Airport security? We have Top Men working on it. Top. Men.LAS VEGAS — Black Hat USA — A Transportation Safety Administration (TSA) system at airport security checkpoints contains default backdoor passwords, and one of the devices running at the San Francisco Airport was sitting on the public Internet.Renowned security researcher Billy Rios, who is director of threat intelligence at Qualys, Wednesday here at Black Hat USA gave details on security weaknesses he discovered in both the Morpho Detection Itemiser 3 trace-explosives and residue detection system, and the Kronos 4500 time clock system used by TSA agents to clock in and out with their fingerprints, which could allow an attacker to easily gain user access to the devices.
Device vendors embed hardcoded passwords for their own maintenance or other technical support.
Sunday, August 10, 2014
TSA checkpoint computer reachable from the Internet
And by "reachable" I mean subject to rubber-gloved probulation: