Communication protocols, undoubtedly, have become backbone of internet of things (IoT) devices, enabling innovative use of devices. Bluetooth Low Energy (BLE) as advanced wireless personal area network technology has risen in significance for enterprise users, with higher battery life than the parent Bluetooth protocol being the clear advantage for them. BLE, thus, has is fast gaining popularity in IOT-based medical devices and other IoT devices. However, low safeguards in most of these devices make them increasingly vulnerable for hackers.
Enterprise Networks exposed to BLE Chip-level Vulnerabilities
Armis, Inc., a Palo Alto-based company, has elaborated on such vulnerabilities, which may be alarming for a range of end users using BLE-driven devices. One of the most critically affected can be the medical industry where the protocol is used by medical centers to make resuscitation carts work correctly. The company has also flagged concerns with regard to huge vulnerability risks across access points in Wi-Fi enterprise networks. In its latest research on such proximity-based vulnerabilities, the company explained that may these can be easily exploited by unauthenticated attacker to control enterprise networks.
The details of its findings are unveiled in November 1, 2018, in collaboration with the CERT Coordination Center, a part of Software Engineering Institute, U.S.
Network Devices Lack Well-founded OS
In its revelations, Armis talked at length about the inherent vulnerability network devices are exposed to due to the lack of robust operating system. These chip-level vulnerabilities attack access points. Some of the devices at increased risk are the access points offered by Aruba and Cisco Meraki which contain BLE chips developed by Texas Instruments. The company warned that with the staggering rise in desktop, mobile, and IoT devices, vulnerability risks are likely to only increase further. The company further intends to release a white paper on pertinent concerns at the Black Hat Europe conference in December this year.