Featured Research

from universities, journals, and other organizations

Security flaws found in backscatter X-ray scanners formerly used in U.S. airports

Date:
August 20, 2014
Source:
University of California - San Diego
Summary:
Researchers have discovered security vulnerabilities in full-body backscatter X-ray scanners deployed to U.S. airports between 2009 and 2013. In laboratory tests, the team was able to conceal firearms and plastic explosive simulants from the Rapiscan Secure 1000 scanner. The team modified the scanner operating software to present an 'all-clear' image to the operator even when contraband was detected.

Professor Hovav Shacham stands in front of the backscatter x-ray scanner as you would during a security check.
Credit: Photos by Erik Jepsen/UC San Diego Publications

A team of researchers from the University of California, San Diego, the University of Michigan, and Johns Hopkins University have discovered several security vulnerabilities in full-body backscatter X-ray scanners deployed to U.S. airports between 2009 and 2013.

Related Articles


In laboratory tests, the team was able to successfully conceal firearms and plastic explosive simulants from the Rapiscan Secure 1000 scanner. The team was also able to modify the scanner operating software so it presents an "all-clear" image to the operator even when contraband was detected. "Frankly, we were shocked by what we found," said J. Alex Halderman, a professor of computer science at the University of Michigan. "A clever attacker can smuggle contraband past the machines using surprisingly low-tech techniques."

The researchers attribute these shortcomings to the process by which the machines were designed and evaluated before their introduction at airports. "The system's designers seem to have assumed that attackers would not have access to a Secure 1000 to test and refine their attacks," said Hovav Shacham, a professor of computer science at UC San Diego However, the researchers were able to purchase a government-surplus machine found on eBay and subject it to laboratory testing.

Many physical security systems that protect critical infrastructure are evaluated in secret, without input from the public or independent experts, the researchers said. In the case of the Secure 1000, that secrecy did not produce a system that can resist attackers who study and adapt to new security measures. "Secret testing should be replaced or augmented by rigorous, public, independent testing of the sort common in computer security," said Shacham.

Secure 1000 scanners were removed from airports in 2013 due to privacy concerns, and are now being repurposed to jails, courthouses, and other government facilities. The researchers have suggested changes to screening procedures that can reduce, but not eliminate, the scanners' blind spots. However, "any screening process that uses these machines has to take into account their limitations," said Shacham.

The researchers shared their findings with the Department of Homeland Security and Rapiscan, the scanner's manufacturer, in May. The team will present their findings publicly at the USENIX Security conference, Thursday Aug. 21, in San Diego.


Story Source:

The above story is based on materials provided by University of California - San Diego. The original article was written by Ioana Patringenaru. Note: Materials may be edited for content and length.


Cite This Page:

University of California - San Diego. "Security flaws found in backscatter X-ray scanners formerly used in U.S. airports." ScienceDaily. ScienceDaily, 20 August 2014. <www.sciencedaily.com/releases/2014/08/140820110434.htm>.
University of California - San Diego. (2014, August 20). Security flaws found in backscatter X-ray scanners formerly used in U.S. airports. ScienceDaily. Retrieved November 27, 2014 from www.sciencedaily.com/releases/2014/08/140820110434.htm
University of California - San Diego. "Security flaws found in backscatter X-ray scanners formerly used in U.S. airports." ScienceDaily. www.sciencedaily.com/releases/2014/08/140820110434.htm (accessed November 27, 2014).

Share This


More From ScienceDaily



More Science & Society News

Thursday, November 27, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Who Will Failed Nuclear Talks Hurt Most?

Who Will Failed Nuclear Talks Hurt Most?

Reuters - Business Video Online (Nov. 25, 2014) With no immediate prospect of sanctions relief for Iran, and no solid progress in negotiations with the West over the country's nuclear programme, Ciara Lee asks why talks have still not produced results and what a resolution would mean for both parties. Video provided by Reuters
Powered by NewsLook.com
FCC Forces T-Mobile To Alert Customers Of Data Throttling

FCC Forces T-Mobile To Alert Customers Of Data Throttling

Newsy (Nov. 25, 2014) T-Mobile and the FCC have reached an agreement requiring the company to alert customers when it throttles their data speeds. Video provided by Newsy
Powered by NewsLook.com
From Popcorn To Vending Snacks: FDA Ups Calorie Count Rules

From Popcorn To Vending Snacks: FDA Ups Calorie Count Rules

Newsy (Nov. 25, 2014) The US FDA is announcing new calorie rules on Tuesday that will require everywhere from theaters to vending machines to include calorie counts. Video provided by Newsy
Powered by NewsLook.com
Symantec Uncovers Sophisticated Spying Malware Regin

Symantec Uncovers Sophisticated Spying Malware Regin

Newsy (Nov. 24, 2014) A Symantec white paper reveals details about Regin, a spying malware of unusual complexity which is believed to be state-sponsored. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Science & Society

Business & Industry

Education & Learning

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins