Tsa master key news9/21/2023 TSA’s nonchalant response to the proliferation of master keys is at odds with how the agency has historically advertised the approved locks. Since the files were first published, several people have demonstrated that they work, using inexpensive 3D printing plastic called PLA. Steven Knuchel, a hacker/security researcher who goes by Xylitol or Xyl2k, used the detailed images obtained from the Travel Sentry website to create the kind of files that 3D printers use to produce models. It does not sell or manufacture locks itself. ![]() Travel Sentry is the organization responsible for generating and enforcing security guidelines for TSA-approved locks, working with both the government and private manufacturers to guarantee its standards are being met. ![]() Sheikhzadeh told The Intercept that anonymous hackers inspired by the Washington Post photos found a 2008 “Guide to Travel Sentry Passkeys” posted on Travel Sentry’s website. Then, according to his self-published timeline, Shahab Shawn Sheikhzadeh, a system administrator and lockpicker, obtained an official-looking document with even more detailed imagery. The photos were removed from the Post’s website, but not before privacy devotees spread the images far and wide. What no one had previously noticed was that the article included close-up photos of the “master keys” to TSA-approved luggage locks - which it turns out, are really easy to copy, as long as you can see the pattern of the teeth and have access to a 3D printer. Last month, security enthusiasts and members of a lockpicking forum on Reddit began circulating a nearly year-old Washington Post story about “the secret life of baggage,” and how the TSA handles and inspects airport luggage. In fact, the vast majority of bags are not locked when checked in prior to flight.” In addition, the reported availability of keys to unauthorized persons causes no loss of physical security to bags while they are under TSA control. “Carried and checked bags are subject to the TSA’s electronic screening and manual inspection. “These consumer products are ‘peace of mind’ devices, not part of TSA’s aviation security regime,” England wrote. “The reported ability to create keys for TSA-approved suitcase locks from a digital image does not create a threat to aviation security,” wrote TSA spokesperson Mike England in an email to The Intercept. Now that they’ve been hacked, however, TSA says it doesn’t really care one way or another. When the locks were first introduced in 2003, TSA official Ken Lauterstein described them as part of the agency’s efforts to develop “practical solutions that contribute toward our goal of providing world-class security and world-class customer service.” The TSA-recognized luggage locks were a much-vaunted solution to a post-9/11 conundrum: how to let people lock their luggage, on the one hand, but let the TSA inspect it without resorting to bolt cutters, on the other. What we're doing here is literally cracking physical encryption, and I fear that metaphor isn't going to be properly delivered to the public.In a spectacular failure of a “back door” designed to give law enforcement exclusive access to private places, hackers have made the “master keys” for Transportation Security Administration-recognized luggage locks available to anyone with a 3D printer. "It's a great metaphor for how weak encryption mechanisms are broken - gather enough data, find the pattern, then just 'math' out a universal key (or set of keys). "This was done by legally procuring actual locks, comparing the inner workings and finding the common denominator," Xmas said at the conference. According to 3D Printing Industry, the trio explained that it's not their intention to scare people - they merely want to highlight the dangers of giving a third party access to master keys, whether digital or physical. The hackers, who go by the pseudonyms Johnny Xmas, DarkSim905 and Nite 0wl presented their work at the 11th Hackers On Planet Earth (HOPE) Conference in New York. Anyone with access to a 3D printer can now reproduce all eight keys. Since the hackers didn't have a photo of the last key, they bought as many Safe Skies locks as possible, took them apart and examined their innards. ![]() The first seven keys are manufactured by a company called Travel Sentry, while this one is by a separate manufacturer named Safe Skies. Now, these same experts have deciphered the secrets of the eighth and last master key the agency uses even without a photo to guide them. Shortly after The Washington Post inadvertently published a photo of seven TSA master keys, a group of security experts were able to copy their designs and release their 3D models online.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |