CVE-2018-7080 which affects Aruba access points and yet more devices (if they have certain features enabled by default). The Armis announcement is here, which has links to vendor announcements for your weekend contemplation.

Our hardworking SOC team produce vulnerability announcements called, for reasons unknown and mysterious ‘Threat Horizons’. The one about BleedingBit is here, the full catalogue is here. As we said, this has been a busy week with a flurry of announcements. The team have been hard at work and deserve a round of applause, or just a round…..

As with all of these chip vulnerabilities not to mention the two Linux privilege escalation announcements here and here, the devil is in the detail and you may not be vulnerable depending on default and other internal settings.

We urge you not to gamble and to have a good read of the vendor material before leaping into action that may cause more harm than good (such as taking down your whole network). If you have any concerns, contact us at the details below or via your super slick, not to mention enthusiastic, account team. We would be happy to help.

Whilst doing some rooting around for this week’s blog, we came across this most excellent directory breach of locked iPhones using the very latest and greatest iOS (12.1, not to be confused with Cisco IOS 12.1, very confusing to us ancient old hacks). This was discovered by one Jose Rodriguez (Spanish in case you wondered) and reported to The Hacker News – a mighty fine site. If you don’t have the energy to read the article here is the video of Jose in action (honest, it is the same Jose).

As usual if you want to discuss any of the issues in this blog, do contact us at: [email protected] or call 020 7517 3900.

Have a great weekend. Fingers crossed that England turn up against The Boks tomorrow.