The researchers also experimented with how malicious software could be used in an attack, as the Rapiscan Secure 1000's console is an MS-DOS based PC.
The software lacked any passwords, making it possible for a determined attacker who can gain physical access to the machine to upload malware. The program they developed recorded and hid every scanned image for later retrieval.
The malware could also recognize a QR code worn on the shirt of a person who was being scanned and then substitute in a "clean" image.
While the Rapiscan Secure 1000 is fine for detecting unsophisticated attackers, it "performs less well against clever and adaptive adversaries," they wrote.
Part of the problem is that the manufacturers and the government have not allowed independent tests on such scanners for fear the disclosure of weakness could tip-off attackers to effective countermeasures, they wrote.
That strategy might be effective for some time, but it depends on maintaining tight purchase controls, they wrote.
"The root cause of many of the issues we describe seems to be failure of the system engineers to think adversarially," the paper said.
The study was co-authored by Keaton Mowery, Tom Wypych, Corey Singleton, Chris Comfort, Eric Rescorla and Hovav Shacham of the University of California at San Diego; Eric Wustrow and J. Alex Halderman of the University of Michigan; and Stephen Checkoway of Johns Hopkins University.
Sign up for CIO Asia eNewsletters.