• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Two New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks

November 7, 2018 by Ruby(Qianru) Yang 4 Comments

Interesting news about two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world. BleedingBit, the set of two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication, including medical devices such as insulin pumps and pacemakers, as well as point-of-sales and IoT devices.
Armis discovered BleedingBit vulnerabilities earlier this year and responsibly reported all affected vendors in June 2018, and then also contacted and worked with affected companies to help them roll out appropriate updates to address the issues.

https://thehackernews.com/2018/11/bluetooth-chip-hacking.html

Filed Under: Week 10: Web Application Hacking Tagged With:

Reader Interactions

Comments

  1. Yingyan Wang says

    November 7, 2018 at 4:53 pm

    Hi Ruby,

    Thank you for sharing this information regarding two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world. It is good to know these vulnerabilities and to be awared of such situation.

    Log in to Reply
  2. Xinteng Chen says

    November 7, 2018 at 5:05 pm

    Hi Ruby

    Thanks for sharing the information to us. Because the bluetooth can let attackers take over the full control of the devices. It is important because IoT devices are commonly used by users. Devices connect together to share information. It is dangerous if attackers can have full control of the devices. It is important to fix the vulnerabilities.

    Log in to Reply
  3. Connor Fairman says

    November 7, 2018 at 6:04 pm

    This is another topic that is very relevant with recent advances in iOT technology. A lot of these devices are programmed with lower level languages, which are already really vulnerable to crashes and segfaults, let alone hacking. Insulin pumps and even pacemakers are vulnerable to this. Could you imagine hacking a pacemaker and inserting code that makes it segfault? I think many people underestimate how many things they have with a microphone that could be hacked. Besides bluetooth headsets, there are headphones, computers, etc. People cover their laptop camera, but should they cover their mics?

    Log in to Reply
  4. Brock Donnelly says

    November 13, 2018 at 11:38 am

    I belive I made reference to this at the beginning of the semester. This sounds extremely scary but the reality is the vulnerability requires initial close proximity access before codes can be executed. Afterwards attacks could be made at greater distances. So while this is a threat, it can only likely be used for targeted attacks. As this posting pointed out attacks after the initial can be carried out at greater distances.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in