Garrett walk-through metal detectors can be hacked remotely as security researchers discover security flaws in its networking component.
According to Cisco Talos, “An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been triggered or how many visitors have walked through.”
In a disclosure earlier last week the firm further mentioned, “They could also make configuration changes, such as altering the sensitivity level of a device, which potentially poses a security risk to users who rely on these metal detectors.”
Matt Wiseman, a Talos security researcher who earlier discovered and reported the vulnerabilities on August 17, 2021. After which Garett released patches on December 13, 2021.
The research study suggests the loophole lies in Garrett iC Module, it enables users to communicate with walk-through metal detectors like Garrett PD 6500i or Garrett MZ 6100. The bad actors are able to achieve this using a computer through the network, either wired or wirelessly. It enables users to remotely control and monitor the devices remotely in real-time.
The security vulnerabilities reported are
- CVE-2021-21901 (CVSS score: 9.8), CVE-2021-21903 (CVSS score: 9.8), CVE-2021-21905, and CVE-2021-21906 (CVSS scores: 8.2) – Stack-based buffer overflow vulnerabilities that can be triggered by sending a malicious packet to the device
- CVE-2021-21902 (CVSS score: 7.5) – An authentication bypass vulnerability stemming from a race condition that can be triggered by sending a sequence of requests
- CVE-2021-21904 (CVSS score: 9.1), CVE-2021-21907 (CVSS score: 4.9), CVE-2021-21908, and CVE-2021-21909 (CVSS scores: 6.5) – Directory traversal vulnerabilities that could be exploited by sending specially crafted commands
The bad actors can exploit the flaws in iC Module CMA version 5.0 to hijack an authenticated user’s session, read, write, or delete arbitrary files on the device, and worse, lead to remote code execution.
The company has advised its users to update to the latest version of the firmware in the wake of the severity of the security vulnerabilities as soon as possible.