Researchers find security flaws in backscatter X-ray scanners

Aug 20, 2014
Professor Hovav Shacham stands in front of the backscatter x-ray scanner as you would during a security check. Credit: Erik Jepsen/UC San Diego Publications

A team of researchers from the University of California, San Diego, the University of Michigan, and Johns Hopkins University have discovered several security vulnerabilities in full-body backscatter X-ray scanners deployed to U.S. airports between 2009 and 2013.

In laboratory tests, the team was able to successfully conceal firearms and plastic explosive simulants from the Rapiscan Secure 1000 scanner. The team was also able to modify the scanner operating software so it presents an "all-clear" image to the operator even when contraband was detected. "Frankly, we were shocked by what we found," said J. Alex Halderman, a professor of computer science at the University of Michigan. "A clever attacker can smuggle contraband past the machines using surprisingly low-tech techniques."

The researchers attribute these shortcomings to the process by which the machines were designed and evaluated before their introduction at airports. "The system's designers seem to have assumed that attackers would not have access to a Secure 1000 to test and refine their attacks," said Hovav Shacham, a professor of at UC San Diego. However, the researchers were able to purchase a government-surplus machine found on eBay and subject it to laboratory testing.

Many physical systems that protect critical infrastructure are evaluated in secret, without input from the public or independent experts, the researchers said. In the case of the Secure 1000, that secrecy did not produce a system that can resist attackers who study and adapt to new security measures. "Secret testing should be replaced or augmented by rigorous, public, independent testing of the sort common in ," said Prof. Shacham.

From left are: Computer science Ph.D. student Keaton Mowery and computer science professor Hovav Shacham. Credit: Erik Jepsen/UC San Diego Publications

Secure 1000 scanners were removed from airports in 2013 due to privacy concerns, and are now being repurposed to jails, courthouses, and other government facilities. The researchers have suggested changes to screening procedures that can reduce, but not eliminate, the scanners' blind spots. However, "any screening process that uses these machines has to take into account their limitations," said Prof. Shacham.

Explore further: Backscatter body scan redux

More information: The researchers shared their findings with the Department of Homeland Security and Rapiscan, the scanner's manufacturer, in May. The team will present their findings publicly at the USENIX Security conference, Thursday Aug. 21, in San Diego. Details of the results will be available at radsec.org/ on Aug. 20.

add to favorites email to friend print save as pdf

Related Stories

Backscatter body scan redux

Jul 22, 2014

Airline passengers have already said bon voyage to the controversial backscatter x-ray security scanners, pulled from U.S. airports in 2013 over concerns about privacy and potential radiation risks. But the ...

EU adopts guidelines on airport body scanners

Nov 14, 2011

(AP) -- The European Union adopted new guidelines Monday on using body scanners at airports, hoping to address the privacy concerns that have delayed their implementation across the continent.

Radiation from airport scanners—how much dose we get

Jun 27, 2013

A new report by an independent task force commissioned by the American Association of Physicists in Medicine (AAPM), has found that people absorb less radiation from airport X-ray backscatter scanner than they do while standing ...

Better airport scanners delayed by privacy fears

Dec 28, 2009

(AP) -- High-tech security scanners that might have prevented the Christmas Day attempt to blow up a jetliner have been installed in only a small number of airports around the world, in large part because ...

Recommended for you

First drone in Nevada test program crashes in demo

5 hours ago

A drone testing program in Nevada is off to a bumpy start after the first unmanned aircraft authorized to fly without Federal Aviation Administration supervision crashed during a ceremony in Boulder City.

Fully automated: Thousands of blood samples every hour

13 hours ago

Siemens is supplying automation technology for the longest and one of the most cutting-edge sample processing lines in any clinical laboratory. The line, or automation track, 200 meters long, in Marlborough, ...

Explainer: What is 4-D printing?

13 hours ago

Additive manufacturing – or 3D printing – is 30 years old this year. Today, it's found not just in industry but in households, as the price of 3D printers has fallen below US$1,000. Knowing you can p ...

First series production vehicle with software control

14 hours ago

Siemens has unveiled the first electric series production vehicle with the central electronics and software architecture RACE. This technology, developed in the research project of the same name, replaces ...

Amputee puts limb system through its paces

16 hours ago

"Amputee Makes History with APL's Modular Prosthetic Limb" is the headline from Johns Hopkins Applied Physics Laboratory, where a team working on prosthetics observed a milestone when a double amputee showed ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

ForFreeMinds
4 / 5 (4) Aug 20, 2014
More evidence that the TSA is more engaged in security theatre and citizen harassment rather than protecting the public. And who knows what the company producing the scanners did to ensure they got a lucrative government contract selling the flawed scanners.
alfie_null
not rated yet Aug 21, 2014
And who knows what the company producing the scanners did to ensure they got a lucrative government contract selling the flawed scanners.

I'll answer your rhetorical question: They presented the lowest cost bid. No doubt the scanners met all the technical criteria of the contract. Security, always hard to spec, probably received short shrift in the requirements. With all the belt tightening, LPTAs (lowest price technically acceptable) are the future.
User68niou1
1 / 5 (1) Aug 26, 2014
This surprises 100% of no one.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.