At the 2014 Kaspersky Security Analyst Summit (KSAS), it was revealed that the x-ray scanners used by the Transportation Security Administration (TSA) is hackable, allowing outside forces to spoof the contents of carry-on baggage.
The KSAS hosted “anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community” with the purpose of discussing “ways to improve collaboration in the fight against cyber-crime.”
Corporations in attendance were:
• Barracuda Networks
• International Telecommunication Union (ITU)
• World Bank
• Team Cymru
• ShadowServer Foundation
• ICSA Labs
Speakers at the event included:
• Eugene Kaspersky, CEO and Chairman, Kaspersky Lab
• Christopher Soghoian, Ph.D., Principal Technologist and a Senior Policy Analyst, American Civil Liberties Union
• Steve Adegbite, Senior Vice President of Enterprise Information Security Program Oversight and Strategy organization at Wells Fargo & Co.
Billy Rios, director of threat intelligence for Qualys, told the audience at the KSAS how he and his college Terry McCorkle discovered this little known fact.
Rios and McCorkle tested the Rapiscan 522 B x-ray system and brought their findings to the conference to show the public that there are “several blatant security weaknesses that leave the equipment vulnerable to abuse.”
Shockingly, Rios and McCorkle showed:
• These scanners run on Windows 98 operating system
• Stores user credentials in plain text
• Uses the Threat Image Projection (TIP) to discern safety for passengers
The TIP is a training tool for screeners that utilize .bmp images to teach screeners how to identify objects of question in bags.
However, this technique allows for the super-imposing of images that are not there; and therefore the possibility of a hacker doing the same is quite high.
Rios explained: “The worst-case scenario is someone manipulates this in a way that the operator doesn’t know a threat is in the bag … by design; the software allows you to manipulate the image for training [purposes]. The TSA requires this super-dangerous feature on all of these baggage scanners.”
The researchers have decided to continue their experiments to uncover more vulnerability at TSA checkpoints.
The TSANet, a network of connected internet hubs could easily be accessed using simple WiFi to infiltrate at any airport.
Rios is interested in whether or not he can “get to that network” using a cable or WiFi to prove his point.