Russian hackers made millions by stealing SEC earning reports
Threat actors steal $80 million per month with fake giveaways, surveys
Log4j vulnerability now used to install Dridex banking malware
US returns $154 Million in bitcoins stolen by Sony employee
Win a toy Lamborghini or the real thing in MrBeast’s new sweepstakes
PYSA ransomware behind most double extortion attacks in November
New Dell BIOS updates cause laptops and desktops not to boot
2easy now a significant dark web marketplace for stolen data
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Garret metal detector
Two widely used walk-through metal detectors made by Garrett are vulnerable to many remotely exploitable flaws that could severely impair their functionality, thus rendering security checkpoints deficient.
Garrett is a well-known US-based manufacturer of hand-held and walk-through metal detectors commonly deployed in security-critical environments such as sports venues, airports, banks, museums, ministries, and courthouses. 
Security researchers at Cisco Talos have discovered numerous vulnerabilities that could allow attackers to execute commands or read/modify information on the Garret iC Module version 5.0, which is the component that provides network connectivity to Garrett PD 6500i and Garrett MZ 6100.
The nine vulnerabilities disclosed in detail by Cisco Talos are:
In CVE-2021-21901 and CVE-2021-21903, the iC Module exposes a discovery service on UDP port 6977. This opens up an exploitation path by broadcasting a specially-formatted UDP packet, forcing a reply with sensitive information.
Using this info, an attacker could craft a UDP packet with a sufficiently long CRC field leading to a buffer overflow, allowing remote code execution before any authentication.
In CVE-2021-21904, the iC Module exposes an authenticated CLI over TCP port 6877. After a client authenticates, they are allowed to send plain-text commands to the device, and one of the potential commands is the creation of new “environment variables.”
These variables are underpinned by a key parameter, which is not sanitized or validated. As such, it can lead to unauthenticated arbitrary file creation and code execution as the root user.
Cisco Talos disclosed the above flaws to Garrett on August 17, 2021, and the vendor fixed the identified issues on December 13, 2021.
Admins of walk-through Garrett Metal detectors are urged to upgrade their iC Module CMA software to the latest available version to resolve these vulnerabilities.
If you are unsure how to do that, contact your Garrett sales representative and ask for guidance.
As these vulnerabilities require access to the network used by the metal detector, they will not likely be targeted in mass by threat actors. However, insider threats continue to be a problem and are usually not detected until after the damage is done.
The US government recently warned about insider threats and released a self-assessment tool to help organizations determine their risk posture to insider attacks.
BleepingComputer has reached out to Garrett to learn more about the impact of these vulnerabilities but has not heard back.
Researchers release ‘vaccine’ for critical Log4Shell vulnerability
New Cerber ransomware targets Confluence and GitLab servers
Microsoft shares temp fix for ongoing Office 365 zero-day attacks
Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug
Mediatek eavesdropping bug impacts 30% of all Android smartphones
I don’t believe the threat assessment is entirely accurate. Yes insider threats will always be a problem. But both of the listed devices use either wireless or network over power line solutions. Neither of which are easily secured against outside snoopers.
Wireless snoopers don’t have to be anywhere near the secured checkpoints. It’s easy enough to sit in a motel room a half mile away with a good view, a Yagi antenna, and an SDR to eavesdrop. Wireless networks are usually easy to break and may even have an unsecured rogue AP already conveniently placed by some middle manager. Enterprises are terrible at network security.
Networks over power lines are even easier. You just need either a passive inductance receiver on the line, or a comparable power line adapter in the nearby broom closet. Few network admins bother with securing wired networks with encryption (partly evidenced by the clear text vulnerability discovered).
The people that are interested in bypassing these types of security devices stealthily are going to be sophisticated actors already. They can certainly use inside help, but I bet they won’t need inside help in most cases to exploit these vulnerabilities.
Connecting a metal detector to the Internet… :facepalm:
Not a member yet? Register Now
Microsoft warns of easy Windows domain takeover via Active Directory bugs
Log4j vulnerability now used to install Dridex banking malware
To receive periodic updates and news from BleepingComputer, please use the form below.
Malwarebytes for Mac
Malwarebytes Anti-Malware
Farbar Recovery Scan Tool
Windows Repair (All In One)
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

New zero-day exploit for Log4j Java library is an enterprise nightmare

New zero-day exploit for Log4j Java library is an enterprise nightmareALPHV BlackCat…

Microsoft Exchange servers hacked in internal reply-chain attacks

Microsoft: Office 365 will boost default protection for all usersMicrosoft increases Windows…

Phishing actors start exploiting the Omicron COVID-19 variant

Former Ubiquiti dev charged for trying to extort his employerNew malware hides…

CISA orders federal agencies to patch Log4Shell by December 24th

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsBugs in billions…