A team of computer scientists, including one from the Whiting School of Engineering, has discovered several security vulnerabilities in the full-body X-ray scanners used at U.S. airports between 2009 and 2013.
The team members conducted the first independent security evaluation of the Rapiscan Secure 1000 full-body scanner, which was widely deployed at U.S. airport security checkpoints. They bought a surplus unit on eBay in 2012.
What the researchers found was not particularly reassuring. In laboratory tests, the team was able to conceal firearms and plastic explosive simulants from the Rapiscan Secure 1000 scanner. They were also able to modify the scanner’s operating software so it presented an “all-clear” message to the operator even when contraband was detected.
The results of their evaluation are described in a paper scheduled for public presentation Thursday at the USENIX Security conference in San Diego.
“We find that the system provides weak protection against adaptive adversaries: It is possible to conceal knives, guns, and explosives from detection by exploiting properties of the device’s backscatter X-ray technology,” the scientists write.
Secure 1000 scanners were removed from airports in 2013 due to privacy concerns, but they are now being repurposed for use in jails, courthouses, and other government facilities.
The eight authors of the paper include faculty members, graduate students, and other scholars from the University of California, San Diego; the University of Michigan; and Stephen Checkoway, an assistant research professor in the Department of Computer Science in Johns Hopkins’ Whiting School of Engineering.