Study: TSA full-body scanners failed to detect guns, explosives

Getty Images

The Transportation Security Administration’s full-body scanners failed to detect a number of potential weapons, including knives, guns and explosives, according to a study released this week.

The controversial scanners, which captured explicit images of passenger’s bodies, provided “weak protection against adaptive adversaries,” researchers from the University of California, San Diego; the University of Michigan and Johns Hopkins University concluded.

ADVERTISEMENT
“It is possible to conceal knives, guns, and explosives from detection by exploiting properties of the device’s backscatter X-ray technology,” the authors of the study wrote. 

The controversial "backscatter" X-ray machines produce black-and-white images of airline passengers as they are screened for security risks.

The TSA ended its contract with the company that produced them, Rapiscan, in 2013 after the developers failed to meet a congressionally mandated deadline to produce scanners that did not reveal images of the passengers.

The machines were replaced with a different type of scanner known as "millimeter wave" X-ray machines, which have been configured to show scans based on generic images of the human body. The new technology is referred to by TSA as Automated Target Recognition (ATR).

The backscatter X-ray machines were among the most criticized of TSA's airport security procedures. Critics worried about privacy argued that the images captured by the machines invaded the personal space of airline passengers, and they questioned the agency on what happened to those explicit pictures after the security checks are complete.

Critics also raised health concerns about the radiation that it is emitted from the backscatter X-ray machines.

The authors of the study said the machines were not effective in identifying threats on passengers, which was their primary purpose. 

“In laboratory tests with a real machine, we were able to conceal guns, knives, and explosive stimulants in such a way that they were not visible to the scanner operator,” the researchers wrote.

“We also studied the cyberphysical security of the machine and were able to show how an attacker could subvert the operator console software so that it would be possible to conceal all types of contraband.” 

TSA officials noted that the tests were conducted on versions of the X-ray machines that are commercially available, not the equipment it used in airports from 2009-2013. 

“Technology procured by the Transportation Security Administration goes through a rigorous testing and evaluation process, along with certification and accreditation,” the agency said in a statement to The Hill.

“This process ensures information technology security risks are identified and mitigation plans put in place, as necessary,” TSA added. “A majority of the equipment we utilize is not available for sale commercially or to any other entity; the agency regularly uses its own libraries, software and settings.”

The agency said its in-house security technologies were removed from the Rapiscan units before they transported from the nation’s airports. 

The study about the scanners will be presented on Thursday at the USENIX Security conference in San Diego.