TSA Checkpoint Systems Found Exposed On The Net by Kelly Jackson Higgins.
From the post:
A Transportation Safety Administration (TSA) system at airport security checkpoints contains default backdoor passwords, and one of the devices running at the San Francisco Airport was sitting on the public Internet.
Renowned security researcher Billy Rios, who is director of threat intelligence at Qualys, Wednesday here at Black Hat USA gave details on security weaknesses he discovered in both the Morpho Detection Itemiser 3 trace-explosives and residue detection system, and the Kronos 4500 time clock system used by TSA agents to clock in and out with their fingerprints, which could allow an attacker to easily gain user access to the devices.
Device vendors embed hardcoded passwords for their own maintenance or other technical support.
Kelly has a great write-up of the research by Rios which covers enough details to make you curious, if not actively interested in the reported flaws. 😉
I don’t travel any more but I would not be overly worried about complex security hacks as threats to airport security. Airline personnel get busted on a regular basis for smuggling drugs. Social engineering is far easier, cheaper and more reliable than digital system hacks for mischief.
The hardcoded passwords makes me think that a monthly bulletin of default/hardcoded passwords would be another commercially viable publication.