Bluetooth Low-Energy (BLE) vulnerabilities

Discussion in 'Technical' started by sec_monkey, Nov 2, 2018.


  1. sec_monkey

    sec_monkey SM Security Administrator

    Bluetooth Low-Energy (BLE) vulnerabilities has been discovered which affect millions of Cisco, Meraki, and Aruba wireless access points (APs) [ and all other devices with the vulnerable chip(s) ]

    Bleedingbit zero-day chip flaws may expose majority of enterprises to remote code execution attacks | ZDNet


    many WiFi devices have BLE built-in, in some cases it can be difficult to disable it

    even if BLE is disabled the device(s) may still be vulnerable

    additionally the devices are vulnerable to all applicable WiFi vulnerabilities as well
     
    sec_monkey, Nov 2, 2018
    #1
    snake6264 likes this.
  2. DKR

    DKR Raconteur of the first stripe

    My wireless router is so old, it has no teeth.. blue or otherwise..
     
    DKR, Nov 2, 2018
    #2
    oldawg, sec_monkey and GrayGhost like this.
  3. sec_monkey

    sec_monkey SM Security Administrator

    many devices have Bluetooth or BLE that do not actually need it

    Both Bluetooth plus BLE are vulnerable, there are an estimated 2 Billion vulnerable Bluetooth devices, most of which have not been patched and might never get patched

    WiFi is also vulnerable plus many routers old and new have lots of vulnerabilities, which is why we advise monkeys to upgrade their routers

    routers plus other network equipment often are forgotten or neglected and that will cause problems sooner or l8r

    smartlocks that use the vulnerable chips are also affected but probably all other devices with the TI BLE chip(s) and all other affected BLE chip(s)

    smartlocks aint really that smart, jus sayn
     
    sec_monkey, Nov 2, 2018
    #3
    Zimmy likes this.
  4. duane

    duane Monkey+++

    The big problem I have is that with the new "smart tech" I found that my TV, pick up truck, and a lot of other things, have the capability to be connected to the web and while I have no knowledge or desire to, others may well. It is like all the things that reappear on my computer every time Microsoft updates. I have to re select Firefox, but Edge and Bing, as well as Office, etc always magically reappear. Along with the latest interesting finds screen. Seem to have replaced the CD's that came ever week and in all the magazines with AOL. At least you could use those for rifle targets or drink coasters.
     
    duane, Nov 2, 2018
    #4
    sec_monkey likes this.
  5. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    The thing to. remember is that BLE is a TOTALLY Different set or Protocols, that WIFI, even though they use the same Frequency Space in the 2.4 Ghz ISM Band... If your device does NOT have the basic Layer 1 BLE Stack implimented, the device will never answer a BLE Inquiry, in the first place, no matter what the other device trys and send it....
     
    BTPost, Nov 2, 2018
    #5
    Zimmy likes this.
  6. aardbewoner

    aardbewoner judge a human on how he act,not on look and talk.

    We are all bug testers,and wireless is easier to intercept for the gov,s.
    New electronic does not break down anymore by component breakdown but because various backdoors in the chips shut down the working.
     
    aardbewoner, Nov 5, 2018
    #6
    sec_monkey likes this.
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7