Multiple vulnerabilities in Ultra-wideband (UWB) Real-time Locating Systems (RTLS) have been reported, allowing threat actors to launch adversary-in-the-middle (AitM) attacks and tamper with location information.
The cybersecurity firm Nozomi Networks disclosed in a technical write-up last week, “The zero-days found specifically pose a security risk for workers in industrial environments. If a threat actor exploits these vulnerabilities, they have the ability to tamper with safety zones designated by RTLS to protect workers in hazardous areas.”
RTLS is used for automatically identifying and tracking the location of objects or people in real-time, typically within a confined indoor area. This is accomplished by attaching tags to assets, which broadcast USB signals to fixed reference points known as anchors, which then determine their location.
However, flaws discovered in RTLS solutions (Sewio Indoor Tracking RTLS UWB Wi-Fi Kit and Avalue Renity Artemis Enterprise Kit) meant they could be weaponized to intercept network packets exchanged between anchors and the central server and stage traffic manipulation attacks.
Simply stated, the concept is to guesstimate the anchor coordinates and use them to manipulate the RTLS system’s geofencing rules, effectively tricking the software into allowing a
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: