Tags Cisco, hacking, Metal Detector, security, Vulnerability
Researchers at Cisco Talos discovered as many as nine vulnerabilities in walk-through metal detectors manufactured by well-known U.S.-based firm Garett. According to researchers, if these flaws are exploited, the attacker can take the detectors offline, monitor, read, and modify their data, and cause them to malfunction.
For your information, Garrett sells its metal detectors to schools, prisons, courthouses, sports arenas, entertainment avenues, airports, and even government buildings. This means Garrett’s products are widely used across all industries and sectors. Discovering so many vulnerabilities in its metal detectors may put them all at the risk of hacking.
Cisco Talos researchers revealed that the iC module used by Garrett is the cause of all the trouble. The product provides network connectivity to the company’s two most popular walk-through metal detectors- the Garrett MZ 6100 and the Garrett PD 6500i. The module serves as a control center for the human operator of the device.
Talos researchers noted that four of these nine vulnerabilities (CVE-2021-21901, CVE-2021-21903, CVE-2021-21905, and CVE-2021-21906 ) are stack-based buffer overflow flaws, other four (CVE-2021-21904, CVE-2021-21907, CVE-2021-21908, and CVE-2021-21909) are directory traversal flaws, and one is a race condition (CVE-2021-21902).
Using any type of interface, such as a laptop, an operator can use this module to control the detector remotely or carry out monitoring and diagnosis in real-time. Hence, the vulnerabilities identified in iC would allow cybercriminals to hack into Garrett’s metal detectors, execute arbitrary code, or get them offline, compromising the overall safety and security of the place where these detectors are installed.
SEE: Warning as small planes found vulnerable to hacking
Talos researchers explained the attack scenario in their blog post, which read:
“An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been triggered or how many visitors have walked through. They could also make configuration changes, such as altering the sensitivity level of a device, which potentially poses a security risk to users who rely on these metal detectors.”
Researchers stated that users of vulnerable metal detectors could mitigate the threat by simply updating their iC modules and installing the latest firmware version. The company notified Garrett in August and the issues were fixed on December 13, 2021.
“Talos tested and confirmed that the Garrett Metal Detectors iC Module CMA, version 5.0, could be exploited by these vulnerabilities. Users should update to the latest version of the firmware as soon as possible,” Talos’ researchers wrote in their report.
Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.
I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism
Get the best stories straight into your inbox!
Don’t worry, we don’t spam
HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.
Hackread.com is among the registered trademarks of Gray Dot Media Group Ltd. Company registration number 12903776 in regulation with the United Kingdom Companies House. The registered address is 85 Great Portland Street, London, England, W1W 7LT
The display of third-party trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of Hackread.com. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.