TSA-Approved Master Luggage Keys Hacked and 3D Printed Once Again

Share this Article

tsa-master_keys-travelsentry_xmas-100673377-primary.idge

[Image: Johnny Xmas]

Security is just getting so complicated these days. Not that it was ever exactly simple – particularly on a national level – but technology is enabling the criminally-minded to create some frighteningly ingenious ways of getting around even the most sophisticated security measures. 3D printing, in particular, is a delightfully easy way to replicate keys. Thankfully, it’s also an effective way to design and produce copy-proof keys, but even some of the most top-security agencies in the country have found themselves embarrassingly vulnerable to key hacking.

Last year, the Transportation Security Administration (TSA) found themselves in a bit of an awkward situation when they proudly posted photos of their new master luggage keys, only to have them promptly digitized and 3D printed by some clever hackers (who also posted the files online). The master keys were provided by a company called Travel Sentry, one of two TSA-approved lock companies. The other, Safe Skies, was apparently good as far as their master key security went – until now.

On Saturday, at the Eleventh annual HOPE (Hackers On Planet Earth) conference in New York, three hackers who go by the code names DarkSim905, Nite 0wl and Johnny Xmas unveiled a 3D printable model of the Safe Skies TSA master key. This time, the process was a bit more complicated, as no photos of the keys had been published online, but for an experienced hacker, that wasn’t a problem – it just slowed things down a little.

tsa-master-keys-100614098-large.idge

The released 3D printed versions of the Travel Sentry keys.

Nite 0wl, who, along with Johnny Xmas, was part of the Travel Sentry hack in 2015, started by buying Safe Skies locks from as many different locations as possible so that he had a good-sized sample to work with. He then began modifying commercially available key blanks to resemble the keys provided with the locks he had bought – not matching them exactly, as obviously Safe Skies wouldn’t release consumer keys that matched their TSA locks. He was able to eliminate the cut patterns on the keys he had purchased, while still using them to ascertain the general type of pattern Safe Skies uses, and thus, roughly, what a master key might look like.

“The big breakthrough was when I acquired several Safe Skies locks that used wafer-tumbler mechanisms instead of pin-tumbler mechanisms, because of the different mechanical design I was able to work out the master key cuts very quickly and then confirm that the key worked on all of the sample locks I had,” he told CSO.

keyillustration5-003-100672714-large.idge

[Image: Nite 0wl]

With some additional tweaking and fine-tuning, Nite 0wl and his fellow hackers were able to come up with a 3D model of a key capable of opening Safe Skies’ TSA locks. It’s interesting to note that while that key is now 3D printable, 3D technology wasn’t used in the actual hacking process – only manual examination, trial and error, and a lot of time.

“This was done by legally procuring actual locks, comparing the inner workings, and finding the common denominator. It’s a great metaphor for how weak encryption mechanisms are broken – gather enough data, find the pattern, then just ‘math’ out a universal key (or set of keys),” said Johnny Xmas. “What we’re doing here is literally cracking physical encryption, and I fear that metaphor isn’t going to be properly delivered to the public.”

tsa-master_keys-travelsentry_xmas-2-100673378-large.idge

[Image: Johnny Xmas]

It’s an unsettling metaphor, for sure, and a reminder that nothing is ever completely secure – on or offline. The hackers have stated that the purpose of the project was not to scare people with the idea that anyone can use a 3D printed key to break into their luggage – and that wasn’t their goal in releasing the files for the Travel Sentry keys, either. The point, which they say was completely missed in 2015, was to highlight the dangers of government key escrow, a data security measure in which a third party is trusted with a cryptographic key that they may only use with the authorization of the entrusting agency.

The whole thing is interesting to think about, though – while 3D printing and other technology have brought with them a lot of anxiety about security, they’re not the only ways that security can be broken. Sure, the Travel Sentry keys were much easier to copy, but even without pictures that were ready to be turned into 3D models, the Safe Skies keys were eventually able to be hacked. It’s not a comforting thought, but it’s an interesting – and important – one. Let’s discuss this topic further over in the TSA Hacked Keys forum at 3DPB.com.

[Source: CSO]

 

Share this Article


Recent News

3DPOD Episode 15: The Ceramics 3D printing market: Davide Sher of SmarTech Analysis and 3D Printing Media Network

Prusa Research Releases Prusa Mini for $349



Categories

3D Design

3D Printed Art

3D Printed Food

3D Printed Guns


You May Also Like

3DPOD Episode 14: Consumer and Affordable 3D Printers

This 3DPod Episode is filled with opinion. Here we look at our favorite affordable desktop 3D printers. We evaluate what we want to see in a printer and how far...

3D Printer Buying Guide 2019

What a difference a year makes. Once again we’ve seen some monumental shifts and changes in the 3D printing landscape for desktop 3D printers. At the low-end competition has been...

Prusa Publishes Hardware and Firmware Updates for 3D Printers, Ships over 130,000 Printers

It’s time for another one of Prusa‘s popular updates on its various hardware and firmware! The company makes sure its customers always know about the latest new products and improvements to its...

The Nydus One Syringe Extruder (NOSE): Turns Your Prusa i3 Into a Bioprinter

Researchers from Germany are exploring democratizing bioprinting with their findings outlined in ‘Nydus One Syringe Extruder (NOSE): A Prusa i3 3D printer conversion for bioprinting applications.’ Recognizing the promise of...


Shop

View our broad assortment of in house and third party products.


Print Services

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our 3DPrint.com.

You have Successfully Subscribed!