RTLS Systems Found Vulnerable to MiTM Attacks and Location Tampering

2022-08-22 09:19

Researchers have disclosed multiple vulnerabilities impacting Ultra-wideband Real-time Locating Systems, enabling threat actors to launch adversary-in-the-middle attacks and tamper with location data.

"If a threat actor exploits these vulnerabilities, they have the ability to tamper with safety zones designated by RTLS to protect workers in hazardous areas."

RTLS is used to automatically identify and track the location of objects or people in real-time, usually within a confined indoor area.

Flaws identified in RTLS solutions - Sewio Indoor Tracking RTLS UWB Wi-Fi Kita and Avalue Renity Artemis Enterprise Kit - meant that they could be weaponized to intercept network packets exchanged between anchors and the central server and stage traffic manipulation attacks.

Put simply, the idea is to estimate the anchor coordinates and use it to manipulate the geofencing rules of the RTLS system, effectively tricking the software into granting access to restricted areas and even causing disruption to production environments.

To remediate such attacks, it's recommended to enforce network segregation and add a traffic encryption layer on top of the existing communications to prevent AitM attacks.

News URL

https://thehackernews.com/2022/08/rtls-systems-found-vulnerable-to-mitm.html

#attack #mitm