| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the airport scanners occurred again at the same organization, Rapiscan, with their Secure 1000 full-body scanner. Researchers found that the scanner's software could be hacked to present images at certain angles or cover up certain sections of the body, making it possible to conceal forbidden items undetectably [28957].
(b) The software failure incident also happened at multiple organizations as the scanners are still in operation at government facilities such as prisons, as well as airports in Rwanda, Tanzania, and Kenya, even after the Transportation Safety Administration stopped using them due to public outcry [28957]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the case of the Rapiscan full-body scanner mentioned in Article 28957. Researchers found that the scanner's software could be hacked to present images at certain angles or cover up certain sections of the body in ways that would be undetectable. This design flaw allowed for the potential manipulation of the scanning process, compromising its effectiveness in detecting concealed weapons [28957].
(b) The software failure incident related to the operation phase is evident in the use of the Rapiscan full-body scanner despite its vulnerabilities. The scanners were still in operation at some government facilities and airports in Rwanda, Tanzania, and Kenya, even after the Transportation Safety Administration stopped using them due to public outcry. This continued operation of the flawed system highlights the risks associated with the misuse or continued use of technology that has been shown to have significant design flaws [28957]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident related to the airport scanners was primarily due to vulnerabilities within the system itself. Researchers found that the Rapiscan full-body scanner's software could be hacked to present images at certain angles or cover up certain sections of the body in ways that would be undetectable [28957]. Additionally, the study's authors criticized the TSA's process for evaluating the technology, suggesting that the machines were tested without an adversarial mindset, allowing for potential bypassing of security measures by attackers [28957].
(b) outside_system: The software failure incident was also influenced by factors outside the system. The article mentions that the scanners were still in operation at some government facilities and airports in Rwanda, Tanzania, and Kenya, indicating that external decisions and policies regarding the continued use of the technology played a role in the failure incident [28957]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident related to non-human actions in this case involves the Rapiscan full-body scanner's software being susceptible to being hacked to present images at certain angles or to cover up certain sections of the body in undetectable ways. Researchers found that the scanner's software can be fooled by covering forbidden items with plastic sheets and under clothing, indicating a vulnerability in the software itself [28957].
(b) The software failure incident related to human actions is evident in the researchers' statement that the machines were tested without an adversarial mindset, implying that the testing did not consider how an attacker would adapt to the techniques being used. This lack of thorough evaluation and consideration of potential attack scenarios by humans during the testing phase contributed to the vulnerability of the scanner software [28957]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident related to hardware:
The article reports on a software failure incident related to airport scanners, specifically the Rapiscan full-body scanner. Researchers found that the scanners failed to detect concealed weapons, indicating a hardware-related failure as the scanners were not functioning as intended despite being hardware devices [28957].
(b) The software failure incident related to software:
The same article also mentions that the researchers found the scanner's software could be hacked to present images at certain angles or cover up certain sections of the body in undetectable ways. This indicates a software-related failure where the software of the scanner was vulnerable to manipulation and exploitation [28957]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the articles is related to a malicious objective. Researchers found that the Rapiscan full-body scanner's software can be hacked to present images at certain angles or cover up certain sections of the body in ways that would be undetectable. This manipulation of the software could allow individuals to conceal forbidden items such as weapons, bypassing the scanner's intended security measures [28957]. Additionally, the researchers highlighted that with access to the machine to test their attacks, attackers could render the scanner's ability to detect contraband virtually useless, indicating a malicious intent to exploit the system's vulnerabilities [28957]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident related to poor_decisions:
- The article reports that the Rapiscan full-body scanner's software can be hacked to present images at certain angles or to cover up certain sections of the body in ways that would be undetectable [28957].
- The study's lead author mentioned that the machines were tested in secret without an adversarial mindset, which allowed for vulnerabilities to be exploited by attackers with a bit of cleverness [28957].
(b) The intent of the software failure incident related to accidental_decisions:
- There is no specific mention in the article about the software failure incident being due to accidental decisions or unintended mistakes. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident related to development incompetence is evident in the case of the Rapiscan full-body scanner mentioned in Article 28957. Researchers found that the scanner's software could be hacked to present images at certain angles or cover up certain sections of the body in ways that would be undetectable. This flaw in the software's design and implementation showcases a lack of professional competence in ensuring the security and effectiveness of the technology [28957].
(b) The software failure incident related to accidental factors is demonstrated by the researchers' discovery that the Rapiscan full-body scanner could be fooled by covering forbidden items with plastic sheets and under clothing. This unintended vulnerability in the software's functionality allowed for concealed weapons to go undetected, highlighting accidental weaknesses in the system's design and operation [28957]. |
| Duration |
temporary |
The software failure incident related to the airport scanners can be categorized as a temporary failure. The article mentions that the Rapiscan full-body scanner's software can be hacked to present images at certain angles or to cover up certain sections of the body in ways that would be undetectable [28957]. This indicates that the failure was due to specific circumstances where the software could be manipulated or bypassed, rather than a permanent failure inherent to the software itself. |
| Behaviour |
crash |
(a) crash: The software failure incident related to the airport scanners can be categorized as a crash. The Rapiscan full-body scanner software was found to be vulnerable to being hacked to present images at certain angles or to cover up certain sections of the body in ways that would be undetectable, leading to a failure in performing its intended function of accurately detecting concealed weapons [28957]. |