A team of researchers from the University of California at San Diego, University of Michigan and Johns Hopkins University have claimed that weapons, including metal guns and plastic explosives, could be easily smuggled past full-body scanners installed at a number of government facilities, according to media reports published Wednesday.
The researchers reportedly found that a person could conceal contraband from the scanners simply by wrapping the items in plastic or clothing so that they were practically invisible against the scans’ dark background. They also claimed that molding plastic explosives around a person's body made them indistinguishable from skin in the machine's images.
J. Alex Halderman, a University of Michigan computer science professor and one of the study's authors, told Wired on Wednesday that the “glaring vulnerabilities” found in the machines demonstrated the standard of testing the machines went through before being installed at a cost of more than $1 billion in more than 160 American airports.
“These machines were tested in secret, presumably without this kind of adversarial mindset…they might stop a naive attacker. But someone who applied just a bit of cleverness to the problem would be able to bypass them,” Halderman told Wired.
While the Rapiscan Secure 1000 machines that the researchers tested were replaced by millimeter wave scanners in airports last year, they are still being used in various other locations across the U.S., including in courthouses and prisons.
The report added that because none of the researchers could obtain a millimeter wave scanner, they could not determine whether these machines had similar vulnerabilities.
The researchers said that though they had presented their findings to both Rapiscan and Transportation Security Administration, or TSA, officials, they had yet to receive any feedback from them.
A TSA spokesperson, however, told Wired that the “rigorous testing and evaluation process” its equipment goes through ensures that “security risks are identified and mitigation plans put in place.”
The detailed findings of the study will be presented at the Usenix Security Conference on Thursday.