Nozomi Networks Discovers MiTM and Location Tampering Vulnerability In RTLS Systems

Multiple vulnerabilities affecting Ultra-wideband (UWB) Real-time Locating Systems (RTLS) have been uncovered by researchers, giving threat actors the ability to perform Man-in-the-middle (MitM) attacks and tamper with location information.

RTLS is used to autonomously locate objects or persons in real-time, typically within a confined space. This is accomplished by using tags that are attached to assets; these tags send USB signals to fixed reference sites known as anchors, which subsequently pinpoint the assets’ locations.

“The zero-days discovered specifically pose a security risk for workers in industrial environments,” cybersecurity firm Nozomi Networks stated last week in a technical write-up. “If a threat actor exploits these flaws, they will be able to tamper with the safety zones designated by RTLS to protect workers in hazardous areas.”

However, flaws discovered in RTLS solutions (Sewio Indoor Tracking RTLS UWB Wi-Fi Kita and Avalue Renity Artemis Enterprise Kit) meant they could be weaponized to hijack network packets exchanged between the central server and anchors and stage traffic manipulation attacks.

Nzomi Networks RTLS solutions

Example of UWB RTLS in Manufacturers and Suppliers 

Simply put, the idea is to estimate the anchor coordinates and use them to manipulate the RTLS system’s geofencing rules, effectively tricking the software into allowing access to restricted areas and even disrupting production environments.

“If an attacker is able to change the position of a tag by modifying the positioning packet associated with that tag, it may become possible to enter restricted areas or steal valuables without the operators detecting that a malicious activity is taking place.”

Worse, by changing the position of tags and placing them within geofencing zones, a malicious actor can cause the shutdown of entire production lines by indicating that a technician is nearby even when no one is present.

In another scenario, the location data might be tampered with to place a worker outside of a geofencing zone, causing dangerous machinery to restart while a worker is nearby, posing serious safety risks.

However, it is worth noting that doing so requires an attacker to either compromise a computer connected to that network or secretly add a rogue device to gain unauthorized access to the network.

To prevent MITM attacks, it is recommended to enforce network segregation and add a traffic encryption layer on top of existing communications.

“Weak security requirements in critical software can lead to safety issues that cannot be ignored,” said Andrea Palanca, Luca Cremona, and Roya Gordon, the study’s authors. “Using secondary communications in UWB RTLS can be difficult, but it is doable.”

6 thoughts on “Nozomi Networks Discovers MiTM and Location Tampering Vulnerability In RTLS Systems”

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top