チャットでのお問い合わせ
Loader
接続中です。しばらくお待ちください。

ブリーディングビットのセキュリティ脆弱性

Zebra LifeGuardセキュリティロゴ

詳細については、以下を参照してください。

Zebra is unaware of any active exploits of this vulnerability. However, we recommend concerned customers update software for the two impacted Zebra products to mitigate the risk of exploitation. No additional LifeGuard updates will be made.

ブリーディングビットのロゴ

BLEEDINGBIT is a security vulnerability that affects Bluetooth® low energy (BLE) chips made by Texas Instruments. It consists of two related remote-control exploit issues:

memory corruption condition (CVE-2018-16986) that can occur during processing of incorrect network traffic from the BLE module. A malicious actor who is close to the target device could execute arbitrary code by sending malformed data, or execute a DoS (denial-of-service) condition which could shut down the device.

An Over-The-Air Download (OAD) functionality issue (CVE-2018-7080) that can be triggered only when the relevant BLE radio function is enabled by the device owners (it is disabled by default). A malicious actor could push altered copies of these images to gain control of the device.

影響を受ける製品

Only the following two BLE badge products are affected. Zebra mobile devices, handheld devices, barcode scanners and printers are not impacted.

Zebra製品 SKU 説明 利用可能な更新
GE-MB6000-01-WR モバイルBLEバッジ 1月、2019日
GE-MB5000-01-WR 固定のBLEバッジ 1月、2019日

Only the above Zebra devices are impacted by CVE-2018-16986 only and CVE-2018-7080 does not apply since the OAD feature in the Texas Instruments’ (TI) CC2640 BLE chip is disabled.  The Zebra devices have an STMicroelectronics Microcontroller Unit (MCU) and BLE chip CC2640.  The MCU firmware is written on CYPRESS WICED SDK.  The firmware of the TI CC2640 is based on TI’s BLE SDK 2.1. The MCU connects to the CC2640 via a UART port. The MCU sends BLE HCI commands to the CC2640, the CC2640 does the BLE scanning continuously, and the CC2640 returns the scanned BLE packets in a predefined format to MCU.

During the scanning process, there is possible memory corruption in the CC2640 per CVE-2018-16986.  If the CC2640 is exploited, it may send garbage data over the UART port to the MCU. The MCU may or may not discard the data, depending on the data itself.  In this manner, the badge could become useless as there is no valid BLE packet data to collect inside the MCU. 

If an attacker wants to gain full control of the device the attacker needs to first gain control of the MCU. The attacker would need to find an enabling vulnerability in WICED SDK and the STM MCU as well. The hacker would then need to attack the MCU through the exploited CC2640 chip via the UART port. The possibility of exploiting the MCU (achieved in conjunction with the exploitation of undiscovered vulnerabilities in both the Wicked SDK and the STM MCU) to gain full control over the device is relatively low.

To avoid the potential of this vulnerability, Zebra must port the CC2640 firmware code to the TI BLE SDK 2.2.2. For new device this updated CC2640 firmware code can be used. For deployed devices the updated CC2640 firmware can be updated over-the-air through the MCU where the MCU pushes the new firmware to CC2640 via UART port.

Disclaimer: Zebra makes every attempt to release security updates on or about the time that Google releases its respective security bulletin. However, delivery time of security updates may vary depending on the region, product model, and third party software suppliers. Under some circumstances, the OS must be updated to the latest maintenance release prior to installing the security updates. Individual product updates will provide specific guidance.

特に明記されていない限り、これらの新たに報告された問題から積極的な顧客の搾取や悪用の報告はありません。



Zebraテクノロジーズ製品の潜在的なセキュリティ上の問題を認識していますか?