Meet With Armis at RSAC 2024

Schedule a Meeting
Dec 06, 2018

Armis Demos BLEEDINGBIT at Black Hat Europe

Armis Demos BLEEDINGBIT at Black Hat Europe

Last month we disclosed BLEEDINGBIT, two critical chip-level vulnerabilities related to the use of Bluetooth Low Energy (BLE) chips made by Texas Instruments (TI) used in millions of enterprise access points made by Cisco, Meraki, and Aruba, which together account for nearly 70% of the market. Using BLEEDINGBIT, an unauthenticated attacker can break into enterprise networks undetected, take control of an access point, and render network segmentation useless.

Today, at the BlackHat Europe conference, we revealed new details about BLEEDINGBIT. In our talk, we discussed how we discovered these vulnerabilities and demonstrated exploitation of the RCE (Remote Code Execution) vulnerability on a Cisco access point. We also presented a video demonstration of how an attacker can exploit the OAD (Over the Air firmware Download) RCE vulnerability on an Aruba access point.

BLEEDINGBIT  RCE vulnerability (CVE-2018-7080) on an Aruba Series 300 Access Point.

The second BLEEDINGBIT vulnerability was specific to the Aruba Access Point Series 300. While a bad actor could simply conduct an attack from your lobby using a laptop or smartphone, we took our demonstration a step further. We attached a smartphone to a drone and attacked an Aruba access point from outside our Tel Aviv office – on the 27th floor.

Technical White Paper

Our researchers also released an accompanying technical white-paper with extensive details on both the vulnerabilities and their exploitation process. For a list of affected devices, please visit the list on the BLEEDINGBIT report on our website. We strongly advise all companies using an access point featuring TI BLE chips to verify whether the BLEEDINGBIT vulnerabilities affect them, and I invite companies who are affected or who have questions to contact us at [email protected] and to use our pgp key to send an encrypted report so we can assist them.

 

Get Updates

Sign up to receive the latest from Armis.