Posted Wednesday, February 12th 2014 @ 10am by Giuseppe Macri
Security researchers have discovered a potentially dangerous flaw in airport x-ray machines that would allow hackers to pass deadly weapons through security.
Billy Rios and Terry McCorkle of security firm Qualys discovered that a training function called Threat Image Projection, which superimposes fake images of contraband on the screen to train security personnel, could be manipulated to work in reverse, and project images of weapon-free luggage over top of the real thing.
The training software is present in all TSA scanners, and also on machines deployed in government buildings, embassies, courthouses, ports and border crossings.
“Someone could basically own this machine and modify the images that the operators see,” Rios told Wired.
While experimenting with a scanner, the researchers were able to use a common hacking technique to bypass a supervisor’s login credentials and usurp control of the screen that controls Threat Image Projection.