In response to evolving terrorist threats, including non-metallic explosive devices and weapons, the U.S. TSA has adopted full-body scanners as the primary passenger screening method at nearly 160 airports nationwide at a cost exceeding $1 billion. Although full-body scanners play a critical role in transportation security, they have generated considerable controversy, including claims that the devices are unsafe, violate privacy and civil liberties, and are ineffective. Furthermore, these scanners are complex embedded systems that raise important computer security questions.
Despite such concerns, neither the manufacturers nor the government have disclosed enough technical details to allow for rigorous independent evaluation, on the grounds that such information could benefit attackers, or is a trade secret. To help advance the public debate, we purchased a government-surplus Rapiscan Secure 1000 full-body scanner and performed a detailed security evaluation of its hardware and software.