TSA-recognized locks provide little more than a false sense of security. That’s not news. It is news, however, that some hacker type has uploaded the CAD files of the agency’s master keys to Github, so that anybody can 3D-print them at home. Let the stealing begin!
Just kidding, please don’t break into other people’s luggage. More on that in a second.
The TSA master key skullduggery started back in 2014, when The Washington Post “accidentally” leaked images of a full set. From those photos, Github user Xyl2k reproduced the design of each key in the form of an STL (STereoLithography) file and uploaded them for all to enjoy. Security researcher Bernard Bolduc printed one right away and showed in a video that it really works.
Well, isn’t this embarrassing! It’s kind of tough to tell who screwed up most: The Post for publishing the photos or the TSA for coming up with this dumb master key situation in the first place. As the Github user explained in his release, security researchers have long frowned upon the idea of master keys, in general. The very existence of a key that can open any lock is problematic at best. The idea that the government should be the keymaster makes it worse.
A lot of people are comparing this screw up to the idea of a “golden key” for encryption. Security researchers also hate this idea. The existence of a golden key would fix the woes of the FBI and NSA over not being able to read heavily encrypted data, because they could just plug in the good old golden key and decipher everything. Then again, so could any hacker who got ahold of the golden key.
In conclusion, don’t break into other people’s luggage. Also, don’t trust the TSA-approved locks to keep the contents of your own luggage safe. They’re insanely easy to crack, and thanks to 3D-printing technology, it’s even easier. Your best bet is sticking to a carry-on only lifestyle.
[Github]
Contact the author at adam@gizmodo.com.
Public PGP key
PGP fingerprint: 91CF B387 7B38 148C DDD6 38D2 6CBC 1E46 1DBF 22A8