Security: Airport: August 2010 Archives


August 18, 2010

I flew through Amsterdam on the way back from IETF Maastricht and got the opportunity—well, maybe opportunity isn't quite the right word, since I think it was mandatory—to try out the new body scanners they've installed at Schiphol. (My understanding is that they're millimeter wave, but they could be backscatter x-ray.) Anyway, it's pretty straightforward: you walk into the portal, hold your hands up in a goofy position for 5-10 seconds, and then walk on through.

I did get to see what it is the security screeners see on their display for few seconds. Looks like the public reports were right and they really don't get to see much. The display was maybe 8" diagonal with a sort of stylized figure (including hair, so either it's someone else or it's really stylized) with boxes that apparently indicate stuff that was detected. As I understand it, what's going on here is that the real image is shown somewhere else and then some screener elsewhere points out the regions of interest for local handling.

Here's something I've been wondering about: how are those signals transmitted to/from the screening room? Is it wireless or wired? If wireless, what's the security? If wired, do the cables run through an area that's potentially user-accessible. Interestingly, I didn't walk through the magnetometer, which means that the scanner is the sole line of defense for anything you carry on your body. An attacker who could control this network could, it seems to me, suppress warnings from the remote screener and walk through carrying anything he wanted. (They don't really do a complete pat down in many cases.) Another possibility would be to remotely subvert either the screening consoles or the scanner itself. There's sure to be plenty of software in both. Finally—even with a wired network—would be to monitor RF emissions off that network, constituting a privacy threat.

Anyone want to loan me a scanner?