US Airport Recently Upgraded From Windows 98 To Windows XP

If you had any doubts about how hard it is for organizations and enterprises to upgrade to newer operating systems, consider this. An airport in the United States was running Windows 98, in the not so distant past.

Even more fascinating is the fact that when the airport administration finally decide to upgrade these devices, they chose Windows XP — the recently retired version of the operating system that no longer receives security fixes and updates from Microsoft.

Need a little more scare?

The airport security employees were running an x-ray scanner (called Rapidscan 522B) to scan and check the luggage, and shockingly this was the hardware that was running on Windows 98.

This report has Billy Rios, a security expert working as the director of vulnerability research and threat intelligence at Qualys, talking about this at the BlackHat security conference, and explaining that some of the hardware that airports are using could easily be hijacked by cybercriminals.

Obviously, you’d be hard pressed to blame Microsoft for this.

It all comes down to the organizations and entities in question that are still running outdated hardware powered by unsupported operating systems. But this is the reality of the technology world we live in.

More so, when you consider just how much airport security has been amped up in the last decade.

7 Comments

  1. Ray C

    August 14, 2014 at 8:52 am

    There needs to be some type of assistance program to help companies get the most up-to-date equipment, so they can use a modern OS. I would love to see some type of government program that helps people with money to upgrade equipment, hire training stuff and consultants, get new computers, and upgrade software. It would probably provide some jobs in a few areas

    • JF

      August 25, 2014 at 4:40 am

      Assistance!?! You’re kidding of course. Just let them take a chunk out of those profits they are making.

  2. xinu

    August 14, 2014 at 11:12 am

    Wow. Impressive, whats really surprising is their choice to go with XP. I wonder whether this was a decision based on software compatibility, although you would like to think that businesses would like to get the maximum out of any investment, hence a move to Windows 7 or 8 would greatly extend this. As for hardware such the X-ray machine, if its an embedded system and not connected to the internet, then you really don’t have anything to worry about. I seriously doubt an airport X-ray scanner would need any sort of internet connection.

    • Pete

      August 15, 2014 at 9:17 pm

      Most of those scanners, like the medical imaging systems they’re patterned after, consist of several embedded computers on a subnet with combinations typically of RTOS (for motion control), Linux (for image processing), and a Windows front end running graphics and GUI. The OS versions are old, they weren’t designed with distributed firmware updates in mind let alone security patches or AV signature updates, and the Windows machines are rarely secured from malware-infected thumb drives – even those from field service people doing calibrations and maintenance. If they aren’t already connected to the Internet (even through firewalls), there’s a push to make them so as cost-effectively as possible by leveraging the existing (highly-insecure) architectures and code base.

      Having the scanners connected to the Internet and remotely monitored not only allows aggregated collection and back-end analysis of image data for security purposes, it would allow Rapidscan to monitor machine performance (and vulnerability) and perform remote calibrations and updates. Companies with deployed systems like this want to know about problems before their customers do, and they also want to enable service contracts with the lowest costs (highest margins) possible – truck rolls are expensive.

      Was hoping to see more detailed info from Billy Rios in this article; he is a true expert in the cyber-security field.

      • xinu

        August 18, 2014 at 5:02 pm

        Thanks for your insight. Its definitely an interesting subject given many computers which run on such devices, and on devices responsible for infrastructure are not protected against many security vulnerabilities. As we move closer towards an internet of things im sure security will become a higher priority item on the lists of system developers.

    • Pete

      August 15, 2014 at 9:19 pm

      Oh, and I suspect it’s more about hardware compatibility. Microsoft’s driver model changed dramatically with Vista and above.

      Maybe they’re just getting pirated XP discs from Asia to save money? 😉

    • JF

      August 25, 2014 at 4:33 am

      Software compatibility is usually the problem. A lot of professional software won’t run in Windows 7 or later if it ran in XP.

Leave a Reply

Your email address will not be published. Required fields are marked *