We live in an increasingly connected world where digital threats are almost everywhere. We have already seen how it is possible to hack traffic lights, water treatment stations and even smart coffee makers. Now it turns out that even metal detectors are not vulnerable to hackers.
The Cisco Talos team of researchers recently detected a number of vulnerabilities that could affect two models of metal detectors from the American manufacturer Garrett. These are the 6500i and MZ 6100, devices that in addition to detecting metals can perform automatic people counting.
The attackers, taking advantage of a flaw in the Garrett iC communications module, could monitor the statistics of the metal detectors and thus know how many people passed or how many times the alarm was activated. They could also make changes to the sensitivity settings of the device.
In all cases, these types of actions represent a potential risk in the places where these metal detectors are used, such as schools, airports, banks and museums. Reduce the sensitivity level, for example, could allow some objects to be undetectable.
Attackers must be on the same network
As Cisco Talos points out, the vulnerabilities are in the Garrett iC communications modules. These are located at security checkpoints and are responsible for providing network connectivity to Garrett PD 6500i or Garrett MZ 6100 metal detectors. But to access it and manipulate your data, the attacker must be on the same network.
This considerably reduces the risk, however, it does not completely eliminate it, as insider attacks are also often a problem. If the malicious actor gains access to the network, it can cause a vulnerability-based buffer overflow and thus achieve a arbitrary code execution without the need to authenticate.
Fortunately, cybersecurity researchers they are not aware that this vulnerability has been actively explored. But detecting it has allowed Garrett to work on a security update to prevent potential security threats for affected customers.
Images | Garrett
More information | Cisco Talos