Vulnerabilities Can Allow Hackers to Tamper With Walk-Through Metal Detectors
Walk-through metal detectors made by Garrett are affected by potentially serious vulnerabilities that can be exploited to hack the devices and alter their configuration.
The metal detection products and services provided by Texas-based Garrett are sold in more than 100 countries around the world, including in Europe, the Middle East and Australia. Its metal detectors are deployed in stadiums, event venues, schools, courthouses, hospitals, prisons, and government buildings.
Cisco’s Talos threat intelligence and research unit revealed on Monday that one of its researchers has identified several vulnerabilities in Garrett iC Module, which provides wired or wireless network connectivity to the company’s PD 6500i and Multi Zone walk-through metal detectors.
The vendor was notified about the vulnerabilities in August and patches were released on December 13, Talos said.
Talos has disclosed the details of seven vulnerabilities discovered in the iC Module, including five that have been assigned a critical or high severity rating.
Three of the security holes can be exploited without authentication by sending a specially crafted packet to the device, allowing the attacker to execute arbitrary code.
The affected product is designed to enable remote users to obtain information on alarms and visitor counts, as well as to make configuration changes to the metal detector. An attacker could abuse this functionality after exploiting the vulnerabilities.
“An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been triggered or how many visitors have walked through,” Talos explained in a blog post. “They could also make configuration changes, such as altering the sensitivity level of a device, which potentially poses a security risk to users who rely on these metal detectors.”
Three of the remaining flaws have been described as path traversal issues that allow an authenticated attacker to read, write or delete files from a device, and one is an authentication-related race condition that can be exploited to hijack an authenticated user’s session.
While some of the vulnerabilities can be exploited without authentication, Nick Biasini, head of outreach for Cisco Talos, told SecurityWeek that in the course of their investigation they did not find any devices exposed to the internet through services such as Shodan, which means an attacker would require local network access for exploitation.
The vendor has released firmware updates that patch the vulnerabilities, but it’s up to the customer to ensure that the patches are deployed on their devices. SecurityWeek has reached out to Garrett to find out if customers have been notified about these vulnerabilities, but we have yet to hear back.
Related: Serious Vulnerabilities Found in Wi-Fi Module Designed for Critical Industrial Applications
Related: Cisco Discloses Details of Critical Advantech Router Tool Vulnerabilities
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Tags:
