Security Experts:

Connect with us

Hi, what are you looking for?



Vulnerabilities Can Allow Hackers to Tamper With Walk-Through Metal Detectors

Walk-through metal detectors made by Garrett are affected by potentially serious vulnerabilities that can be exploited to hack the devices and alter their configuration.

Walk-through metal detectors made by Garrett are affected by potentially serious vulnerabilities that can be exploited to hack the devices and alter their configuration.

The metal detection products and services provided by Texas-based Garrett are sold in more than 100 countries around the world, including in Europe, the Middle East and Australia. Its metal detectors are deployed in stadiums, event venues, schools, courthouses, hospitals, prisons, and government buildings.

Garrett metal detector vulnerabilitiesCisco’s Talos threat intelligence and research unit revealed on Monday that one of its researchers has identified several vulnerabilities in Garrett iC Module, which provides wired or wireless network connectivity to the company’s PD 6500i and Multi Zone walk-through metal detectors.

The vendor was notified about the vulnerabilities in August and patches were released on December 13, Talos said.

Talos has disclosed the details of seven vulnerabilities discovered in the iC Module, including five that have been assigned a critical or high severity rating.

Three of the security holes can be exploited without authentication by sending a specially crafted packet to the device, allowing the attacker to execute arbitrary code.

The affected product is designed to enable remote users to obtain information on alarms and visitor counts, as well as to make configuration changes to the metal detector. An attacker could abuse this functionality after exploiting the vulnerabilities.

“An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been triggered or how many visitors have walked through,” Talos explained in a blog post. “They could also make configuration changes, such as altering the sensitivity level of a device, which potentially poses a security risk to users who rely on these metal detectors.”

Three of the remaining flaws have been described as path traversal issues that allow an authenticated attacker to read, write or delete files from a device, and one is an authentication-related race condition that can be exploited to hijack an authenticated user’s session.

While some of the vulnerabilities can be exploited without authentication, Nick Biasini, head of outreach for Cisco Talos, told SecurityWeek that in the course of their investigation they did not find any devices exposed to the internet through services such as Shodan, which means an attacker would require local network access for exploitation.

The vendor has released firmware updates that patch the vulnerabilities, but it’s up to the customer to ensure that the patches are deployed on their devices. SecurityWeek has reached out to Garrett to find out if customers have been notified about these vulnerabilities, but we have yet to hear back.

UPDATE 12/22/2021: Garrett has provided SecurityWeek the following statement:

The vulnerability described in the Cisco Talos report is limited to Garrett Walk Through Metal Detectors which are equipped with an accessory network interface appliance known as the CMA or IC Module. The deployment of these modules is very limited and therefore this vulnerability exists in only a relatively small population of the installed Garrett metal detectors. There is no vulnerability to products that do not have this appliance installed and/or are not connected to a network.


In response to the Cisco report, Garrett has successfully developed a patch that can be installed by the customer. Cisco has certified that the patch resolves the reported vulnerabilities.


Garrett will be contacting customers who have purchased the product with information about the patch.


Anyone wanting information or assistance should contact Garrett at 800-234-6151 or via email at [email protected]

Related: Serious Vulnerabilities Found in Wi-Fi Module Designed for Critical Industrial Applications

Related: Cisco Discloses Details of Critical Advantech Router Tool Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet