Skip to main content

Can you hack a security checkpoint metal detector? Yeah, we already did.

To get straight to the point - walkthrough metal detectors are a security technology to attempt to detect and thus remove weapons and dangerous items from individuals to make a safe space. What if they were much more fallible than expected? 

I'm not here to fear-monger either - these problems are preventable with proper use and changed in guidelines. Like many security controls, their exploitation is commonly due to those who implement and monitor them. However, in order to create these changes, more proof-of-concepts and solutions need to be tested. We already have a few to start. 

The walkthrough metal detector (WTMD) research was not my original idea. It started out of research projects from PHSI and another Garrett 6500i was donated to our lab. This machine was not ours and we did not have permission to modify or conduct digital attacks on the detector. We were supposed to use physical modifications to hide or modify the results of the screening. 

One colleague in particular Pat Glass created a wooden rig that would allow student researchers to test passing items through the detector consistently and accurately. PHSI students tested common suggestions and ideas on getting pass the detector. They tried wrapping items in Mylar, changing the item's surface area, and other tricks to get the metal detector to create a false negative. More information about that research can be watched in my GrrCon talk. Thank you to the researcher who named that metal detector Mr. Den City - Katie

So here's the general plan for evaluating this technology:

Done
  • Test materials on person to create false negative ✓
  • Change properties on items passing through to create false negative ✓
  • Attempt to incorrectly screen resulting in false negatives ✓
  • Attempt to incorrect screen resulting in a false positives ?
  • Audit common guidelines expected results to tested outcomes ✓
    • When venues set their WTMD levels, are the capturing the results they are expecting?
      • spoiler: not really. 
In-Progress
  • Attempt material changes resulting in false positive
  • Re-evaluate original threatening materials versus newer threatening materials and access proper WTMD levels
    • What levels should they be in order to detect what we originally thought was dangerous, and what we now evaluate to be dangerous in 2020?
Future Work
I'm obligated in the interest of PHSI to redact a few details. 
  • Re-test and document the previous work and complete the in-progress work
  • Access other avenues of intentional false positives
  • Get a second WTMD 6500i
  • Install the module typically in use at venues and security checkpoints which utilize multiple WTMDs together. 
  • Access the vulnerabilities associated with multiple WTMD use.
    • This does not refer to the human error associated with Lane Consistency that I wrote about in my thesis. This is a technology centered inquiry. 
      Someone once told me that your Master's thesis will be your worst work, and goodness is that the case for me. When I get my first prof appointment I'll re-work and update it. Anyway...
  • A couple of surprises
    • hint: there's a local area network here

I hope this has answered a couple questions or at least has a few people interested in the project! I'll do my best to share updates as they come up there. 

Comments

Popular posts from this blog

How to Wardrive: Know where to go

Inspired by others, and my goal of getting a golden WiGLE badge, I went wardriving for my birthday. I was hoping for 50k, and I ended up with just over 61k. I'm less than 80k away from my goal! But how do you pick a place to wardrive, and how do you actually do  it? The easiest way is to download WiGLE on an android phone, get some transportation, and be set on your way. But if you want more detail or some tips, keep reading.  Avon Lady Method : Find a city within reasonable distance of travel Examine the results for the past few years of the area; do not use the overall coverage of all time.  Verify if the city is desirable for wardriving Little coverage in the past few years Most residential areas are not covered Use maps to search and define high density residential areas (i.e. apartments, town homes).  Create an order that allows for little overlapping and in a convenient driving pattern. Use landmarks around the city to define the internal roads Wardrive Profit ("internet

2021 & 2022 Resolutions

 I am not into the whole "New Year, New Me" thing 2022 is going to make 2020 look like a baby. Last year, I made a post about my resolutions and goals for the year, and I thought now would be a great time to update on that. Let's revisit my resolutions from last year: 2021 1) Meatless Mondays 2) No Candy Wednesdays 3) Submit to WiGLE every month (almost!) 4) ... and the Grand Finale: Make an optimized trip half-way across the country in my truck! So I didn't do a great job. I had some other resolutions that I didn't post, and I also didn't do so great on those. I almost summitted to WiGLE every month, but I missed October and November. Similarly, I had a resolution to post to my blog once a month, and I almost made it, except I missed the last two posts. Hopefully, I will make this up by writing posts and back-dating them, so I would at least have completed the goal.  Resolutions I think my goals failed for various reasons. I didn't make realistic goals fo

The problem with sensing finger magnets

 Okay, I have to make this post quick, but the second part will be way worth the payoff. October 3rd I'm having one of my sensing magnets taken out that I've had for about 5 years; since Nov 2016. It's clearly rejected and when I tried to make the situation better, I made it worse.  In previous posts or tweets, I've mentioned I had a method to re-stimulate the magnet. Do not attempt. It's likely the reason it's now rejected after so many years.  Biohacking comes with a lot of risk, especially if you're afraid of needles and knives, but the benefits outweight the risks. I loved having a strong magnetic sense with both of the magnets. I love the honor I've had to have them all this time. But now it's painful to use my finger and there's a large black bulge where the magnet wants to exit my finger.  Some questions I have before cutting open: 1. How am I going to numb my finger? What method will work? 2. Is the coating or silicone broken? Any risk of