Researchers find security vulnerabilities in X-ray scanners used in U.S. airports

February 11, 2015

A team of computer scientists, including one from Johns Hopkins, has discovered several security vulnerabilities in the full-body X-ray scanners used at U.S. airports between 2009 and 2013.

The team members conducted the first independent security evaluation of the Rapiscan Secure 1000 full-body scanner, which was widely deployed at U.S. airport security checkpoints. They bought a surplus unit on eBay in 2012.

What the researchers found was not particularly reassuring. In laboratory tests, the team was able to conceal firearms and plastic explosive simulants from the Rapiscan Secure 1000 scanner. They were also able to modify the scanner’s operating software so it presented an “all-clear” message to the operator even when contraband was detected.

The results of their evaluation are described in apaper scheduled for public presentation Thursday at the USENIX Security conference in San Diego.

“We find that the system provides weak protection against adaptive adversaries: It is possible to conceal knives, guns, and explosives from detection by exploiting properties of the device’s backscatter X-ray technology,” the scientists write.


Excerpted from The Hub. Read the complete story here.

JHU Information Security Institute