Two New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks

Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world.

Dubbed BleedingBit, the set of two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication, including medical devices such as insulin pumps and pacemakers, as well as point-of-sales and IoT devices.

Book a demo today to see GlobalDots is action.

Optimize cloud costs, control spend, and automate for deeper insights and efficiency.

Book a demo today to see GlobalDots is action.

Discovered by researchers at Israeli security firm Armis, the vulnerabilities exist in Bluetooth Low Energy (BLE) Stack chips made by Texas Instruments (TI) that are being used by Cisco, Meraki, and Aruba in their enterprise line of products.

Armis is the same security firm that last year discovered BlueBorne, a set of nine zero-day Bluetooth-related flaws in Android, Windows, Linux and iOS that affected billions of devices, including smartphones, laptops, TVs, watches and automobile audio systems.

The first vulnerability, identified as CVE-2018-16986, exists in TI chips CC2640 and CC2650 and affects many Cisco and Meraki’s Wi-Fi access points. The bug takes advantage of a loophole in the way Bluetooth chips analyze incoming data.

The second vulnerability, identified as CVE-2018-7080​, resides in CC2642R2, CC2640R2, CC2640, CC2650, CC2540, and CC2541 TI chips, and affects Aruba’s Wi-Fi access point Series 300.

This vulnerability stems from an issue with Texas Instruments’ firmware update feature in BLE chips called Over the Air firmware Download (OAD).

Since all Aruba access points share the same OAD password which can be “obtained by sniffing a legitimate update or by reverse-engineering Aruba’s BLE firmware,” an attacker can deliver a malicious update to the targeted access point and rewrite its operating system, gaining full control over the device.

A digital background of computer code with a prominent lock icon in the center

Read more: The Hacker News

Latest Articles

What is an API Security Audit?

 In January 2024, a misconfigured API exposed 650,000 private messages. These included passwords and internal communications. No exploit chain. No zero-day. Just a public-facing endpoint with no authentication. This wasn’t an isolated incident. From T-Mobile and Twitter (now X) to Kronos Research and the US Treasury, attackers have consistently used APIs as entry points. They […]

Ganesh The Awesome
26th June, 2025
The Ultimate API Security Checklist for 2025

APIs are now the top attack vector in enterprise apps. In 2024 alone, breaches tied to APIs cost an average of $4.88 million, and that number is rising fast. Attackers exploit gaps in API authentication, input validation, and outdated endpoints to compromise systems. Legacy controls no longer suffice, and the OWASP API Top 10 outlines […]

Ganesh The Awesome
26th June, 2025
10 API Security Best Practices for 2025

APIs are the backbone of today’s interconnected software. They power everything from mobile apps and SaaS platforms to internal microservices and partner integrations. But their rapid growth has left many security teams flat-footed. In 2025, many attackers prefer to exploit API misconfigurations hiding in plain sight. What used to be fringe cases (token leakage, zombie […]

Ganesh The Awesome
23rd June, 2025
API Security in 2025: Practical Assessment & Modern Protection Strategies

APIs are no longer an edge case. In 2025, they’re a core requirement for maintaining trust, compliance, and operational continuity. As organizations build more API-driven systems—from customer apps to internal microservices—the exposure risk compounds. And quickly, too. Even mature security teams are finding that traditional tools can’t keep pace with the volume, velocity, and nuance […]

Ganesh The Awesome
23rd June, 2025

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services