Software flaws in walk-through metal detectors made them hackable

Walk-through metal detectors manufactured by well-known U.S.-based firm Garett are vulnerable to remote attacks, according to Cisco Talos.

Researchers at Cisco Talos discovered as many as nine vulnerabilities in walk-through metal detectors manufactured by well-known U.S.-based firm Garett. According to researchers, if these flaws are exploited, the attacker can take the detectors offline, monitor, read, and modify their data, and cause them to malfunction.

The Grave Risk

For your information, Garrett sells its metal detectors to schools, prisons, courthouses, sports arenas, entertainment avenues, airports, and even government buildings. This means Garrett’s products are widely used across all industries and sectors. Discovering so many vulnerabilities in its metal detectors may put them all at the risk of hacking.

What’s the Problem?

Cisco Talos researchers revealed that the iC module used by Garrett is the cause of all the trouble. The product provides network connectivity to the company’s two most popular walk-through metal detectors- the Garrett MZ 6100 and the Garrett PD 6500i. The module serves as a control center for the human operator of the device. 

Talos researchers noted that four of these nine vulnerabilities (CVE-2021-21901, CVE-2021-21903, CVE-2021-21905, and CVE-2021-21906 ) are stack-based buffer overflow flaws, other four (CVE-2021-21904, CVE-2021-21907, CVE-2021-21908,

Read More: