ScienceBlog: Researchers find security flaws in Rapiscan backscatter X-ray scanners
Aug 20, 2014, 12:59 pm
#1
FlyerTalk Evangelist
Original Poster
Join Date: Oct 2009
Location: ATL Lost Luggage
Programs: Kettle with Kryptonium Medallion Tags
Posts: 10,296
ScienceBlog: Researchers find security flaws in Rapiscan backscatter X-ray scanners
ScienceBlog:
Researchers find security flaws in backscatter X-ray scanners
August 20, 2014
Researchers find security flaws in backscatter X-ray scanners
August 20, 2014
A team of researchers from the University of California, San Diego, the University of Michigan, and Johns Hopkins University have discovered several security vulnerabilities in full-body backscatter X-ray scanners deployed to U.S. airports between 2009 and 2013.
In laboratory tests, the team was able to successfully conceal firearms and plastic explosive simulants from the Rapiscan Secure 1000 scanner. The team was also able to modify the scanner operating software so it presents an “all-clear” image to the operator even when contraband was detected. “Frankly, we were shocked by what we found,” said J. Alex Halderman, a professor of computer science at the University of Michigan. “A clever attacker can smuggle contraband past the machines using surprisingly low-tech techniques.”
In laboratory tests, the team was able to successfully conceal firearms and plastic explosive simulants from the Rapiscan Secure 1000 scanner. The team was also able to modify the scanner operating software so it presents an “all-clear” image to the operator even when contraband was detected. “Frankly, we were shocked by what we found,” said J. Alex Halderman, a professor of computer science at the University of Michigan. “A clever attacker can smuggle contraband past the machines using surprisingly low-tech techniques.”
Last edited by essxjay; Aug 23, 2014 at 4:18 pm Reason: Bypassing profanity filters
Aug 20, 2014, 5:43 pm
#3
Join Date: Jul 2009
Location: DFW
Programs: AS, BA, AA
Posts: 3,670
Another, more comprehensive article: http://www.utsandiego.com/news/2014/...t-bodyscanner/
The 'item concealed on your side' bit sounds like academic confirmation of affection's expose.
The 'organic translucent' bit sounds like the 'pancake' study that was done earlier... probably if you put a thick enough layer of a material that scatters X-rays like belly fat over the gun, it can be concealed.
The malware attack seems the most interesting bit, but I fear that all it will do is profit Rapiscan, because they will need to do a $$$$ 'recertification' process on any secondhand Secure 1000 machines to ensure their 'software integrity'.
In airport settings, the Secure 1000 was typically used to take images of the front and back of a person while they stood still. Objects -- such as a gun or a knife -- would appear as dark areas against a bright silhouette of the person.
Shacham says a problem can occur when a metal gun is held at a person’s side. Such weapons absorb much of the X-ray. The gun appears as a dark area against a dark background, just off the silhouette. That can make guns and knives hard to see.
Shacham said the team also used “organic but translucent” material to successfully hide a knife from the scanner. Other concealment techniques were used to prevent the scanner from seeing knives and plastic explosives. And the machine’s software was manipulated in a way that made the scanner report that a person was not carrying contraband.
Shacham says a problem can occur when a metal gun is held at a person’s side. Such weapons absorb much of the X-ray. The gun appears as a dark area against a dark background, just off the silhouette. That can make guns and knives hard to see.
Shacham said the team also used “organic but translucent” material to successfully hide a knife from the scanner. Other concealment techniques were used to prevent the scanner from seeing knives and plastic explosives. And the machine’s software was manipulated in a way that made the scanner report that a person was not carrying contraband.
The 'organic translucent' bit sounds like the 'pancake' study that was done earlier... probably if you put a thick enough layer of a material that scatters X-rays like belly fat over the gun, it can be concealed.
The malware attack seems the most interesting bit, but I fear that all it will do is profit Rapiscan, because they will need to do a $$$$ 'recertification' process on any secondhand Secure 1000 machines to ensure their 'software integrity'.
Aug 21, 2014, 7:47 am
#5
Join Date: Jan 2010
Location: DTW
Programs: DL DM/1MM, Marriott Lifetime Platinum
Posts: 199
The actual study itself can be found here (and has some pictures demonstrating their techniques!)
https://radsec.org/secure1000-sec14.pdf
https://radsec.org/secure1000-sec14.pdf
Aug 21, 2014, 10:23 am
#6
FlyerTalk Evangelist
Join Date: Jun 2005
Posts: 38,410
No. Thick or thin doesn't matter. What matters is that you feather the edges smoothly. Smooth curves like a real person, no angles.
Aug 21, 2014, 1:02 pm
#7
FlyerTalk Evangelist
Join Date: Jan 2005
Location: BWI
Programs: AA Gold, HH Diamond, National Emerald Executive, TSA Disparager Gold
Posts: 15,180
More ways to defeat TSA's "security"
Read this today:
http://bgr.com/2014/08/20/tsa-scanners-security-issues/
http://bgr.com/2014/08/20/tsa-scanners-security-issues/
This isn’t the first time someone managed to sneak by a weapon past a TSA Rapiscan full-body X-ray scanner, but Wired reports that scientists have taken the procedure to a new level and have come up with various techniques to completely fool the security device.
The team of researchers, from the University of California at San Diego, the University of Michigan and Johns Hopkins, have figured out ways to conceal weapons, explosive devices, and even insert malware into the PC that controls the machine that can then be activated with a simple QR code printed on a piece of clothing.
The team of researchers, from the University of California at San Diego, the University of Michigan and Johns Hopkins, have figured out ways to conceal weapons, explosive devices, and even insert malware into the PC that controls the machine that can then be activated with a simple QR code printed on a piece of clothing.
Aug 21, 2014, 1:33 pm
#8
A FlyerTalk Posting Legend
Join Date: Sep 2006
Location: where the chile is hot
Programs: AA,RR,NW,Delta ,UA,CO
Posts: 41,668
This is why the machines should have been independently tested in the first place.
It's about both safety and effectiveness. Chertoff didn't care about the first, but over-reliance on the infallibility of the machines puts us all at elevated risk.
It's about both safety and effectiveness. Chertoff didn't care about the first, but over-reliance on the infallibility of the machines puts us all at elevated risk.
Aug 21, 2014, 1:36 pm
#9
FlyerTalk Evangelist
Join Date: Aug 2001
Location: Finally back in Boston after escaping from New York
Posts: 13,644
Mike
Aug 21, 2014, 1:44 pm
#10
FlyerTalk Evangelist
Join Date: Mar 2002
Location: An NPR mind living in a Fox News world
Posts: 14,165
Aug 21, 2014, 4:15 pm
#11
Join Date: Apr 2005
Location: PHX
Programs: AA Ex Platinum & 1MM, DL PLT, Marriott Gold, HH Diamond
Posts: 2,490
I believe there is a Youtube video somewhere that shows exactly how easy it is to get stuff past these useless machines.
Not to mention the TSA's own Red Team which, if memory serves, managed to get a gun past one of those machines 5 different times (@ DFW, I believe).
Then there is the matter of the sky-high false+ rate which the Irish Dept of Prisons only took 3 mos to figure out & dump the machines.
Seems the only ones who don't get how useless these things are is the TSA & the scientists doing this study.
Plus, of course, in a pinch the determined tewwowist could simply get a job w/either an airport vendor or, even more easy, the TSA itself & then be able to bring just about anything thru the checkpoint w/no worries.
Not to mention the TSA's own Red Team which, if memory serves, managed to get a gun past one of those machines 5 different times (@ DFW, I believe).
Then there is the matter of the sky-high false+ rate which the Irish Dept of Prisons only took 3 mos to figure out & dump the machines.
Seems the only ones who don't get how useless these things are is the TSA & the scientists doing this study.
Plus, of course, in a pinch the determined tewwowist could simply get a job w/either an airport vendor or, even more easy, the TSA itself & then be able to bring just about anything thru the checkpoint w/no worries.
Last edited by txrus; Aug 24, 2014 at 3:30 pm
Aug 21, 2014, 4:33 pm
#12
Join Date: Aug 2012
Posts: 3,526
These machines and their lack of effectiveness don't put anyone at risk, except for risk of a good groping by a screener.
Aug 21, 2014, 4:45 pm
#13
A FlyerTalk Posting Legend
Join Date: Sep 2006
Location: where the chile is hot
Programs: AA,RR,NW,Delta ,UA,CO
Posts: 41,668
Ironically, if you ask for an 'opt out', TSOs try to dissuade you, then penalize you. If you ask for the WTMD, you're immediately an object of suspicion.
But if you ask for what is quite possibly the weakest of the three, you're greeted with happy faces.
Aug 21, 2014, 5:31 pm
#14
Join Date: Aug 2012
Posts: 3,526
No, at risk of a genuine threat, because the assumption is that the machine misses nothing.
Ironically, if you ask for an 'opt out', TSOs try to dissuade you, then penalize you. If you ask for the WTMD, you're immediately an object of suspicion.
But if you ask for what is quite possibly the weakest of the three, you're greeted with happy faces.
Ironically, if you ask for an 'opt out', TSOs try to dissuade you, then penalize you. If you ask for the WTMD, you're immediately an object of suspicion.
But if you ask for what is quite possibly the weakest of the three, you're greeted with happy faces.
Aug 21, 2014, 8:05 pm
#15
FlyerTalk Evangelist
Join Date: Aug 2001
Location: Finally back in Boston after escaping from New York
Posts: 13,644
"I aim at the stars...but sometimes miss and hit London."
Mike