Airport security appears to have a number of vulnerabilities that could affect the safety of air passengers if tech devices used for security scanning were hacked.
According to researcher Billy Rios, the director of vulnerability research at Qualys, there are a myriad of security concerns that the Transportation Security Administration must look into.
His security warning comes after breaches in security at San Jose and San Francisco Bay Area airports by a woman who tried to stowaway on a flight to Hawaii. The issue has sparked regional concerns over the security at airports.
Rios said he found security issues across the board at United States airports, and looked specifically at three different technology devices currently being employed by the TSA for security purposes: X-ray scanners, itemizers and time-tracking devices.
The X-ray scanner has been controversial since its introduction, with many privacy groups arguing that it infringes on a person's right to privacy, but the Transportation Security Administration and other advocates argue it is a simplified and easy manner in which to check to see what a person is carrying. However, Rios argued there are a number of faults in the technology that could allow hackers to get access to information.
"Even if you don't know the right password, you can still gain access to the device," he said. "Once you gain access to the device, you'll be able to get any other user's password."
He said that the software being used for the scanners has an authentication bypass issue as well as other vulnerabilities that could affect safety.
The time-tracking device currently employed by the TSA to track when employees check in and out of work, the Kronos 4500 employee time-tracking system, has a number of issues based on where it was manufactured, Rios said. The system's mainboard is made in China and Rios has been able to find two different backdoor passwords, which could open it up to third parties accessing the information without having proper access.
"Backdoor passwords are pretty common in embedded devices," Rios said. "Manufacturers will hard-code the passwords for technical service and support."
And lastly, Rios pointed to the itemizer -- the swab used to find out if a person is carrying narcotics or if hazardous materials are present -- which have a number of passwords that are also hard-coded and not fully secure.
"Given that these devices run in a security-sensitive area, they should know whether they have some obvious flaws," he said.
Rios hopes that this information will help boost airport security, and inform the TSA's actions. It follows a move by United Airlines to allow mobile scanning of one's passport to streamline the check-in process for international flights, Tech Times reported. While Rios did not talk about such apps, the move toward new technology continues for airline companies, which hope the new technology will reduce the time needed to check in and have all documents submitted to customs.
Still, with Rios' discussion of security flaws, American passengers are likely to feel weary over giving away too much personal data to airlines.
