Detecting Explosives

Really interesting article on the difficulties involved with explosive detection at airport security checkpoints.

Abstract: The mid-air bombing of a Somali passenger jet in February was a wake-up call for security agencies and those working in the field of explosive detection. It was also a reminder that terrorist groups from Yemen to Syria to East Africa continue to explore innovative ways to get bombs onto passenger jets by trying to beat detection systems or recruit insiders. The layered state-of-the-art detection systems that are now in place at most airports in the developed world make it very hard for terrorists to sneak bombs onto planes, but the international aviation sector remains vulnerable because many airports in the developing world either have not deployed these technologies or have not provided rigorous training for operators. Technologies and security measures will need to improve to stay one step ahead of innovative terrorists. Given the pattern of recent Islamic State attacks, there is a strong argument for extending state-of-the-art explosive detection systems beyond the aviation sector to locations such as sports arenas and music venues.

I disagree with his conclusions—the last sentence above—but the technical information on explosives detection technology is really interesting.

Posted on May 20, 2016 at 2:06 PM24 Comments


Daniel May 20, 2016 2:41 PM

What is up with people these days, publishing information that can be read by terrorists?! I’m sure they will find the technical details “really interesting” too. It’s as if people actually want more gag orders, secret courts, and parallel construction. Gosh Bruce, you are really asking for it…

(the above is 100% snark, for those who have their sarcasm meter broken.)

JdL May 20, 2016 4:17 PM

The layered state-of-the-art detection systems that are now in place at most airports in the developed world make it very hard for terrorists to sneak bombs onto planes…

Really? It’s apparently very easy for auditors to sneak just about anything past TSA security. I’m trying to remember the percent of firearms, bombs, etc. that get through. 90%? 95%? Somewhere up there. So this one sentence makes me conclude that the writer of the abstract (and presumably the whole paper) is an idiot.

milkshaken May 20, 2016 7:48 PM

I am doubtful we can ever have good security against motivated suicidal fanatics

Wael May 20, 2016 8:10 PM

Detection alone isn’t sufficient. Mitigation is also necessary. Disallow any carry on luggage and stow everything in a Bomb bag

ianf May 21, 2016 1:49 AM

Sounds logical, as mice can get into tighter spots and are master sniffers when having munchies. Problem is, Jacob, once you’ve press-ganged them into the terminal service, and they are done, how do you get them back onto the funny pages? You’d have to implant small homing antennae into their skulls, and that, my friend, creates a vector for remote electronic misdirection, falsification, etc., in effect nullifying their utility.

Clive Robinson May 21, 2016 2:30 AM

@ ianf, Jacob,

Problem is, Jacob, once you’ve press-ganged them into the terminal service, and they are done, how do you get them back onto the funny pages?

You don’t use them that way.

Apparently it’s similar to the way they have suggested for bees. You put them in a cartridge, that fits in a machine like a portable vacuum cleaner. The operator moves the nozzle around and the air is drawn over the creature and it’s reactions monitored for indications.

Having kept “fancy rodents” as pets, it strikes me as both cruel and problematic. Mice need to move around a lot and they are not easy to train (unlike rats and ferrets) and are very short lived so would only have a few months working life at best.

Jesse Thompson May 21, 2016 3:47 AM

Bomb detection? Really?

I’m with @JdL on this. I can open up a USB cell phone charge extender, remove it’s battery and replace it with C4/Plastique, replace it’s electronic bits with some home-brew to negotiate USB with a phone to figure out when to detonate the charge, and bring that with me onto a plane without an eyebrow being batted. I can even “forget” my phone and charger in the little pamphlet pouch in front of my seat when I get off the plane (or someplace more creative if that pouch is actually checked between flights..) in order to either remotely detonate once it’s filled with passengers again, or failing that allow it to simply go off on an internal timer.

Takehome is that I would be absolutely stunned if they had tech which could detect C4 inside of a backup battery case. :/

Drone May 21, 2016 3:57 AM


Interesting paper on fingerprinting, thanks.

However, it is ironic that the Audio Fingerprinting demo site the Author put up requires ajax(dot)googleapis(dot)com to run. The paper itself lists ajax(dot)googleapis(dot)com as the third largest source of tracking (the other two largest, gstatic(dot)com and fonts(dot)googleapis(dot)com, are also Google spawn).

One thing is certain: Google = Evil.

San May 21, 2016 9:17 AM

@Clive Robinson

Or just swallow them in pelletjes like smugglers already do. Cant bodyscan everybody.

albert May 21, 2016 10:51 AM

@anon, @Drone,

Blocking such scripts would eliminate the problem, would it not?

The question is, can the websites own script ‘call’ those scripts without your knowledge? I don’t know the details of how, for example, NoScript works.

. .. . .. — ….

Clive Robinson May 21, 2016 10:59 AM

@ San,

Or just swallow them in pelletjes like smugglers already do.

That only works for small packages, not for stacks of currancy or blocks of explosive.

Plus how do you get them out when you need them rather than waiting for nature to take it’s course.

The main idea behind a bomb (till Bruce joked about “butt-bombers”) was that you planted it somewhere it would do actual physical damage to the environment, rather than redecorate it with your blood and guts. To say the Sheikh “Was not amused” at the cleaning bill is a bit of an understatment.

albert May 21, 2016 12:09 PM

@Clive, et al,

The preferred attack methods for ‘islamic’ groups (IGs) depends on killing and maiming -people-, not infrastructure. That’s the way they roll, and it’s probably 13th century tradition, like beheadings (though I do recall a certain European country using such techniques in the 1700s).

Fear of death has certainly been effective for the IGs. Luckily, they haven’t yet figured out how much more effective (and easier) infrastructure attacks would be, even if they didn’t kill or maim anyone!

Unfortunately for the world, reducing and even eliminating IG attacks can be done without any active programs at all. It’s clear that the simple, obvious solutions are antithetical to the US Master Plan, so I don’t look for any progress on the political front.

MIT can go ahead and design their detection systems. The only benefits will go to the War Machine contractors*. We’ll continue to spend billions on Security Theatre, and keep stoking those fear fires.

  • Those are the obvious(quantifiable) benefits. A made-to-order Police State is apparently not being considered by the US public.
    It’s a simple solution to population control, when propaganda fails.
    . .. . .. — ….

Drone May 21, 2016 8:57 PM


Script blockers like NoScript will not only prevent the script from running, they are typically a way to discover what scripts a Web site is trying to shove down your throat.

The problem is that unless you let the scripts run, the site hosting the scripts does not work. This is the point I was making in my post; it was ironic how a study of tracking through (e.g.) scripting, hosts a demo site that uses Google’s nefarious scripting before it will work. It makes you wonder if the study and demo site is just a honeypot.

An increasingly common ploy to attempt to get you to give up on trying to block scripts selectively is to layer or cascade scripting. This ploy forces you to unblock a script which will then reveal a whole new layer of hidden scripts, which when selectively unblocked will reveal another layer of scripts, ad infinitum. There is no simple way to reveal what scripts underlie what scripts.

There was an Blog site I visited that was so loaded with third-party tracking scripts, it was almost impossible to use. I gave up counting scripting layers at around five or six. By then there were easily more than a hundred scripts trying to run, the vast majority of which were not required to make the site work. They were there to track me, and probably make the site owner some money.

Bobby May 22, 2016 12:36 PM

If I read it right, they are struggling to detect what is IN the body, so the bad guys could easily use decent sized Dildos to bring on board whatever they want….

albert May 22, 2016 2:28 PM


I believe I’ve seen this. won’t run unless you temporarily enable, which then lists a half dozen ‘new’ scripts.

TV networks and cab/sat websites are the worst. I’ve counted 20 scripts on the first iteration of NoScript.

I usually abandon the site if the sites own script doesn’t allow functionality.
. .. . .. — ….

milkshaken May 22, 2016 5:35 PM

@bobby Also these systems are tested against common and improvised explosives. But it is exceedingly easy to defeat them, by bringing some naughty material or device masked as a common object, if you have a suicide nut on board willing to go down with the plane. Remember the printer cartridge plot? The state of art detection equipment missed a pound-size charge of WWII era common explosive, because it was powdered rather than solid, despite of warning from intelligence services that the bomb is coming in the mail to be loaded on Fedex plane

oliver May 23, 2016 10:20 AM

You’re all doing it wrong!
Forget detection, do profiling.
When was the last time an El-Al airliner was hijacked or bombed out of the air?

Yes they do profiling right, nuff said.

ianf May 23, 2016 1:51 PM

Listen, Oliver, we’ve been though this before… the Israelis do airport security right (and not solely psychosocial evaluation—not “profiling”—at boarding points), but their methodology doesn’t scale up beyond their limited passenger volumes and few ingress points – not only at the Ben Gurion/Lod Airport, but at selected foreign airports with Israel-bound traffic. If it did, you can be sure it’d have been deployed at large by now, but there are no signs of that (and then hardly due to the “Not Invented Here” syndrome thinking).

Next bright idea, please.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.