Could a hacker manipulate an airport x-ray machine into masking weapons or contraband in carry-on luggage? According to security researchers Billy Rios and Terry McCorkle, the answer is yes.
Wired reports that the researchers found a threat-simulation feature in x-ray machines, similar to those used in airports, could backfire. The feature is designed to train x-ray operators and to periodically test their proficiency at spotting contraband – it allows supervisors to superimpose a chose image of a banned item onto the screen of any baggage system in the airport.
A hacker, on the other hand, could use that capability to superimpose a harmless image – socks, for example – over a weapon or explosive device, the article says. The attacker could also direct the system to superimpose weapons or other contraband onto the x-ray images of clean bags to disrupt passenger screening.
The attacker would need access to a supervisor’s machine, however, and knowledge of a supervisor’s login credentials, but the password screen could be subverted through a simple SQL injection attack.