The flaw has been dubbed "BleedingBit" and is actually two separate vulnerabilities that could allow a hacker to execute code or take complete control over a vulnerable device without the need of a password. What makes BleedingBit an especially dangerous flaw is the fact that a wide range of medical devices including pacemakers and insulin pumps can be targeted, along with other IoT devices and point of sale terminals.
According to the research team, the attack works as follows:
"First, the attacker sends multiple benign BLE broadcast messages called Advertising Packets, which will be stored on the memory of the vulnerable BLE chip in the targeted device.
Next, the attacker sends the overflow packet, which is a standard advertising packet with a subtle alteration - a specific bit in its header is turned ON instead of off. This bit causes the chip to allocate the information from the packet a much larger space than it really needs, triggering an overflow of critical memory in the process."
It should be noted that in order to execute the attack, a hacker would need to be in close proximity to the target device. Of course, once it has been compromised, it can be accessed again at will remotely, monitoring network traffic, conducting man in the middle attacks, or launching additional attacks on other devices connected to the targeted device.
The Armis researchers responsibly reported their findings and the chip manufacturer, Texas Instruments, has confirmed the vulnerabilities and has already released patches for the affected hardware.
If your company uses BLE chips in any aspect of your business, be sure to grab the latest update.