Researchers find security flaws in backscatter X-ray scanners

Aug 20, 2014
Professor Hovav Shacham stands in front of the backscatter x-ray scanner as you would during a security check. Credit: Erik Jepsen/UC San Diego Publications

A team of researchers from the University of California, San Diego, the University of Michigan, and Johns Hopkins University have discovered several security vulnerabilities in full-body backscatter X-ray scanners deployed to U.S. airports between 2009 and 2013.

In laboratory tests, the team was able to successfully conceal firearms and plastic explosive simulants from the Rapiscan Secure 1000 scanner. The team was also able to modify the scanner operating software so it presents an "all-clear" image to the operator even when contraband was detected. "Frankly, we were shocked by what we found," said J. Alex Halderman, a professor of computer science at the University of Michigan. "A clever attacker can smuggle contraband past the machines using surprisingly low-tech techniques."

The researchers attribute these shortcomings to the process by which the machines were designed and evaluated before their introduction at airports. "The system's designers seem to have assumed that attackers would not have access to a Secure 1000 to test and refine their attacks," said Hovav Shacham, a professor of at UC San Diego. However, the researchers were able to purchase a government-surplus machine found on eBay and subject it to laboratory testing.

Many physical systems that protect critical infrastructure are evaluated in secret, without input from the public or independent experts, the researchers said. In the case of the Secure 1000, that secrecy did not produce a system that can resist attackers who study and adapt to new security measures. "Secret testing should be replaced or augmented by rigorous, public, independent testing of the sort common in ," said Prof. Shacham.

From left are: Computer science Ph.D. student Keaton Mowery and computer science professor Hovav Shacham. Credit: Erik Jepsen/UC San Diego Publications

Secure 1000 scanners were removed from airports in 2013 due to privacy concerns, and are now being repurposed to jails, courthouses, and other government facilities. The researchers have suggested changes to screening procedures that can reduce, but not eliminate, the scanners' blind spots. However, "any screening process that uses these machines has to take into account their limitations," said Prof. Shacham.

Explore further: Backscatter body scan redux

More information: The researchers shared their findings with the Department of Homeland Security and Rapiscan, the scanner's manufacturer, in May. The team will present their findings publicly at the USENIX Security conference, Thursday Aug. 21, in San Diego. Details of the results will be available at radsec.org/ on Aug. 20.

add to favorites email to friend print save as pdf

Related Stories

Backscatter body scan redux

Jul 22, 2014

Airline passengers have already said bon voyage to the controversial backscatter x-ray security scanners, pulled from U.S. airports in 2013 over concerns about privacy and potential radiation risks. But the ...

EU adopts guidelines on airport body scanners

Nov 14, 2011

(AP) -- The European Union adopted new guidelines Monday on using body scanners at airports, hoping to address the privacy concerns that have delayed their implementation across the continent.

Radiation from airport scanners—how much dose we get

Jun 27, 2013

A new report by an independent task force commissioned by the American Association of Physicists in Medicine (AAPM), has found that people absorb less radiation from airport X-ray backscatter scanner than they do while standing ...

Better airport scanners delayed by privacy fears

Dec 28, 2009

(AP) -- High-tech security scanners that might have prevented the Christmas Day attempt to blow up a jetliner have been installed in only a small number of airports around the world, in large part because ...

Recommended for you

Desktop device to make key gun part goes on sale in US

6 hours ago

The creator of the world's first 3D plastic handgun unveiled Wednesday his latest invention: a pre-programmed milling machine that enables anyone to easily make the core component of a semi-automatic rifle.

Minimally invasive surgery with hydraulic assistance

13 hours ago

Endoscopic surgery requires great manual dexterity on the part of the operating surgeon. Future endoscopic instruments equipped with a hydraulic control system will provide added support during minimally ...

Analyzing gold and steel – rapidly and precisely

14 hours ago

Optical emission spectrometers are widely used in the steel industry but the instruments currently employed are relatively large and bulky. A novel sensor makes it possible to significantly reduce their size ...

More efficient transformer materials

15 hours ago

Almost every electronic device contains a transformer. An important material used in their construction is electrical steel. Researchers have found a way to improve the performance of electrical steel and ...

Sensor network tracks down illegal bomb-making

15 hours ago

Terrorists can manufacture bombs with relative ease, few aids and easily accessible materials such as synthetic fertilizer. Not always do security forces succeed in preventing the attacks and tracking down ...

Miniature camera may reduce accidents

15 hours ago

Measuring only a few cubic millimeters, a new type of camera module might soon be integrated into future driver assistance systems to help car drivers facing critical situations. The little gadget can be ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

ForFreeMinds
5 / 5 (3) Aug 20, 2014
More evidence that the TSA is more engaged in security theatre and citizen harassment rather than protecting the public. And who knows what the company producing the scanners did to ensure they got a lucrative government contract selling the flawed scanners.
alfie_null
not rated yet Aug 21, 2014
And who knows what the company producing the scanners did to ensure they got a lucrative government contract selling the flawed scanners.

I'll answer your rhetorical question: They presented the lowest cost bid. No doubt the scanners met all the technical criteria of the contract. Security, always hard to spec, probably received short shrift in the requirements. With all the belt tightening, LPTAs (lowest price technically acceptable) are the future.
User68niou1
not rated yet Aug 26, 2014
This surprises 100% of no one.