Detailed designs of the universal key used by the TSA to inspect luggage passing through U.S. airports have been published online and people have already begun 3D-printing successfully.
Following the 9/11 attacks, which took place 14 years ago today, the Transportation Security Administration (TSA) mandated that from Jan. 1, 2013 all checked baggage be openable for screening. That means today, the TSA monitors all bags passing through U.S. airports and any it deems suspicious, it inspects. In a bid to prevent the need to break people’s locks, it has listed a range of TSA-approved locks to which its inspectors all have master keys -- and therein lies the problem.
The issue first arose last November when the Washington Post published an in-depth feature on the work of the TSA which, when it first went online, contained images of these master keys. The images were soon deleted, but the damage was done.
In the intervening 10 months, security researchers and lock-picking enthusiasts have been collaborating -- mainly through Reddit -- to create detailed CAD drawings of these keys and on Wednesday, they uploaded the detailed designs to code-sharing website GitHub for anyone to download and print.
And people have been doing just that. Since the files were uploaded, there have been multiple reports on Twitter of people successfully printing the keys and using them to unlock TSA-approved locks, with the first being Bernard Bolduc who published this video of the keys working:
OMG, it's actually working!!! pic.twitter.com/rotJPJqjTg
— Bernard Bolduc (@bernard) September 9, 2015
The GitHub files were posted by a user called Xylitol who has refused to reveal his identity beyond being based in France. Xylitol was helped by two other researchers in his master key project, including Shahab Sheikhzadeh, a New Jersey-based security researcher, who has detailed the timeline of events which led to the publication of the keys.
According to Sheikhzadeh’s timeline, while the Washington Post article is mentioned, he says that just last month he was passed this document which features "images of the keys scanned on a flatbed scanner along with intricate details of the millings and side shots. It appears to be a brief on the operation of the keys and proper usage.”
Speaking to Wired, Sheikhzadeh said: “We’re in a day and age when pretty much anything can be reproduced with a photograph, a 3-D printer and some ingenuity.”
— Jimy Longs (@JimyLongs) September 10, 2015
"TSA Locks Are Garbage"
Another security researcher involved in the project was Adrian Crenshaw, who wrote about the TSA-approved locks previously, saying that anyone with any knowledge of these locks knows that they are not very robust:
“Every lock picker knows that the TSA approved Travel Sentry/Safe Skies locks are garbage, but if you don’t want your normal checked bags to have their locks cut off, there are only so many options (that said, sometimes they still cut them off). While it’s common knowledge to lockport enthusiasts how weak TSA approved locks are, the average traveler is mostly unaware of it."
In response to the publication of the files on GitHub, and the subsequent successful 3d printing, the TSA told International Business Times:
“The reported ability to create keys for TSA-approved suitcase locks from a digital image does not create a threat to aviation security. These consumer products are “peace of mind” devices, not part of TSA’s aviation security regime. Carried and checked bags are subject to the TSA’s electronic screening and manual inspection. In addition, the reported availability of keys to unauthorized persons causes no loss of physical security to bags while they are under TSA control. In fact, the vast majority of bags are not locked when checked in prior to flight.”