Source: Steve Watson | Infowars.com |
Researchers with three of the nation’s top Universities have concluded that TSA body scanners can be easily defeated by anyone with a modicum of know how, confirming what Infowars first reported two years ago, that the machines are useless.
Researchers at the University of California-San Diego, University of Michigan, and Johns Hopkins University presented their findings Thursday at the Usenix Security Symposium in San Diego. In essence, the machines, which are supposed to detect weapons, can be fooled by anyone hiding a weapon on the side of his or her body to render it invisible against the scans’ black background.
This finding corroborates what engineer Jon Corbett discovered for himself in 2012.
At the time, the TSA dismissed Corbett’s assertions, saying that the “machines are safe,” and urging the media not to even cover Corbett’s claims, derisively calling him “some guy” on the ” interwebs”.
However, not only has the latest research proved Corbett right, it has uncovered a whole host of vulnerabilities in the Rapiscan scanners. The Researchers were able to defeat the machines using all manner of tactics including using teflon tape to conceal weapons against the spine, installing malware on the scanner’s console that can spoof scans, and even just molding plastic explosives around the body to make it nearly indistinguishable from flesh in the machine’s image output.
One of the study’s authors, J. Alex Halderman, a University of Michigan computer science professor, noted that the findings highlight how poorly the machines were tested, despite TSA assurances.
“These machines were tested in secret, presumably without this kind of adversarial mindset, thinking about how an attacker would adapt to the techniques being used,” said Halderman.
“They might stop a naive attacker. But someone who applied just a bit of cleverness to the problem would be able to bypass them. And if they had access to a machine to test their attacks, they could render their ability to detect contraband virtually useless.” he added.
The researchers say that they found so many flaws in the scanners that they are not revealing all the methods they used to defeat them, for fear of giving ideas to would be attackers. “We’re not trying to to provide recipes to attack actual devices in the field,” said UCSD researcher Keaton Mowery.
One of the most disturbing findings came via the installation of malware on the scanner. This was done by picking the lock on the scanner’s cabinet and installing the malware on the PC inside. It enabled the researchers to selectively replace the scan of any passenger with a fake image.
A previous study by security firm Qualys also resulted in the same finding.
The researchers say that they notified both Rapiscan and the TSA about their findings months ago, but didn’t receive any feedback at all. Since the story has been picked up in the media this week, the TSA has issued a standard response claiming that “technology procured by the Transportation Security Administration goes through a rigorous testing and evaluation process.”
The new findings reveal exactly why the government was so reluctant to allow independent testing of the technology. Documents obtained by EPIC show how the TSA “publicly mischaracterized” findings of the National Institute of Standards and Technology (NIST), in stating that the agency had positively confirmed the safety of full body scanners in tests.
A recently discovered Homeland Security report also noted that federal investigators had “identified vulnerabilities in the screening process” involving the scanners.
A TSA whistleblower revealed earlier this year that even the trainers who taught screeners how to use the scanners knew that they did not work.
“They’re shit,” he said, shrugging. He said we wouldn’t be able to distinguish plastic explosives from body fat and that guns were practically invisible if they were turned sideways in a pocket.
We quickly found out the trainer was not kidding: Officers discovered that the machines were good at detecting just about everything besides cleverly hidden explosives and guns. The only thing more absurd than how poorly the full-body scanners performed was the incredible amount of time the machines wasted for everyone.
The scanners were deployed to more than 160 American airports beginning over four years ago at a cost of more than $1 billion. Recently, however, most of the machines were removed and mothballed following the surfacing of allegations that the manufacturer, Rapiscan, manipulated operational tests on the machines, and was unable to develop the privacy “stick man” software that masks naked images produced by the scanners.
Many of the machines have now found their way into state and local prisons in Iowa, Virginia and Louisiana, where they will be equally as uselsess. Sheriffs in Arkansas also received five of the machines recently. The remaining scanners are still gathering dust in a Rapiscan warehouse.
You’d think that this would be the end of the road for body scanners. You’d think that the government would learn a lesson from all of this. You’d also be wrong. Instead of laying the technology to rest, the TSA is seeking a new generation of more powerful body scanners.