Walk-through metal detectors can be hacked, new research shows

Photo: VALERY HACHE/AFP (Getty Images)

Researchers have discovered a total of nine software vulnerabilities in a widely used metal detector. If exploited, the security flaws could allow a hacker to take detectors offline, read or modify their data, or just generally tamper with their functionality, the study found.

The product in question is produced by: Garrett , a well-known US-based metal detector manufacturer that sells its product to schools, courts, prisons, airports, sports and entertainment venues and an assortment of government offices, according to her website and other place. In other words, their products can be found pretty much everywhere.

Unfortunately, according to researchers with Cisco Talos, is widely used by Garrett iC module is in trouble. The product, which provides network connectivity to two of the company’s popular walk-through detectors (the Garrett PD 6500i and the Garrett MZ 6100), effectively acts as a control center for the detector’s human operator: using a laptop or other interface, an operator can use the module to remotely control a detector and participate in “real-time monitoring and diagnostics”, according to a website sell the product.

In a blog post Published Tuesday, Talos researchers said the vulnerabilities in iC, which are officially tracked as: a whole host of CVEs, could allow someone to hack into specific metal detectors, take them offline, run arbitrary code and generally just make a real mess of things.

“An attacker could manipulate this module to remotely check statistics about the metal detector, such as whether the alarm has been activated or how many visitors have walked through,” researchers write. “They can also make configuration changes, such as changing the sensitivity level of a device, which may pose a security risk to users who rely on these metal detectors.”

In short, this is bad news. In general, no one really wants to walk through a metal detector. But if you’re going to walk through it, it might as well work, right? While the scenarios where an attacker would actually go through the trouble of hacking into these systems may seem small to probably fantastic, it seems like a good idea to have functional security systems in place in key locations such as airports and government agencies.

Fortunately, Talos says users of these devices can mitigate security flaws by updating their iC modules to the latest version of the firmware. Cisco apparently disclosed the vulnerabilities to Garrett in August and the vendor fixed the vulnerabilities on December 13, Talos writes.

We’ve reached out to Garrett’s security department for comment and will update this story if they respond.

Stay tuned for more such real estate news and updates at zavalinka.in

Leave a Comment