Security experts have exposed how vulnerable the TSA is to terrorists and other criminals.
In the age of 3-D printing, they took images of the keys that the Transportation Security Agency uses on all their approved locks – the luggage locks they use during airport inspections.
Within hours, according to Wired, they made 3-D replicas of the keys and published a video showing that it opened a TSA-approved luggage lock.
OMG, it's actually working!!! pic.twitter.com/rotJPJqjTg
— Bernard Bolduc (@bernard) September 9, 2015
The images came from The Washington Post, who unwittingly posted (and quickly deleted) a photo of a master key in an article about the TSA. The images were quickly grabbed and spread around the internet.
“Honestly, I wasn’t expecting this to work, even though I tried to be as accurate as possible from the pictures. I did this for fun and don’t even have a TSA-approved lock to test,” writes Xylitol, the Github user who published the files, in an email to WIRED. Xylitol, who noted that he was based in France, declined to reveal his real name. “But if someone reported it that my 3D models are working, well, that’s cool, and it shows…how a simple picture of a set of keys can compromise a whole system.”
Within hours, others had done the same thing – reproduce duplicates of TSA master keys using 3-D printing technology.
One user says he doesn’t know the brand of the luggage lock he opened, but based on the “TSA” inscription on the bottom, he can conclude it is on the approved list. The problem likely extends well beyond one brand, anyway; the leaked master keys include those that open every type of TSA-approved lock made by companies such as Master Lock, Samsonite and American Tourister.
The photo leak and subsequent 3-D printing demonstration does show just how quickly a theoretical slip-up can turn into a real security compromise. And he says that the TSA should have known better than to allow its master keys to be photographed. Prisons, for instance, have long kept cell keys covered on guards’ belts, he points out. “In high-security environments, it’s clear that you want people to not just take photos of your keys, but to not even look at them,” he says. “We would hope the TSA would have taken better care of their keys than they have.”