Explore BLEEDINGBIT, two zero-day vulnerabilities in Texas Instruments' BLE chips used in Cisco, Meraki, and Aruba wireless access points, in this Black Hat conference talk. Delve into Bluetooth Low Energy technology, its use cases, and layers. Understand the potential impact of these vulnerabilities, including how attackers can penetrate enterprise networks over the air. Examine the packet structure, TI architecture, and the intricacies of the exploit. Witness demonstrations of the attack process, from initial exploitation to establishing a backdoor. Learn about mitigation strategies and gain three key takeaways to enhance network security against such threats.
Overview
Syllabus
Introduction
Agenda
Bluetooth Low Energy
Use Cases
Layers and Functions
Aruba
MM Compare
What can an attacker do
How would an attack look like
Access to multiple segments
Demonstration
Packet Structure
Length Field
TI Architecture
Advertising Packet
Data Entry Key
Data Received
Spray
Shellcode
Task at Hand
Preventing Future Overflows
Crushing the Chip
Restoring Execution
Backdoor
Backdoor Recap
Demo
Three takeaways
Taught by
Black Hat
