Firm Says Bluetooth Chip Security Flaws Could Expose Enterprise Wifi APs to Attack

Researchers at thesecurity house Armisannounced this week that they discover two serious silicon chip - level vulnerabilities that could potentially put “ millions ” of enterprise admittance dot at risk . Namely , the security department flaw could let hackers to hit access to networks wholly undetected .

knight “ Bleeding Bit , ” the two security risk require the use of Bluetooth Low Energy ( BLE ) cow dung used in enterprise wireless access points from Aruba , Cisco , and Meraki — networking manufacture leaders that account for 70 pct of the market .

The firm enjoin this week that the vulnerability pertain to the manipulation of the BLE chips , which are made by Texas Instruments , can pose two important problems . The first applies specifically to two chip models used in Cisco and Meraki accession points , while the second exposure can affect one of Aruba ’s equipment . PerTechCrunch :

Argentina’s President Javier Milei (left) and Robert F. Kennedy Jr., holding a chainsaw in a photo posted to Kennedy’s X account on May 27. 2025.

Armis calls the vulnerabilities “ Bleeding spot , ” because the first bug involve switch the high number in a Bluetooth packet that will cause its memory to overflow — or phlebotomize — which an assailant can then use to die hard malicious computer code on an affected Cisco or Meraki computer hardware .

The 2d flaw allow an attacker to put in a malicious microcode version on one of Aruba ’s gimmick , because the software does n’t properly check to see if it ’s a trusted update or not .

While some have alreadyraised doubtsabout the likeliness that these vulnerabilities will be exploited in earnest , Armis chief executive officer Yevgeny Dibrov said in astatementthat Bleeding Bit should serve as a “ wakeup call ” to enterprise security for a couple of reasons .

William Duplessie

“ First , the fact that an attacker can enter the web without any indication or warning raises serious surety concerns , ” he said . “ Second , these exposure can break web division — the primary security scheme that most go-ahead use to protect themselves from obscure or dangerous unmanaged and IoT devices . And here , the access item is the unmanaged machine . ”

Armis CMO Michael Parker said in a phone call with Gizmodo that the security measures firm has been working with the three companies on the issue for months but did not disclose the threat to the public before Thursday to debar the obvious security threats , which he enounce is standard pattern for security disclosures . He added that an effort to apply speckle and work toward a resolution was coordinated . Right now , Parker said , ensure that patches are implement and customers are aware of the issuing is the firm ’s number one priority .

An Aruba spokesperson told Gizmodo in a statement by email that it worked to adjudicate the military issue by updating the ArubaOS operating organisation firmware and sending an advisory to its client on October 18 .

Starship Test 9

“ Aruba 802.11ac Wave 2 ( AP-3xx ) accession point , as well as the AP-203R(P ) , contain both Wi - Fi and BLE radios and the effort only impact the BLE radio , ” the representative said . “ The BLE radio is disabled by default . ”

A spokesperson for Cisco , which acquired Meraki in 2012 , also differentiate Gizmodo in a statement by electronic mail that its Product Security Incident Response Team ( PSIRT ) unit had inform its customers of the issue and as well as of which Cisco products could be affected , adding : “ Fixed software is available for all affect Cisco products . ”

Both companies said that they were not cognisant of any impact to their respective customers . Texas Instruments has reportedly alreadyissueda eyepatch .

Lilo And Stitch 2025

Armis read the takeaway is that these kinds of vulnerabilities could show up in other devices — not just access points — and could touch industries let in healthcare , retail , automotive , and more . The researchers specificallypointedto the health sector , noting that BLE chips are used in devices that include pacemakers and insulin pumps .

“ [ T]his photo potentially break beyond access points , as these chips are used in many other types of equipment and equipment , ” Ben Seri , VP of Research at Armis , said in a statement . “ As we add more connected machine taking advantage of new protocols like BLE , we see the peril landscape rise with it . ”

[ TechCrunch , Armis ]

CMF by Nothing Phone 2 Pro has an Essential Key that’s an AI button