Each Rapiscan 522B's code contains a file of all the IDs and passwords of its certified users. If you enter an incorrect password, no problem - the scanners will log you in anyway.
The Rapiscan 522B has another security issue, this one intentional. If you fly often enough, it's likely a TSA officer has looked into your luggage via the scanner and seen a gun nestled among your clothes and toiletries.
The scanners are designed to "test" employees by regularly overlaying images of dangerous items on top of random passengers' bags. TSA agents are expected to flag the items as if they were real weapons; if they fail to do so, they will be reprimanded.
That may sound like a good way to make sure TSA employees are on their toes, but Rios says it also means there's a serious problem with the scanners. The software permits other programs to modify the screen, making it possible for an attacker to cause other things to display on Rapiscan 522B screens.
Rios also found hard-coded usernames and passwords on a device called the Kronos 4500 that the TSA uses to manage employee check-ins. Six thousand Kronos 4500 units were connected to the Internet and could be remotely accessed via backdoors - hidden methods of bypassing normal security - built into the system.
The Kronos 4500 is made in China, Rios noted. The TSA had previously refused to buy a scanner because its light bulb was Chinese-made, but those concerns apparently didn't extend to employee-tracking software, he observed.
Finally, Rios discussed the Itemizer, which looks for traces of hazardous materials on passengers or luggage. The Itemizer also contains backdoor accounts, plus lists of usernames and passwords contained in an easy-to-modify file called config.bin. If config.bin is deleted, all passwords revert to the default.
Rios says he told the TSA six months ago about all the vulnerabilities he'd found, but to his knowledge, the agency hasn't addressed them yet. Instead, he said, the TSA told him its software "cannot be hacked or fooled" and that it "add own software and protections."
The slides of Rios' presentation, entitled "Pulling Back the Curtain on Airport Security: Can a Weapon Get Past the TSA?," are available on the BlackHat website.
Get more from Tom's Guide
Best Antivirus Software 201 Pwnie Awards Celebrate Security Wins and Epic Fails 9 Tips to Stay Safe on Public Wi-Fi This article originally appeared on Toms Guide, a TechMediaNetwork company, copyright 2014. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.