![]() ![]() Most security experts and computer scientists believe backdoors for law enforcement inevitably make systems less secure, and easier for bad actors to break into. University of Pennsylvania computer science professor Matt Blaze told Wired that he sometimes picks his own TSA-recognized lock to save time looking for the actual key, because it’s faster.Ĭhris McGoey, a security consultant specializing in travel safety, told the Intercept that “there are several ways of opening TSA locks short of having a 3D printer.” He explained that “TSA locks on luggage is only one step above having no lock at all especially on soft-sided luggage with zippers.”Īlthough the actual impact remains unclear, the hacking of the master keys is a powerful example of the problem with creating government backdoors to bypass security, physically or digitally. Security experts, by comparison, have long recognized that TSA locks do not fully protect your belongings. “There’s nothing in that blog post about ‘peace of mind’” being the reason for the locks, Soghoian told The Intercept. Soghoian described that post as an example of TSA “lying to consumers” in a tweet. Over the years, TSA has published various blog posts trumpeting the power of the locks to prevent all theft, writing, for instance, that the locks “will prevent anyone from removing items out of your … bags.” “There’s a difference in how TSA talks about the locks to travelers and the statement they made,” said Chris Soghoian, chief technologist for the American Civil Liberties Union, after hearing the TSA’s statement to The Intercept. TSA’s nonchalant response to the proliferation of master keys is at odds with how the agency has historically advertised the approved locks. Since the files were first published, several people have demonstrated that they work, using inexpensive 3D printing plastic called PLA. Steven Knuchel, a hacker/security researcher who goes by Xylitol or Xyl2k, used the detailed images obtained from the Travel Sentry website to create the kind of files that 3D printers use to produce models. It does not sell or manufacture locks itself. Travel Sentry is the organization responsible for generating and enforcing security guidelines for TSA-approved locks, working with both the government and private manufacturers to guarantee its standards are being met. Sheikhzadeh told The Intercept that anonymous hackers inspired by the Washington Post photos found a 2008 “Guide to Travel Sentry Passkeys” posted on Travel Sentry’s website. Then, according to his self-published timeline, Shahab Shawn Sheikhzadeh, a system administrator and lockpicker, obtained an official-looking document with even more detailed imagery. ![]() The photos were removed from the Post’s website, but not before privacy devotees spread the images far and wide. What no one had previously noticed was that the article included close-up photos of the “master keys” to TSA-approved luggage locks - which it turns out, are really easy to copy, as long as you can see the pattern of the teeth and have access to a 3D printer. Last month, security enthusiasts and members of a lockpicking forum on Reddit began circulating a nearly year-old Washington Post story about “the secret life of baggage,” and how the TSA handles and inspects airport luggage. In fact, the vast majority of bags are not locked when checked in prior to flight.” In addition, the reported availability of keys to unauthorized persons causes no loss of physical security to bags while they are under TSA control. “Carried and checked bags are subject to the TSA’s electronic screening and manual inspection. ![]() “These consumer products are ‘peace of mind’ devices, not part of TSA’s aviation security regime,” England wrote. “The reported ability to create keys for TSA-approved suitcase locks from a digital image does not create a threat to aviation security,” wrote TSA spokesperson Mike England in an email to The Intercept. Now that they’ve been hacked, however, TSA says it doesn’t really care one way or another. When the locks were first introduced in 2003, TSA official Ken Lauterstein described them as part of the agency’s efforts to develop “practical solutions that contribute toward our goal of providing world-class security and world-class customer service.” The TSA-recognized luggage locks were a much-vaunted solution to a post-9/11 conundrum: how to let people lock their luggage, on the one hand, but let the TSA inspect it without resorting to bolt cutters, on the other. In a spectacular failure of a “back door” designed to give law enforcement exclusive access to private places, hackers have made the “master keys” for Transportation Security Administration-recognized luggage locks available to anyone with a 3D printer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |