Slow Down TSA Lynch Mob: That Naked Scanner Expose Video Is Exaggerated & Old News
from the be-real dept
So, a video made by a TSA-critic and blogger named Jonathan Corbett has been making the viral video rounds, supposedly showing how “anyone can get anything past the TSA’s scanners.” Now, I’ve been a huge critic of the TSA’s scanners and the TSA itself. I think the entire security process is a joke and a form of security theater. I think the naked scanners are a huge waste of taxpayer money and potentially dangerous. But… I’m somewhat surprised at how quickly people just believed what was said in Corbett’s video. You can watch the video here:
The images are very sensitive to the presence of large pieces of high Z material, e. g., iron, but unless the spatial resolution is good, thin wires will be missed because of partial volume effects. It is also easy to see that an object such as a wire or a box- cutter blade, taped to the side of the body, or even a small gun in the same location, will be invisible. While there are technical means to mildly increase the conspicuity of a thick object in air, they are ineffective for thin objects such as blades when they are aligned close to the beam direction.
In other words, strap a knife to your side, and perhaps the machine won’t spot it. We heard that years ago. So, nothing new here.
Plus, I’m pretty sure that the machines now take images from multiple angles, which would rule out this vulnerability. On top of that, Corbett bases his claim on a couple of sample images that are black and white — and uses that to claim that a black object on your side will not show up against the black background. Once again, I’m pretty sure his info is now completely out of date. The TSA has been upgrading the scanners so they no longer show the “nude” picture. Just last month we showed an image of what the new machines show:
Now, it is true that Corbett was able to get through the machines with a metallic box in his side pocket, and that’s his proof. He does this twice. While, again, I’m not impressed by the machines, I don’t think this is “proof” in the sense that Corbett believes. First of all, official tests show that there’s a ridiculously high error rate with these machines — they let through “bad stuff” all the time. So, I agree with Corbett that the machines are a complete waste and should be done away with, but I don’t think one guy going through the scanners twice without getting stopped for a little metallic box in his pocket… is absolute proof that anyone can get through without getting stopped.
Of course, it seems worth pointing out that a metal box is not a dangerous object, and the point of the machines (so we’re told) is to stop threatening objects from getting through — not just metallic objects. So it’s possible that the TSA agents saw this thing in his pocket and immediately saw that it wasn’t something dangerous. Corbett’s test was whether or not the scanners detect metal. But they’re not metal detectors, so the test itself is flawed.
So, while I don’t agree with the TSA’s response to this video in which “Blogger Bob” somewhat angrily snaps back about how important TSA scanning is, I don’t think Corbett’s claims are that convincing and I’m surprised at how much press it’s been generating. Yes, the scanners are probably pointless, and it’s all security theater, but that doesn’t mean we should all stop thinking through the details on videos that potentially show some weaknesses in these machines.
Filed Under: defeat, jonathan corbett, naked, scanner, security, security theater, tsa
Comments on “Slow Down TSA Lynch Mob: That Naked Scanner Expose Video Is Exaggerated & Old News”
It wasn't the sewing kit...
The sewing kit was just what he bought to supply his “nefarious plot”, what he used to sew the extra pocket to the side of this shirt. The “dangerous object” was the metal box he smuggled through security.
Although I had much the same reaction: let him try sneaking a gun, knife, or cupcake in his side pocket and see how far he gets.
I doubt a would-be terrorist would be bold enough to try to exploit this vulnerability
I think the TSA is probably unlikely to miss something at your side. In PDX last week, they double checked a bit of fabric on my outdoorsy pants side that was just 3 thin empty pockets stacked up–about three layers of pocket-liner fabric thicker than the rest of the pants.
It’s a matter of tricking the leprechauns inside the machines. Easy.
The problematic part is to trick the unicorns in TSA backstage. They’ll smell dangerous cupcakes miles away.
So it’s possible that the TSA agents saw this thing in his pocket and immediately saw that it wasn’t something dangerous.
You give the TSA far too much credit. lol
It wasn't the sewing kit...
The sewing kit was just what he bought to supply his “nefarious plot”, what he used to sew the extra pocket to the side of this shirt. The “dangerous object” was the metal box he smuggled through security.
Oops.. fixing.
Re:
Damn, you beat me to the punch, I was just going to comment on that myself. Given all the paranoia that the TSA shows on a daily basis (pat-downs of six year olds?), I highly doubt that this guy went through the detector and the TSA agent saw the sewing kit on his screen and actually determined that it was safe. No, the MO for a TSA agent is anything that seems the least bit suspicious must obvisouly be a terrorist threat.
“Plus, I’m pretty sure that the machines now take images from multiple angles,”
False. Imaging doesn’t work this way. Not.at.all.
You may notice a 3-D rendering of the MMW images, now masked by the “gumby” software.
However, imaging can only take pictures in planes, and then render a 3-D image. Look closely at the 3-D images from MMW scanners, the sides are black. It’s a trick of the eye.
The sides of an individual are invisible to all of these machines. All of them.
Re:
Like colostomy bags, breast implants, cupcakes, formula, water, toothpaste, lighters, nail clippers…
I suspect if depriving somebody of an item represents a loss of dignity of any sort, then the item represents a “terrorist” threat and must be confiscated.
Getting through twice is enough to prove the point
If the scanners were even 95% percent effective, what are the odds he could get through twice? And it doesn’t matter that the metal box was empty, it is opaque to x-rays and could have been anything or contained anything.
The machines don’t have to be 100% ineffective to be fatally flawed, and I think he’s met the burden of proof to show that at least some models are fatally flawed.
And if you know the machines take images from multiple angles, I’d prefer a citation rather than an “I’m pretty sure”.
How hard is it to just go through the damn TSA checkpoint without complaining? I do it at least a dozen times a year, and I’ve never had a single problem. If you don’t like the scanners then just have a pat down. Let me break it down for you since there seem to be so many people incapable of doing what’s necessary to protect fellow passengers and the safety of the nation:
1) Go to the security line with ticket and ID in hand, shoes untied, items collected, laptop ready to be removed, etc…
2) Tell security you’re opting out of the scan
3) Let them pat you down, but while doing so remember to make all the proper statements, such as “Come to this airport often?”, “You know I normally have to pay for this”, etc…
Almost ;)
The vulnerability in the article you described is actually a different vulnerability. Imagine looking at a big knife that was laying flat on a table. It’s easy to see the blade. Then, imagine rotating that knife 90 degrees such that the sharp edge of the blade were facing you. Now, the blade is taking up MUCH less of your vision — perhaps 1% of the space it formerly took up. That’s the exploit you described.
The exploit I put out is different. The idea is that the scanner can’t tell the difference between a metal object on your side and the wall of the scanner (or empty space). The body scanners are only able to detect metal when metal is against your body and contrasts with your body. Out on the side, there is no contrast, and they are invisible.
I’m certainly not claiming this is rocket science. But this *is* what happens when you try security through obscurity: the obvious exploits aren’t necessarily detected until years and $1B later. The TSA is (and all of us are) lucky that they were forced to confront it now rather than by a terrorist who uses it to kill Americans.
–Jon
Still taking nakey images......
Actually, if you read any of the technical documentation for the updated scanners, they still capture nakey pics of everyone.
The only change is that they no longer display the actual image on the monitor that’s out in the open. It’s still captured, it’s still stored, and if they’ve gotten what they asked for in the last request for production the new machines are capable of transmitting the actual (not gumby) image across the network to another location.
Re:
That’s a really pathetic response.
It’s not that people don’t want airport security: we do!
The TSA is an exercise in compliance. I’m glad you figured out how to do it.
Just because this is not new doesn’t mean the TSA lynch mob is not deserved. Anything that incites a TSA lynch mob is a good thing.
PS The ATR (think that’s right, automated target recognition, going by memory not search) in your example pic only works on the millimeter wave machines. And it certainly works by processing the original output, which would still suffer from the original contrast problems. A new way of presenting the results doesn’t change how the machine works!
It should be pointed out that the metal box in his pocket normally would set off the metal detectors that he would have to go through BEFORE the scanner. As such, his point is a little, umm, less than honest.
“So many people incapable of doing what’s necessary to protect fellow passengers and the safety of the nation”
That would be the TSA brass and others who make up this theater that you so willingly submit to at the airport. The fact that you think these processes protect you or anyone in a significant way is part of the problem.
Not true. They don’t typically do both when they’re running the AIT scanners. If you go through the backscatter or millimeter, that’s typically it. No metal detector. I’ve not seen a checkpoint where they sent someone through both.
.32 ACP isn't dangerous. Is it?
Coworker of mine accidentally left about 6 rounds of .32 ACP ammo in a coat pocket (for a C&C gun). He got through TSA not once, but twice.
His wife was accosted for having a BMW key that flips out of the holder with a rounded edge.
I was almost arrested for trying to bring toothpaste with me. TOOTHPASTE!
I doubt a would-be terrorist would be bold enough to try to exploit this vulnerability
Might I just point out a stupid thing with all this. So they are trying to stop someone from getting on a plane and killing few hundred people with a bomb or what have you. So they start the security checks.
You ever look around when in these lines? Hundreds of people standing packed in like sardines waiting to pass through this security bottleneck. If a terrorist really wanted to do something they could just put bomb in a carry on bag and set it off when they are midway though the line with everyone else all packed up tight waiting to get through.
Re:
It should be pointed out that the metal box in his pocket normally would set off the metal detectors that he would have to go through BEFORE the scanner. As such, his point is a little, umm, less than honest.
Do you travel? If you go through the scanners, you DON’T go through the metal detectors.
Re:
I find you funny, you think the bitching is because its just a hassle (and i fly much much more than you)… its because for all the money, time, and headaches, it hasn’t stopped one damn thing, or made anyone any damn safer… its just an excuse to get sheeple (like your funny self) to conform to be good little sheeple and take the pain/cost/humiliations with out crying…
Re:
False. Imaging doesn’t work this way. Not.at.all.
A single image doesn’t. Multiple images is what I was talking about.
However, imaging can only take pictures in planes, and then render a 3-D image. Look closely at the 3-D images from MMW scanners, the sides are black. It’s a trick of the eye.
I’m not arguing that a single scan does it. I’m saying that it takes multiple images from different angles.
The sides of an individual are invisible to all of these machines. All of them.
I really don’t think that’s true.
I’m sure the machines can be fooled, but I don’t think you’ll have much luck if you think this trick will always work.
Almost ;)
“I’m certainly not claiming this is rocket science. But this *is* what happens when you try security through obscurity: the obvious exploits aren’t necessarily detected until years and $1B later.”
This is a valid point. Its easy for a team of scientists/engineers to come up with a system they can not beat. However it usually takes about 15 minutes in the real world before someone else finds a way around it.
Case in point would be the bored 15 year old Scandinavian who cracked DVD protection in an afternoon after the studios spent year and 10s of millions implementing it.
Almost ;)
The exploit I put out is different. The idea is that the scanner can’t tell the difference between a metal object on your side and the wall of the scanner (or empty space). The body scanners are only able to detect metal when metal is against your body and contrasts with your body. Out on the side, there is no contrast, and they are invisible.
I don’t think the exploit is that different, and I’m not convinced that the exploit you explain really works as well as you suggest it does. You getting through twice is hardly proof.
Re:
I’m sorry but why should I be ok with someone grabbing my junk? If someone walked up on the street and gave me one of the TSA pat downs they could be thrown in jail and charged with sexual assault.
As far as I'm concerned...
Any bad publicity for the TSA is good for us.
I think the lynch mob can continue… Just because this particular video is mostly hyperbole doesn’t mean these shenanigans should continue.
Almost ;)
Again, Mike, you may understand tech, you clearly do NOT understand imaging.
Imaging does not work in the way you suggest.
Jon is correct. I work with imaging. An object on the side of the subject will not bounce the x-rays back to the reader in the way human flesh will. Any item on the side of a body is invisible to these machines.
Almost ;)
You’re certainly entitled to your opinion, Mike. 🙂
Re:
Careful, you’ll wake them!
Re:
I’m glad you “think” it to be true.
Physics says otherwise.
Both varieties, backscatter and MMW, take their views from the front and back plane of the subject. Even on the MMW with its fancy swing around arms, only goes to approximately 45-degrees past the subject. Watch any of these machines in motion. The sides are not captured, and therefore cannot be analyzed.
I don’t “think” it to be true, I work with imaging every day. I know it to be scientific fact.
Re:
It’s necessary to protect fellow passengers and the safety of the nation? Well in that case I suppose your right, if it’s for a good cause checking my rights at the ticket counter before I proceed through security is fine.
Re:
another part of the problem is it costs the american tax payer a crap ton of money to run for little to no benefit.
I doubt a would-be terrorist would be bold enough to try to exploit this vulnerability
Been saying this for years, just think of the effect of shutting down an International Hub after detonating a bomb in the security area… as much as I’m not a fan of the state of Israel the security there does seem to make more sense than anywhere else, they watch you from the moment you park your car all the way through to boarding the plane.
Physics
Actually silencedogood, you are wrong. The MMW machines rotate far enough around that they can see objects on the sides of the body. And the backscatter machines don’t just use backscatter, they also use a transmission image, which can’t penetrate the body, but which makes it easy to see high-Z materials on the edges of the body that block the x-rays. As mike said, this is a well understood limitation of the basic system configurations, and is something the designers had to fix before TSA deployment.
Even if this is a case of overhype, and we will never actually get an answer because making it all secret is the best way to handle security, It is possible that the TSA response of Blogger Bob getting cranky anyone question their authority and then the follow up of journalists getting the strong impression they shouldn’t cover the story at all is not helping…
http://boingboing.net/2012/03/08/tsa-body-scanner-guy-says-tsa.html
Re:
I found something in the boingboing comments that is a little more worrying.
http://www.popehat.com/2012/03/08/in-which-i-strongly-caution-the-tsa-to-snort-my-taint-and-probably-get-on-the-no-fly-list/
The blogger wrote to someone named as speaking to reporters on behalf of TSA. They did indeed work for TSA.
The response…
“Any guidance provided is to caution reporters not to generalize that our technology doesn’t work or print something without all the facts, based on an inconclusive YouTube video.”
Should the TSA be giving “guidance” to reporters?
Funny to hear someone from TSA talking about facts as they-
are lacking many of them about how their tech works
any dangers from it
how their staff behaves
how their staff steals
how their staff shakes down people for cash to jump the line
how their staff go after pretty girls
how their staff “searches” people outside of checkpoints
and several other incidents they have always claimed didn’t happen or were isolated incidents… until it happened so many times they couldn’t cover it up anymore.
I’m not sure this YouTube video is correct or not, but the fact TSA wants to hide behind the “we can’t reveal anything, it would help the enemy” excuses is really worrying. They could have simply made a video duplicating the original setup and debunked it… it worries me they just want to say its wrong, we fixed it now, trust us.
Re:
I go through airport security a lot and I either go through a metal detector or the backscatter type machines, never both. So what you are saying is false.
Re:
My experience has been that many airports will have you do both, with the metal detector being sort of a “pre-scan”.
Perhaps not in all cases, but I have seen it done.
A well timed attack on scanners
“I’m pretty sure…”
Not exactly sure, are you? Corbett passed through two scanners at two different airports. The experiment was designed to foil the first – the backscatter scanner which everyone knows cannot scan the sides of the body.
The second was an L3 Millimeter Wave scanner which rotates around the body and uses Automatic Threat Detection software. It was in use instead of a traditional metal detector arch. The German transport police called the tech “useless” after trials which gave an 80% false alarm rate.
A metal detector arch would have detected the metal box in both cases.
The video is pertinent especially as, despite German trials, the TSA keeps on buying this charlatan machinery, the UK is continuing trials with it and Australia has just announced its intention to use the technology and even make it compulsory.
It seems Corbett was telling you what you already knew, but what the US, UK and Australian governments had already forgotten.
“A metal box is not a dangerous object, and the point of the machines (so we’re told) is to stop threatening objects from getting through — not just metallic objects.”
He could have put a knife inside the box, which reflects x-rays. That’s why he chose to smuggle a box through. Please use your brain before writing an article.
Physics
And yet, with the fix you claim was made, they missed items on the side of the body anyway.
It’s obvious you have a misunderstanding both of how imaging, and these machines, work. We can play the “No, you’re wrong!” game all day.
The simple fact of the matter is that the MMW arms do not swing around to the sides of the body, and the backscatter machines use ionizing radiation to “bounce” or backscatter back to create an image.
I know everyone is impressed by the 3-D image. It’s a rendering, not what the machine sees. The machine assumes the shape, it doesn’t capture it.
Re:
Completely wrong. At every airport I’ve been to, you don’t go through the metal detector if you choose the scanner.