- The Washington Times - Thursday, September 10, 2015

Transportation Security Administration agents use X-ray machines and other technology to look through the bags of air travelers, but a security lapse has allowed anyone with a 3-D printer to do exactly the same.

An photo of the TSA’s set of master keys — which can open any agency-approved lock — was accidentally posted online, and digital blueprints were quickly drawn up and have since been used to replicate the keys.

Wired reported this week that plastic keys produced using a 3-D printer and designs based off of the picture have been proven to open TSA-approved locks, which the master keys can open for manual luggage inspections.

“Honestly I wasn’t expecting this to work, even though I tried to be as accurate as possible from the pictures,” said “Xylitol,” a Github user who posted the designs on the code-sharing site early Wednesday just “for fun.”

Within hours, though, Wired reporter Andy Greenberg tracked down a person with a 3-D printer who used the designs to successfully make a key of his own in minutes.

“I didn’t do any modifications,” Bernard Bolduc told Greenberg. “It worked on the first try.”

The image of the TSA’s unique key set accompanied an article on the agency published by The Washington Post last month and was quickly pulled from its website. The picture nevertheless made the rounds online, as security experts shared the image on social media while mocking the TSA for the lapse.

“All it takes to duplicate a physical key is a photograph, since it is the pattern of the teeth, not the key itself, that tells you how to open the lock. So by simply including a pretty picture of the complete spread of TSA keys in the Washington Post’s paean to the TSA, the Washington Post enabled anyone to make their own TSA keys,” Nicholas Weaver, a senior staff researcher at the International Computer Science Institute in Berkeley, California, wrote in a blog post last month.

In an email to Wired this week, Xylitol said they hadn’t tested the design yet but that any successes would demonstrate “how a simple picture of a set of keys can compromise a whole system.”

The TSA did not immediately respond to Wired’s request for comment.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide