Nozomi Networks Researchers Reveal Zero-Day RTLS Vulnerabilities at Black Hat 22

Share This

Last week Nozomi Networks Labs attended Black Hat 22 in Las Vegas to present zero-day vulnerabilities found in Ultra-wideband (UWB) Real-time Locating Systems (RTLS). Security Researchers Andrea Palanca and Luca Cremona, along with Security Research Evangelist Roya Gordon, presented the findings discovered by Palanca and Cremona, on Wednesday August 10th at 4:20 pm PST. This was the first time these vulnerabilities were revealed to an audience.

RTLS is a technology used in multiple industries, including smart cities, retail, manufacturing, mass transit, etc. The zero-days found specifically pose a security risk for workers in industrial environments. If a threat actor exploits these vulnerabilities, they have the ability to tamper with safety zones designated by RTLS to protect workers in hazardous areas.

During the presentation, the team demonstrated how a threat actors could launch a Man-in-the-Middle (MitM) attack and tamper with location data to place a worker outside of a geo-fencing area so that dangerous machinery would restart while a worker is nearby. A threat actor could also tamper with location data to show that a worker is within a designated geofencing zone to shut down an entire production line, even when no one is around. They also demonstrated how threat actors could tamper with RTLS used for COVID-19 contact tracing to falsify personnel coming into contact with COVID-positive personnel.

Technical details of these findings can be found in the newly published white paper. In addition to the remediations in the white paper, the security researchers also provided packet captures (PCAPs) and dissectors in a Git Hub repository here.

Nozomi Networks Researchers Reveal Zero-Day RTLS Vulnerabilities at Black Hat 22
Nozomi-Networks-Researchers-Black-Hat-22
WHITE PAPER

UWB Real Time Locating Systems: How Secure Radio Communications May Fail in Practice

Learn about zero-day vulnerabilities in RTLS that may be used to target people and objects, and how to implement a secure wireless network infrastructure

Let's get started

Discover how easy it is to anticipate, diagnose and respond to cyber threats and process issues before they impact your operations.