There are nine software vulnerabilities in a metal detector product. The security flaws could allow a hacker to take detectors offline, read or alter their data, or just generally mess with their function, according to the research.
The product in question is manufactured by a well-known U.S.-based metal detector manufacturer that sells its product to schools, court houses, prisons, airports, sports and entertainment venues, and an assortment of government buildings. Their products are all over the place.
The iC module is in trouble according to researchers. The product acts as a control center for the detector's human operator, and can be used with a laptop or other interface.
The vulnerabilities in iC could allow for someone to hack into metal detectors, knock them offline, execute arbitrary code, and make a mess of things, according to a post published Tuesday.
Researchers write that an attacker could remotely monitor statistics on the metal detector, such as whether the alarm has been triggered or how many visitors have walked through. Changing the sensitivity level of a device could pose a security risk to users who rely on these metal detectors.
This is bad news. People don't want to walk through a metal detector. It might as well work if you are going to walk through one. Having functional security systems at important locations like airports and government agencies seems like a good idea, even though the scenarios in which an attacker would actually go to the trouble to hack into these systems seem very unlikely.
The security flaws can be mitigated by updating the iC modules to the latest version of the firmware. The vendor just fixed the flaws that were disclosed by the vendor.
We reached out to the security division of the city and will update this story if they respond.