Researchers Discover Multiple Vulnerabilities Affecting Ultra-wideband RTLS

Security researchers have discovered multiple vulnerabilities affecting the Ultra-Wideband (UWB) Real-Time Locating System (RTLS). Exploiting these vulnerabilities may interfere with the overall security of industrial working environments, particularly for staff.

Zero-Day RTLS Vulnerabilities Risked Industrial Work Environments

Researchers from Nozomi Networks have presented their detailed findings about multiple RTLS vulnerabilities at the Black Hat USA August 2022.

Ultra-wideband (UWB) is a dedicated short-range, low-energy radio technology, particularly useful for precise location, tracking, geofencing, and target sensor data collection.

This high-bandwidth technology is currently heavily applied in the real-time locating system (RTLS) deployed in industries, assisting the employees in identifying various safe and risky working zones. Hence, any vulnerabilities affecting this RTLS pose a direct threat to the safety status of industrial work environments.

In brief, the researchers demonstrated how an adversary could meddle with the RTLS to alter geofenced zones. Such malicious alterations may result in a worker standing within a risky zone, such as around a dangerous machine. Another critical use case for RTLS is in COVID-related contact tracing apps, where altering the RTLS may cause unwanted interactions between COVID-positive and other individuals.

Nozomi researchers analyzed two known RTLS solutions, Sewio Indoor Tracking RTLS UWB WiFi kit, and Avalue Renity Artemis Enterprise kit. They observed that both devices apply unencrypted communication with the anchor over WiFi connections. Hence, an adversary could easily intercept the data in transit upon successful WiFi hacking, which seemed easy since both vendors used weak default passwords. Thus, an adversary could compromise the anchors and track the relevant tag positions upon successful interception. In turn, it would also allow the attacker to track the people and objects.

Besides tracking and spying, an adversary could also modify the tag positions, thus changing any previously configured entry or exit points, subsequently changing the geofencing pattern. In real-world scenarios, such geofencing modifications may expose the staff to physical harm by bringing them outside the machine safety zones.

The researchers have shared the technical details in a white paper, releasing the tools used in this research on GitHub.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients