• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

McDonald’s job app exposes data of 64 Million applicants

 | 

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Hacking
  • Security
  • Hacking airport security systems with a common laptop

Hacking airport security systems with a common laptop

Pierluigi Paganini August 10, 2015

Hackers can compromise airport security networks by using a common laptop, this is the disconcerting discovery of the popular expert Billy Rios.

Cyber security from I-Team investigation revealed that hackers could have the ability to shut down an airport’s security network just using a laptop.

It is embarrassing read that system designed to improve security of the airports could represent the entry point for attackers.

“Walking by these devices and knowing how poorly secure they are, it doesn’t sit well with me,” explained the popular cyber security expert Billy Rios. “It’s pretty bad — probably no thought has been given to cyber security at all.”

In 2013, Billy Rios tested various machines deployed at airports throughout the world discovering numerous security vulnerabilities. The list of machines tested includes an X-ray scanner, an explosives detector, also known as itemiser, and a time clock.

Rios explained that the vulnerabilities affecting the machine could be exploited to access the airport’s network, for example, is discovered very common to discover hard-coded passwords into the software running on these security systems.

“So anyone that knew the username and password, which we know, could just log into the device and get access to an airport network,” said Rios. “It just takes one second to abuse some of the vulnerabilities that we’ve seen.”

The unauthorized access to an X-ray machine could be exploited by a terrorist or a criminal to hide weapons from screeners.

airport security

Rios reported the flaws to the US authorities that prompted the Department of Homeland Security to issue a warning about password vulnerabilities in some explosive detection machines. According to NBCNewYork , Rios has found many other flaws in the itemiser and in the time clocks.

“One machine Rios examined is called the itemiser. The company that makes itemisers says the version Rios bought was only used at foreign airports and the company recently released an update to correct the flaw, it said.

Rios maintains the broader concern continues at domestic airports, where he says he found three time clocks with vulnerable passwords.” states the NBCNewYork.

The company that produces the time clocks have already fixed the flaws and personnel at the airports can now change the passwords.

The most disconcerting aspect of the story is that it is likely that the vulnerabilities discovered by Rios have already been exploited, this is the opinion of the cyber security strategist from Cylance, Jon Miller.

“Now that we have extremists that are gaining these capabilities, they’re going to start using information for other types of attacks we haven’t seen before. It’s going to be a sobering couple of years,” said Miller.

The Cylance firm recently published a report on an Iranian hacking crew, which run a cyber espionage campaign exfiltrating sensitive information from many organizations and environments, including the airports.

“We were following them for 18 to 24 months, but it wasn’t until we started seeing them pull things like emergency response times and information that could put the physical safety of people at harm we knew we had to stop it,” says Miller.

“Anyone who has a copy of the plan on how an airport or any facility responds to an emergency now has a blueprint on how to beat that system,” said Kenneth Honig, a former commanding officer for the police department of the Port Authority of New York and New Jersey.

“Now that it’s been brought out into the open, hopefully they will take steps to fix it, but it will take time.” added Honig, who has 20 years leadership on the force.

Rios urges Transportation Security Administration to adopt more stringent requirements in term of cyber security of the equipment used in any airport.

“The bar is too low,” Rios said. “There will always be security issues, we can’t solve every single security issue, but we shouldn’t have the bar be so low that anybody can hack into these devices. The bar has to be a lot higher.”

Pierluigi Paganini

(Security Affairs – security, airport)


facebook linkedin twitter

airport Billy Rios Hacking security x-ray machine

you might also like

Pierluigi Paganini July 12, 2025
McDonald’s job app exposes data of 64 Million applicants
Read more
Pierluigi Paganini July 11, 2025
U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    McDonald’s job app exposes data of 64 Million applicants

    Hacking / July 12, 2025

    Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

    Uncategorized / July 11, 2025

    U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 11, 2025

    UK NCA arrested four people over M&S, Co-op cyberattacks

    Cyber Crime / July 10, 2025

    PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

    Hacking / July 10, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT