Pass-through metal detectors can be hacked, new research reveals

Researchers have discovered a total of nine software vulnerabilities in the most commonly used metal detector. If Used, security vulnerabilities could allow a hacker to turn off detectors, read or change their data, or just generally interfere with their functionality, the research reveals.

The product concerned products Garrett , a well-known American manufacturer of metal detectors that sells its product schools, courts, prisons, airports, sports and entertainment facilities, and a number of government buildings, according to your website and else pages. In other words, their products are almost everywhere.

Unfortunately, according to researchers s Cisco Talos, Garrett is widely used iC module is in trouble. The product, which provides network connectivity to two popular pass-through detectors (Garrett PD 6500i and Garrett MZ 6100), basically acts as a control center for the human detector operator: using a laptop or other interface, the operator can use a remote detector module as well. engage in “real-time tracking and diagnostics ”, according to website product sales.

In a blog post released on Tuesday, Talos researchers said the vulnerabilities in the iC, which are officially monitored as a multitude of CVEs, could allow someone to hack certain metal detectors, throw them off the grid, execute arbitrary code, and generally just make a real mess.

“An attacker could manipulate this module to remotely monitor statistics on a metal detector, such as whether an alarm was activated or how many visitors passed through it,” researchers write. “They could also make configuration changes, such as changing the sensitivity level of the device, which potentially poses a security risk for users who rely on these metal detectors.”

In short: this is bad news. Generally speaking, no one really wants to go through a metal detector. But if you go through one, it might work, right? While scenarios in which an attacker would make a real effort to hack these systems seem small to probably fantastic, functional security systems in important locations such as airports and government agencies seem like a good idea.

Fortunately, Talos says users of these devices can alleviate security flaws by updating their iC modules to the latest version of their firmware. Cisco apparently discovered Garrett’s flaws in August, and the supplier corrected deficiencies in December. 13, writes Talos.

We have contacted Garrett’s security department for comment and we will update this story if they respond.