Airport Security Not Secure Enough, Researcher Reveals at Black Hat
A security researcher looks at airport scanners and other security devices used in airports and finds some serious vulnerabilities.LAS VEGAS—The security of a number of devices used by the U.S. Transportation Security Administration (TSA) is being called into question by a researcher at the Black Hat USA conference here. Billy Rios, director of Vulnerability Research at Qualys, looked at three different devices used by the TSA in airports in the United States and found security issues in all of them. In an interview with eWEEK, Rios emphasized that all of the issues he found have been responsibly disclosed via ICS-CERT to help minimize any risk to travelers. X-ray Scanner One of the devices that Rios examined is an X-ray scanner used in airports to screen passengers' carry-on luggage. Rios was able to identify a number of security vulnerabilities in the software, including an authentication bypass issue.
"Even if you don't know the right password, you can still gain access to the device," he said. "Once you gain access to the device, you'll be able to get any other user's password."