While these locks are so easily defeated that this really doesn't make anyone significantly less safe, it does demonstrate that the TSA knows absolutely nothing about security.
What's interesting to me is that this shows they don't even know about pretend security. Releasing these pictures doesn't impact real security much, but it does impact the impression of security they try to give to the average idiot.
They don't know much.
For some reason I have a hunch that TSA agents probably just part the zipper with a bic pen, do whatever inspection is necessary, and re-seal the bag. Seems a bit quicker than fumbling around for the right key.
If you have one pull tab locked to the end of the zipper this does not.
http://www.airlineintl.com/files/15/products15988.jpg
This would also hinder this method of opening a bag.
[1] https://www.techdirt.com/articles/20150702/00134231524/david...
Probably Wired is more inclined to create some FUD around the fact that now this is freely accessible 'for anyone with 3D printer'.
I guess what I'm saying is that most TSA approved locks were already quite vulnerable to anybody who really wanted to pick them with or without a 3D printer.
I fear, some governments may seriously have an idea of restricting 3D printers.
You can't prevent people from having tools that can be used to manufacture things, and no one is seriously going to try.
Perhaps it's safety in numbers. Perhaps it's a kind of camouflage and not signalling anything of worth. Perhaps it's because the level of risk of theft is incredibly low.
It's really just to prevent impulse theft from baggage handlers, bell hops, cab drivers, etc. Even after the leak, these are essentially just as effective as they've always been.
if you walk up with a bolt cutter or a knife, you're going to be much more suspicious.
Good luck keeping that secret.
http://world.taobao.com/item/40576438073.htm?spm=a312a.77007...
As a side note, and plz don't flamen as this is a system hack, the only realy way to keep the TSA out of your bags and stealing stuff is to put a firearm in there. Even a starter pistol works. TSA can't handle fire ars so it's checked by local cops and then locked up with whatever locks you want. Tho you may not want to do this going to NYC.
Also, what is the screening process like with the cops? Does it take significantly longer? Is it shorter? Do they question why you are bringing it? Would it be a valid response to say "to make sure people with real security training are checking my luggage vs. the TSA?"
The process is "it's just business and it's your right". I felt self conscious the first time I did it as an adult, moving some guns from my mom's house to Washington. However no one gave a damn, I was expecting a "oh sh*t" from the checking agent but she didn't even blink.
It's about the same as checking skiis, you go over to the oversized bags area and you have to wait for a cop to walk over, takes maybe 3-10 minutes extra over a normal checkin. However you can I think go to the special lane by asking the person who is filtering around telling folks which lanes to use when checking in.
The valid reason to have a gun is "Murican". I feel weird saying this but 'it's a constitutional right'. I get more shit for bringing water into TSA than checking a gun onto a plane.
https://twitter.com/mattblaze/status/641330920251891712
They're terrible, insecure locks.
So we can say "remember what happened with the TSA master keys?". And even if they argue that nothing real bad happened because of this breach, we can say "well yes, because the locks weren't very secure to begin with, so it really was a pretty bad idea from the start".
BTW, about the locks not being secure, isn't that the case for almost every lock? Like, don't locks become real expensive very quickly once they start approaching some basic notions of actual security that would keep at least an amateur lockpick at bay? (including securing the stuff around the lock, like zippers, cloth, etc)
> The whole thing neatly illustrates one of the main problems with backdoors, whether in cryptographic systems or physical systems: they're fragile. [0]
[0] https://www.schneier.com/blog/archives/2015/09/tsa_master_ke...
If you want genuine security on your luggage, get a starter gun and go through the checked firearms procedures.
https://www.schneier.com/blog/archives/2006/09/expensive_cam...
http://www.thetruthaboutguns.com/2013/08/matt-in-fl/more-on-...
The idea of such a master key is incredibly stupid. It could also have been reversed engineered with an autopsy of a lock. The people who come up with such idea don't merit the trust and responsibility given to then.
But let's not forget that tailgating will get you past pretty much anything that isn't a turnstile. Turnstiles are really only in elevator lobbies, so if you can find a legitimate reason to be in some other part of the building you can just follow a legitimate user through any door, no matter how secure its locking mechanism. And failing that, almost no one properly authenticates cleaning staff or contractors.
You have one lock, and one key (not the master) for that lock, and a bunch of blanks.
You take the first blank. You cut a key that is identical to your key, except you vary the depth of a single cut. You repeat this until this new key works in your lock. That gives you the master key cut depth of one part of the key. You repeat this process forthe rest of the positions. You end up with a master key.
Edit: MrJones' comment here: https://news.ycombinator.com/item?id=10186309
https://github.com/Xyl2k/TSA-Travel-Sentry-master-keys
If it's cheap enough I'd love to hand them out at airports to travelers as a demonstration of how terrible the TSA is.
The cost of producing the keys will effectively be $0 in relation to your legal fees if you were to actually pursue doing this.
I can almost guarantee you that you'll face criminal charges if you try to pull this off. Don't fuck with the TSA at the airport. Hand these out at a transit center or shuttle terminal near the airport so you aren't doing this within the TSA's jurisdiction, unless you're a fan of cavity searches.
An app certainly adds a bit of convenience, but it also takes out most of the fun.
Also see 3D printed bump keys http://www.dailymail.co.uk/sciencetech/article-2739879/WATCH...
So it seems the real threat I need to protect my luggage and belongings against is the TSA, yet the law is mandating that if I travel with luggage, they need to be able to open it.
Would love to see more done to combat that.
Are people forgetting TSA is entirely for security theater only and serves no real purpose?
What happened to all the protests at airports only a few years ago, amazing how everyone just caved in and the media moved on to the next squirrel. Then again we did the same for the NSA which is a far bigger problem.
I'm pretty sure if India, China or any non-Western country did this, everyone would be up in arms about misuse, infringement of rights, etc. And yet when the TSA acts so stupidly (a photo shown to the public) and with multiple incidents of abuse of power from the TSA's side, the public opinion is still that the TSA is competent and well-intentioned.
I would call it hubris if they show capability, but this is downright arrogance.
I'm surprised no one is suing the government over this. Or is it like a EULA when you enter the United States that you agree not to press charges on such incompetence?
The keys are not equal, some keys will be more difficult to print, like 006 for example. Or is it the same?
What can I do to disable the lock easily without compromising function of my luggage and without voiding the warranty?
What about legal aspect of you purchasing the luggage expecting certain lock security. And later you find out that anybody can produce a key to open your luggage? can I contact manufacturer of my luggage and ask them to replace the lock because it is compromised now?
> TSA Lock - provides additional peace of mind when checking belongings, but can still be easily accessed by TSA agents in the event the case needs to be searched.
So compromised by design. So nothing has really changed, it was compromised then, it is compromised now. In either case most luggage can be opened with a ballpoint pen, by just force separating the zipper.
I myself won't waste money on a TSA lock. I want to discourage casual criminals, and I want to know if my bag was accessed, so I just purchase inexpensive zip-ties[0] in unusual colors (i.e. not white, typically orange, black, or green) and just zip tie up the bag, the TSA can cut it, but at least I'd know if they had. It is not "secure" but at least I cannot pretend it is. TSA locks can be opened without leaving any traces.
PS - Although even with a zip tie someone can open the zipper. I just assume that laziness will win out, and they'll just cut the zip tie instead.
[0] $5 on Amazon: http://www.amazon.com/TEKTON-6235-Assorted-Cable-200-Piece/d...
You could also just as easily carve this by hand.
P.S: What is this, the '80s? why is "3-D" hyphenated?
It seems likely that the uploader had the master keys in his private possession for a long time, but only decided to upload the pictures due to the keys being leaked anyway.
The other option is to buy s $3 padlock at your hardware store and risk TSA breaking out the bolt cutters. Cheaper than a beer in coach.
A ball point pen works great too. :)
It isn't unrealistic at this point though to put a camera and a battery into luggage and just have it record the entire trip.
Instead I put an easily breakable cable tie on the zips as a tamper evident seal. The one time I've had a bag come back with it missing has been the time the TSA decided to inspect my bags.
vs a lock, which somebody can open and re-lock and I'd be none the wiser.
As a joke I would put those notes they leave when they inspect your bag in there. I was up to 22 of them when one stickler agent throw them all away except the new one. I was sad. It was fun to imagine them opening that bag every time I flew.
Besides that the TSA has cable ties too. It's not like you can't buy them off the shelve. In your example case the TSA clearly didn't bother spending the time to make it not look like they opened your bag, but it isn't a very reliable way to see if they opened your bag.
I do recommend if people zip tie they cut off the excess/tail so it cannot get caught in any machinery.
I've seen a lot of international frequent fliers who zip tie when they have to check bags.
I'd say what this "leak" really did was (a) show the world that real security is hard to think about, and (b) make it easier for normal folks who don't know about how locks work to impress their friends with their ninja secret agent tools.
Really, this is all just a parable for the big fight over encryption. Do you really want to trust a government agency with any kind of control over how we lock down our stuff? Newp, nope, and noooope.
There's a small number of TSA approved locks that don't use the three digit combo. Those are a bit tougher to crack.
Note that the guy is hacking away at the lock and the police show up. To tell him to not sit in an active traffic lane.
When go to/from/thru the airport, if I was with Hebrew speaking Jewish co-workers, everything would get thru in a few seconds.
There was one time I (Asian) was with Indian co-workers without the company issue security letter, we were search for 3 hours at the airport. Both of our laptop were completely disassembled and Xray multiple times. We were questioned for a long time separately by multiple people.
They must have our previous trip history base on passport record, etc. But ...
Anyway, later I asked a Jewish co-worker about is there any law in Israel about anti-discrimination base on race, color of skin, language spoken, etc. He said we always / must discriminated base on those info!
A different way for thinking compare the "official PC" view of US.
The world's full of regulations that don't work. Not an issue for the politicians who usually aren't even affected by their own mandated rules.
People and shops that are below the range of a moderately equipped machine shop can do 3d printing; a 3d printer that can make such a key from hard plastic costs less as a cheap manual milling machine that can make a similar key from metal and requires less skill to operate.