5th November, 2018 2 Min read
Book a Demo
Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world.
Reduce your AWS costs by over 50%
Discover your Cloud Saving Potential – Answer just 5 simple questions. AppsFlyer, Playtika, Lufthansa, IBM, top leading companies are already using our FinOps services.
Dubbed BleedingBit, the set of two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication, including medical devices such as insulin pumps and pacemakers, as well as point-of-sales and IoT devices.
Discovered by researchers at Israeli security firm Armis, the vulnerabilities exist in Bluetooth Low Energy (BLE) Stack chips made by Texas Instruments (TI) that are being used by Cisco, Meraki, and Aruba in their enterprise line of products.
Armis is the same security firm that last year discovered BlueBorne, a set of nine zero-day Bluetooth-related flaws in Android, Windows, Linux and iOS that affected billions of devices, including smartphones, laptops, TVs, watches and automobile audio systems.
The first vulnerability, identified as CVE-2018-16986, exists in TI chips CC2640 and CC2650 and affects many Cisco and Meraki’s Wi-Fi access points. The bug takes advantage of a loophole in the way Bluetooth chips analyze incoming data.
The second vulnerability, identified as CVE-2018-7080, resides in CC2642R2, CC2640R2, CC2640, CC2650, CC2540, and CC2541 TI chips, and affects Aruba’s Wi-Fi access point Series 300.
This vulnerability stems from an issue with Texas Instruments’ firmware update feature in BLE chips called Over the Air firmware Download (OAD).
Since all Aruba access points share the same OAD password which can be “obtained by sniffing a legitimate update or by reverse-engineering Aruba’s BLE firmware,” an attacker can deliver a malicious update to the targeted access point and rewrite its operating system, gaining full control over the device.
Read more: The Hacker News
EX.CO is a video technology platform that enables publishers to monetize video content on websites.
Justt is a chargeback mitigation startup based in Tel Aviv. Chargebacks, as defined, are demands by a credit card provider for a retailer to reimburse losses on fraudulent or disputed transactions. Justt’s objective is to assist merchants worldwide in combating false chargebacks using its proprietary artificial intelligence technology.
The cloud used to be viewed as a place of significant cost savings: rather than purchasing and maintaining dozens of server stacks, organizations could outsource this and purchase compute power on an as-needed basis. In the ensuing rush to cloud architecture, however, many companies simply lifted-and-shifted their old financial bad habits. The sheer speed of […]
Cloud computing has transformed more than individual app architectures: it’s granted both start-ups and market leaders an equal platform for innovation. New products are no longer dependent upon complex revenue-draining in-house server stacks. Instead, cloud-native disruptors such as Uber and Airbnb have been able to harness the once-unthinkable degrees of agility, scalability, and cost-efficiency that […]
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.