Security Experts Have Cloned All Seven TSA Master Keys ¬


John Biggs, writing for TechCrunch:

The TSA, as you’ll remember, offers a set of screener-friendly locks. These locks use one of seven master keys that only the TSA can use — until 2014. In an article in The Washington Post, a reporter included a shot of all seven keys on a desk. It wasn’t long before nearly all the keys were made available for 3D printing and, last week, security researchers released the final key.

The interesting aspect of the release of the final key is how they did it. One of the hackers, Johnny Xmas, said:

“This was done by legally procuring actual locks, comparing the inner workings, and finding the common denominator. It’s a great metaphor for how weak encryption mechanisms are broken — gather enough data, find the pattern, then just ‘math’ out a universal key (or set of keys),”

Frustratingly, the TSA cares little for consumer’s belongings:

“The reported ability to create keys for TSA-approved suitcase locks from a digital image does not create a threat to aviation security. These consumer products are ‘peace of mind’ devices, not part of TSA’s aviation security regime.”

Commenting is closed for this article.