Security News > 2022 > August > RTLS systems vulnerable to MiTM attacks, location manipulation
Security researchers have uncovered multiple vulnerabilities impacting UWB RTLS, enabling threat actors to conduct man-in-the-middle attacks and manipulate tag geo-location data.
Nozomi analysts focused on the Sewio Indoor Tracking RTLS UWB Wi-Fi kit and Avalue Renity Artemis Enterprise kit, two widely used RTLS solutions that support the safety functionalities described above.
If a remote attacker manages to compute the position of the anchors to derive the relative position of the tracking tags, they would be able to send arbitrary values to the central computer by forging sync and positioning packets.
Movement patterns can be recorded and replayed during attacks to imitate realistic tag movement, like a guard on patrol, for example.
An attacker with access to the RTLS system can alter the position of a tag as needed to allow entrance to a restricted area or to raise false alarms and disrupt production line operations.
Nozomi suggests that admins of RTLS systems should use firewalls to restrict access, add intrusion detection systems in the network, and use SSH tunneling with packet synchronization counter-values for data encryption.