So if the TSA confiscated your dangerous tube of toothpaste over 3 ounces, or perhaps took possession of another object on the prohibited items list, it’s all “for the safety and security of the traveling public.” Right? Well the answer is no, not so much, especially after seeing a presentation that showed just how easily a person can make a weapon after going through TSA airport security. After two years of research into the effectiveness of airport security, Evan Booth aka “treefort,” founder of Recursive Squirrel Interactive, showed how a person could weaponize everyday objects found in airport shops that are beyond TSA checkpoints.
TSA blogger Bob Burns has the unenviable job of defending the TSA and frequently highlights the “scary” items that TSA agents take away from travelers to keep air travel safe. If a prohibited item were discovered in a carry-on, then it would be confiscated and, in some cases, the person could be fined or arrested. Yet there are lots of people who believe the TSA is nothing but security theater that violates our privacy with pat downs and body scanners. Others have said that the “TSA should stop banning items, stop the ‘unending nightmare’ of USA air travel.” But all the banning, scanning and confiscating is worthless if you can build a makeshift lethal weapon after you’ve successfully passed through TSA security.
Evan Booth is talking about a “seldom-discussed facet of airport security” at Hack in the Box (HITB) security conference in Amsterdam. He also presented Terminal Cornucopia at CarolinaCon as seen in the video embedded below. Booth takes a partly humorous and partly horrifying look at how “a marginally resourceful and MacGyver-esque individual can breeze through terminal gift shops, restaurants, magazine stands and duty-free shops to find everything they need to wage war on an airplane.”
Booth visited stores inside airports, beyond the TSA checkpoints, and with a variety of items available for purchase, then crafted melee and other weapons before explaining terrifying yet plausible attack scenarios. His methodology is as follows: Step 1: Define scope. Step 2: Identify basic attack vectors. Step 3: Research makeshift weaponry (such as those made in prison and perhaps read the Zombie Survival Guide.) Step 4: Identify/collect materials. Step 5: Proof of concept builds.
A part of me hates to go more in-depth about weaponizing everyday items found inside airport gift shops and cafes in case some sicko thinks it is a brilliant idea. If you wonder where a person hell-bent on making a weapon after passing beyond airport security would do so, Booth suggested that a restroom is the perfect workspace. The hand dryer would provide cover noise. There is water and there are power outlets to provide electricity. The baby changing table could double as the workbench.
In build one, Booth combined parts from a double-walled tumbler (a plastic cup from Starbucks), an air drone, and a Zippo lighter to craft a blowgun. In build two, he used magazines, Lady Liberty refrigerator magnets, braided leather belts and Scotch tape to build a martial arts weapon such as on the TSA's banned items list; it failed to puncture a melon on the first try. However, when he altered it by using dental floss instead of the leather strips, the nunchuck-like weapon managed to demolish a coconut. In other builds, he used lighters and umbrella parts to craft a mix between a slingshot and a crossbow, a crossbow, and a spiked bat with a pointy Washington Monument metal pencil sharpener at the tip.
You might never look at Zippo lighters, disposable lighters, a drone and tape the same again after watching Booth harvest parts and basically turn them into a bomb. His receiver and transmitter communicated via infrared light for line-of-sight, but Booth said that a Parrott AR.Drone, such as is sold at the airport Brookstone store, is controlled through a smartphone over Wi-Fi. He then discussed other possible weapons that could be built from store purchases beyond airport security checkpoints like a Taser, a tossable fireball and a shiv. Next, Booth gave three “plausible attacks” scenarios that ranged from getting into the cockpit, to causing a fire that was triggered to detonate via smartphone. He ended his presentation with “Have a safe flight home.”
Booth told Nu.nl that he was annoyed by how much money has been dumped into airport security such as with body scanners that violate privacy and appear not to work. To avoid problems with the authorities, Booth contacted them and offered to demonstrate his research. No one bothered to reply to him.
Because modifying items that can be purchased past airport security into weapons for use on a plane is unlikely to have occurred to most of us, Booth’s talk was perhaps scarier than the one at Def Con 20 about how hackers can inject ghost airplanes in radar. Yet there may be one even more alarming at HITB 2013; Hugo Teso will present Aircraft Hacking: Practical Aero Series and will demonstrate “how to remotely attack and take full control of an aircraft.” If you are interested, you can read the article: Hacker uses an Android to remotely attack and hijack an airplane.