Researchers are delivering a paper at a security conference Thursday highlighting how easy it is to get weapons through the nude body scanners that have been removed from US airports but have been placed at other government installations across the globe.

The report, given at the Usenix Security Symposium in San Diego, highlights the insecurity of the Rapiscan Secure 1000 Single Pose "backscatter" scanner that once was used throughout the nation's airports but are now deployed at US prisons and courthouses, as well as airports in Africa. The paper, "Security Analysis of a Full-Body Scanner," from researchers at the University of California-San Diego, University of Michigan, and Johns Hopkins University, confirms what even laymen researchers had already discovered: hiding weapons on the side of one's body defeats the machine (PDF).

We performed several trials to test different placement and attachment strategies. In the end, we achieved excellent results with two approaches: carefully affixing the pistol to the outside of the leg just above the knee using tape, and sewing it inside the pant leg near the same location. Front and back scans for both methods are shown in Figure 4. In each case, the pistol is invisible against the dark background, and the attachment method leaves no other indication of the weapon’s presence.

In 2012, a Florida man said he filmed himself going through two different US airport security checkpoints using virtually the same method and got metal objects through the scanners undetected. The TSA responded that the "machines are safe."

Jonathan Corbett, the Florida man who is suing the TSA over the scanners, said at the time that if people thought his story wasn't believable, they should "try it."

The university researchers took him up on his challenge, buying one on eBay for $49,500 in 2012.

"What does this say about how these scanners were tested and acquired in the first place?" asked one of the study's co-authors, J. Alex Halderman, of the University of Michigan. "It says there’s something wrong with the government’s process.”

The university report, advanced copies of which were provided to the TSA and Rapiscan, also said that the explosive C-4 and human flesh look the same on a backscatter scanner:

These scans indicate that plastic explosives can be smuggled through a Secure 1000 screening, since thin pancakes of these materials do not contrast strongly with flesh. While a metal detector would have been sufficient to detect the detonator we used, not all detonators have significant metal components.

The TSA discontinued using the $180,000 Rapiscan machines because the company was unable to upgrade its software to block the machine from showing a nude image of passengers. Other scanners produced by L-3 Communications, however, were able to conform with the revised TSA specifications that were adopted in the wake of a public outcry over the nude scanners. The L-3 machines now display a generic outline of the human body.

Listing image by Security Analysis of a Full-Body Scanner