This isn’t the first time someone managed to sneak by a weapon past a TSA Rapiscan full-body X-ray scanner, but Wired reports that scientists have taken the procedure to a new level and have come up with various techniques to completely fool the security device.
The team of researchers, from the University of California at San Diego, the University of Michigan and Johns Hopkins, have figured out ways to conceal weapons, explosive devices, and even insert malware into the PC that controls the machine that can then be activated with a simple QR code printed on a piece of clothing.
The simplest way to move a weapon past the scanner is to tape it to one of the sides of a person’s body. The metal will appear in black on the scan, and it will blend in with the surroundings, presuming the person is carrying a metal gun and if they aren’t asked to perform a 90-degree turn.
One other trick involves molding a 200g piece of plastic explosive around a passenger’s torso, which becomes invisible during the scan. Just like with the gun experiment, only certain materials will do the trick to elude detection.
Finally, the malware attack involves hacking the computer connected to a machine, and installing a piece of software that will display an image of a different person as soon as it’s activated by a QR code on a piece of clothing.
The Rapiscan Secure 1,000 machines that the researchers used were replaced in airports last year by a millimeter wave scanner that’s more privacy-friendly, but they’re still in use in various other locations including courthouses and other government security checkpoints.
The researchers have not been able to perform the same tests on the new scanner, but will reveal their findings at the Usenix Security Conference on Thursday, after having shared them already with the TSA and Rapiscan.
The TSA told the publication in a comment on the matter that “technology procured by the Transportation Security Administration goes through a rigorous testing and evaluation process, along with certification and accreditation. This process ensures information technology security risks are identified and mitigation plans put in place, as necessary,” pointing out that the majority of equipment it uses isn’t available commercially or to other entities, and that the TSA uses its own “libraries, software and settings.”
An image showing X-ray scans with a concealed weapon follows below, with more pictures for the other security exploits available at the source link.