Garrett Walk-Through Metal Detectors Can Be Hacked Remotely
Reading Time: 2 minutes

Garrett walk-through metal detectors can be hacked remotely as security researchers discover security flaws in its networking component. 

According to Cisco Talos, “An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been triggered or how many visitors have walked through.”

In a disclosure earlier last week the firm further mentioned, “They could also make configuration changes, such as altering the sensitivity level of a device, which potentially poses a security risk to users who rely on these metal detectors.”

Matt Wiseman, a Talos security researcher who earlier discovered and reported the vulnerabilities on August 17, 2021. After which Garett released patches on December 13, 2021. 

The research study suggests the loophole lies in Garrett iC Module, it enables users to communicate with walk-through metal detectors like Garrett PD 6500i or Garrett MZ 6100. The bad actors are able to achieve this using a computer through the network, either wired or wirelessly. It enables users to remotely control and monitor the devices remotely in real-time. 

The security vulnerabilities reported are 

The bad actors can exploit the flaws in iC Module CMA version 5.0 to hijack an authenticated user’s session, read, write, or delete arbitrary files on the device, and worse, lead to remote code execution.

The company has advised its users to update to the latest version of the firmware in the wake of the severity of the security vulnerabilities as soon as possible.

Related Articles:
UK Government – National Cyber Strategy Will introduce BritChip for mobile devices by 2025
Google Warns 2 Billion Chrome Users
Online Holiday Scams To Watch out For