Scanners used by many airports in the United States are riddled with security flaws.
According to security researcher Billy Rios from Qualys, both are used by the Transportation and Security Agency, and TSA accepted the Itemiser 3 was accepted into its testing lab, but it was never qualified for use in the field, according to Infosecurity.
Rios found about 6000 Kronos time clock systems on the internet, but only two belonged to airports. The system in the San Francisco International Airport has been removed, but Rios declined to mention the location of the second unit as it is still available online. The Itemiser, while not directly connected to the web, could be accessed the the internal network.
