Wed. Aug 17th, 2022

Image for article titled Walk-Through Metal Detectors Can Be Hacked, New Research Finds

Photo: VALERY HACHE / AFP (Getty Images)

Researchers have discovered a total of nine software vulnerabilities in a commonly used metal detector product. If exploited, vulnerabilities could allow a hacker to take detectors offline, read or modify their data, or just generally mess with their functionality, the research revealsls.

The product in question is produced by Garrett , a well-known US-based metal detector manufacturer that sells its product to schools, courthouses, prisons, airports, sports and entertainment venues and a range of public buildings, according to its website and Other things sites. In other words, their products are pretty much everywhere.

Unfortunately, according to researchers with Cisco Talos, Garrett is widely used iC module is in trouble. The product, which provides network connectivity to two of the company’s popular walkthrough detectors (Garrett PD 6500i and Garrett MZ 6100), basically acts as a control center for the detector’s human operator: using a laptop or other interface, an operator can use the module to remotely control a detector, as well as engage in “real-time monitoring and diagnostics,” according to a website sells the product.

In a blog post published Tuesday, Talos researchers said the vulnerabilities in IC, which are officially being tracked as a host of CVEs, could allow anyone to hack into specific metal detectors, turn them off offline, execute arbitrary code, and generally just make some mess.

“An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been triggered or how many visitors have passed through,” write researchers. “They could also make configuration changes, such as changing the sensitivity level of a device, potentially posing a security risk to users who rely on these metal detectors.”

In short: this is bad news. Generally, no one really wants to go through a metal detector. But if you have to go through one, it might as well work, right? While the scenarios where an attacker would actually take the trouble to hack into these systems seem slim to probably fantastic, it seems like a good idea to have functional security systems in key locations such as airports and public authorities.

Fortunately, Talos says users of these devices can mitigate the security flaws by updating their iC modules to the latest version of their firmware. Cisco apparently revealed the vulnerabilities to Garrett in August, and the vendor has just fixed the bugs on Dec. 13, Talos writes.

We contacted Garrett’s security department for a comment and will update this story if they respond.

.

Leave a Reply

Your email address will not be published.