Cyber security researchers recently reported a list of security vulnerabilities in metal detectors that hackers and cyber security criminals can exploit. The security flaws were uncovered in metal detector machines offered by Garrett, a security screening solutions company located in the USA. Their products are widely deployed in government buildings, schools, airports, prisons, etc. The security issues were discovered in mid-August, and Garrett released patches almost four months later. After the security updates were issued, the researchers informed the media about the flaws. The troubled products by the security company are Garrett PD 6500i and Garrett MZ 6100.
The security flaws observed in the Garrett metal detectors allowed criminals to mess with the protection machines remotely. Hackers might have been able to turn the devices on and off, read and alter data stored on the machines, and mess with functionality. Luckily there are no reports of bad actors who have exploited the vulnerabilities in the real world. However, the vulnerabilities were confirmed by Garrett, who then issued the patch. Garrett security systems that have not been fully updated yet might still be vulnerable to remote hacking. The company suggests that anyone who has not been able to update their system yet should immediately do so or contact their local sales agent for guidance.
People are rarely thrilled to walk through security checkpoints but knowing that those might not be working correctly, or be easy to be tampered with, is indeed a scary thought. Vulnerabilities such as those discovered at Garrett’s metal detector models would require access to the network used by the metal detector, which is not an easy target for mass threat actors. However, these are precisely the vulnerabilities that insider threats are looking to exploit, and those are usually not detected until the damage is done. The US Cybersecurity and Infrastructure Security Agency (CISA) has made it clear on multiple occasions that insider threat incidents are possible in any sector or organization, and public and private organizations should always be vigilant.
Many question why such devices even have networking modules installed anyway. The convenience offered by the connected devices might not be worth the risk and the possible security holes that come with such options. The trend of connecting everything to the network is continuing, as IoT technology offers a lot of perks. However, it is not very reassuring to know that actively deployed metal detector devices have been vulnerable for years, and we may see similar security issues with such security checkpoints in the future as more and more devices are being connected.