Vulnerabilities In Garrett Walk-Through Metal Detectors Allow Remote Attacks

Portal frame metal detector controls and metal turnstiles for the airport or customs. Vector graphics

Researchers from Cisco Talos have elaborated on the security vulnerability they discovered in Garret metal detectors.

Garrett is an American firm producing handheld and walk-through metal detectors for various consumers. Hence, any vulnerabilities in the products can pose a significant security risk.

Specifically, the researchers found the vulnerabilities in the walk-through metal detectors from Garett. The bugs typically impacted two products – Garrett PD 6500i or Garrett MZ 6100 – affecting the Garrett iC module that provides network connectivity to the two detectors.

Exploiting the bugs could allow an adversary to hack the detectors remotely and execute malicious commands. Describing the impact of such attacks, the researchers stated in their post,

An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been triggered or how many visitors have walked through. They could also make configuration changes, such as altering the sensitivity level of a device, which potentially poses a security risk to users who rely on these metal detectors.

Briefly, the researchers found the following bugs in the metal detectors,

Mitigations And Patches

The researchers found the nine vulnerabilities in Garrett Metal Detectors iC Module CMA, version 5.0. Following their report, the vendors worked on developing fixes for the glitches. Hence, they have patched the bugs in the latest release.

Thus, the researchers advise all users to update their respective metal detectors with the latest firmware version to receive the patches.

Related posts

Microsoft Makes Recall Opt-In While Improving Privacy

Kia Dealer Portal Vulnerability Risked Millions of Cars

Tor And Tails OS Announce Merger For Streamlined Operations