/ / /

TSA Machines are Vulnerable to Very Stupid Hacking Tricks

August 7, 2014 at 5:23 PM | by | ()

You've probably heard about the Internet of Things: the idea that everything you own is going to be online. Your fridge will be able to talk to your car will be able to talk to your pacemaker.

You also may have heard that it's going to be a total cyber-security disaster. Today's hackers are able to get into your laptop or desktop. Tomorrow's hackers will be able - by definition - to get into everything. Right now they're able to damage your data. In the future they'll be able to damage actually existing things in the real world. Unless you're very, very, very careful, putting any device online could get you very easily hacked.

Now, knowing what you know, how likely do you think it is that TSA is using machines that are easily hacked?

If you answered anything less than 100%, you must be new here.

The annual Black Hat conference of uber hackers is going on right now. A few years ago they featured a hotel lock hack that actually got exploited in the real world. This year there was a presentation [PDF] all about why TSA sucks. It goes on for 72 slides. At the beginning there's a nice slide comparing the agency's airport security budget vs. "one guy, no budget, and a laptop." So that's depressing.

It turns out - among other things - that the agency is using multiple different machines that have hard-coded default passwords, which are functional back doors that anyone can use to enter. And once a hacker is inside, they can hop around inside TSA's network. Said the researcher: "The most important thing for people to take away is if the device is connected to the Internet and to another network, which is extremely common, you basically have a bridge."

Why can't they do literally anything right?

[Photo: Billy Rios, Director of Threat Intelligence / Qualys]

Archived Comments: