WASHINGTON (WNEW) – Teflon tape, molded plastic explosives and handguns are all concealment tricks that a group of researchers were able to pull off on the Rapiscan Secure 1000 machines previously used at TSA checkpoints and currently used at courthouses, prisons and other government security stops.
Researchers from the University of California, San Diego, the University of Michigan and Johns Hopkins University maneuvered weapons past the full-body X-ray scanners that were deployed at U.S. airports between 2009 and 2013 – at a cost of more than $1 billion.
"Frankly, we were shocked by what we found," said J. Alex Halderman, a professor of computer science at the University of Michigan, in a statement. "A clever attacker can smuggle contraband past the machines using surprisingly low-tech techniques."
Rapiscan Systems labels the Secure 1000 machines as "the most effective and most widely deployed image-based people screening solution," although the scanners were removed from TSA airport checkpoints last year because of privacy complaints stemming from the near-naked images it produced of passengers.
But the study authors say that the machines have been transferred to government buildings, jails and courthouses across the country.
The researchers were able to conceal a .380 ACP pistol and plastic explosives from the full-body X-ray scanners in addition to installing malware to produce fake "all-clear" images. They were also able to pull off a series of weapon concealment tricks, including the use of Teflon tape to conceal weapons against a person's spine. In one test, a 200 gram pancake of plastic explosive-like material was molded to a passenger's torso to avoid detection.
Researchers found the scanners could be duped simply by placing a weapon off to the side of the body or encasing it under a plastic shield.
Another scanner image failed to reveal a pistol hidden behind a person's knee and a pistol that was sewn into a pant leg. A knife and the C-4 explosive simulator material were also invisible to the scanners.
The scanning operator sees no difference between test images with and without the weapons and explosive material.
Another troubling element of the machine's vulnerability is the ease in which the researchers were able to even test it in the first place. They purchased the government surplus scanner from eBay.
In a statement, UC San Diego computer scientist Hovav Shacham said, "The (scanner's) designers seem to have assumed that attackers would not have access to a Secure 1000 to test and refine their attacks."
PHOTOS: Scary things stopped by the TSA
"These machines were tested in secret, presumably without this kind of adversarial mindset, thinking about how an attacker would adapt to the techniques being used," Halderman told Wired, prior to a research presentation at the Usenix Security Conference on Thursday. "They might stop a naive attacker. But someone who applied just a bit of cleverness to the problem would be able to bypass them. And if they had access to a machine to test their attacks, they could render their ability to detect contraband virtually useless."
In 2012, TSA cautioned reporters from citing a video produced by blogger Jonathan Corbett that showed TSA's Rapiscan full-body scanners being duped by a series of simple weapon concealment tricks.
OTHER INTERESTING STORIES: