USA: The last TSA master key has been hacked

In a move to prove a point about security, a group of hackers have released blueprints to 3D print the eighth and last TSA master key this week at a conference in New York.

If you are unfamiliar, TSA approved locks allow luggage security personnel to unlock and inspect your bags without damaging locks, using master keys. There are two companies that design these locks, Travel Sentry, which outsources seven lock designs to other manufacturers, and Safe Skies which produces their own lock.

In 2014, the Washington Post inadvertently published an article which included a high resolution photo of all seven Travel Sentry TSA master keys. The photo has since been removed from the article, but not before someone was able to digitally recreate the keys, and then share the files. Less than a year later, 3D printed copies emerged, making all Travel Sentry locks essentially useless against theft. A hacker named Xylit0l used the high-quality public images and more data to make 3D printable copies of the Travel Sentry master keys. DarkSim905, Johnny Xmas and another hacker later added to the project with some fixes.

The Safe Skies key was more difficult to reproduce, with zero images of it being publicly available. However, because they only make one master key, all their locks contained the data needed.

“This was done by legally procuring actual locks, comparing the inner workings, and finding the common denominator. It’s a great metaphor for how weak encryption mechanisms are broken – gather enough data, find the pattern, then just ‘math’ out a universal key (or set of keys),” Johnny Xmas explained at the Eleventh HOPE conference in New York.

Purchasing as many Safe Skies locks and keys for examination as possible, the possible key blanks were identified and existing keys were modified to match them. “Once I had blank keys that would fit the locks I needed to figure out what the cuts should be,” Nite 0wl added.

More information and video available here:

Source: 3D Printing Industry.

How Securoseal Protects.

  • Strap your suitcase closed, seal your zips and keep a numbered receipt.

  • Stronger than 2x your maximum check in weight. Securoseal stays sealed.

  • Tamper evident technology helps you detect a tampering event.

Tamper evident
surface seal.

Highly sensitive tamper indication with a unique identity number. Tampering in any direction will create a void tamper pattern.

Tamper evident
load bearing seal.

Strong enough to hold double the maximum checked weight limit for luggage. Once sealed, tampering in any direction will cause the surface to fragment.

Tamper evident
zip seal.

Isolate zips with a single use cable tie. Includes an internal ‘one way’ metal sealing device. Numbered & bar coded to match the unique identity number of your seal. Once sealed, attempted removal will leave tamper evidence on the cable tie.

Identification &
receipt system.

Each seal is marked with a unique identity number and includes a tamper evident receipt that is adhesive. Keep the receipt with you to verify the identity number of your seal.

Single use
buckle release.

At your destination, your seal can be released without cutting tools. Use of this function will leave tamper evidence on the buckle.

Don't chance it.
Get protection.

Buy the Securoseal tamper evident luggage seal today.