HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Network Security / TSA Devices Vulnerable to Hackers
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
TSA Airport Security Devices Vulnerable to Hackers
TSA Airport Security Devices Vulnerable to Hackers
By Robert Faturechi Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
11
2014


Airport security has become far more advanced in the last decade, but according to the findings of one security researcher, the technology being used to protect travelers is still dangerously vulnerable to hackers.

On his own time, Billy Rios of Qualys Security said he purchased some of the hardware and software used by the Transportation Security Administration.

At a talk at this year's Black Hat conference in Las Vegas, he revealed details about several vulnerabilities he was able to find, most notably in the device entrusted to detect trace levels of drugs and explosives.

The machine, the Morpho Itemiser, is set up so that the technician level password is hardcoded in.

It's a common practice for a range of devices, one aimed at making it easier for technicians to get in and do maintenance, but it's become taboo among security advocates because it also makes it easier for machines to be hacked.

Rios said the security weakness allows the machine to be reverse-engineered, so a hacker can log in and wreak havoc.

"If you're a super user you can do whatever you want," he said.

The device, Rios said, is set up so that it can be designated to detect certain drugs or explosive devices. Rios said one thing a hacker could have done is remove one or two items from the list, so the removed substances could pass through security.

One route into the machine, Rios said, might be through the organization's Internet-connected payroll system.

The manufacturer of the Itemiser, Morpho, sent a representative to Rios' session to defend the product. The company said it will be releasing an upgrade by year's end to patch the identified vulnerability. "Morpho Detection takes the security of its products and its customers very seriously," the statement read.

But the company said the version TSA uses does not have the vulnerability. Rios said the TSA has used the version he hacked in the past, and he worries the current version might have similar problems.

His findings, he said, show TSA is not properly vetting the products it uses for security.

He described himself as "one guy...no budget ...and a laptop."

"What that means is anyone can do this," he said.



© 2014 Los Angeles Times (CA) under contract with NewsEdge. All rights reserved.
 

Tell Us What You Think
Comment:

Name:

anon y. mouse:

Posted: 2014-08-12 @ 5:15am PT
The machines are NOT connected to the web. Only checkpoint personnel and known technicians have access. Let's keep the facts straight.

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN NETWORK SECURITY

NETWORK SECURITY SPOTLIGHT
If you're a Google Gmail user, it's bad news. About 5 million Gmail addresses and plain text passwords were leaked to an online forum on Tuesday. The good news: the data is old, but better security is still needed.

ENTERPRISE HARDWARE SPOTLIGHT
The tech giant is expanding its cloud solutions which promise secure access to enterprise phone, email, and storage apps. The latest addition to the Dell Mobile Workspace involves Vonage and MS Office 365.

MOBILE TECHNOLOGY SPOTLIGHT
The world's highest-capacity SD card is being offered by SanDisk, 512 gigabytes of flash storage aimed at professionals shooting 4K Ultra HD video or high-speed burst mode photography. Price: $800.

Product Information and Resources for Technology You Can Use To Boost Your Business

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.