Sep 10, 2015 | By Tess

If you depend on your luggage to be kept safe during your travels by using a TSA approved luggage lock, you may want to think again! After the Washington Post clumsily published a photo of the TSA's master luggage key in an exposé on airport security and flyers' luggage, some makers took it upon themselves to design and release CAD files of the master keys based off the photo.

The files, posted to Github by a France based user who goes by the moniker of Xylitol, can be easily downloaded from the website and in mere minutes printed on any desktop 3D printer. Unsurprisingly, within hours of releasing the CAD files – apparently untested by Xylitol himself – a video surfaced of a Montreal based man, Bernard Bolduc, who had printed the files on his PrintrBot Simple Metal 3D printer using only a basic PLA material, successfully unlocking a TSA approved luggage lock.

The TSA's master key, used for the purposes of airport security and inspecting luggage, and previously only handled by TSA agents, can now be readily accessed and additively manufactured by nearly anyone with access to a 3D printer, further reinforcing the risk associated with publishing photos of keys. As Xylitol is quoted saying, "if someone reported it that my 3D models are working, well, that's cool, and it shows… how a simple picture of a set of keys can compromise a whole system."

The TSA's approved locks include such big brands as Master Lock, Samsonite and American Tourister, and these were encouraged by the Transport Security Agency to ensure the safety of people's belongings during travel while still allowing for the easy inspection of any questionable luggage. Shahab Sheikhzadeh, a security researcher, comments that, "People need to be aware that even though someone says 'use these approved locks,' don't take their word for it. We're in a day and age when pretty much anything can be reproduced with a photograph, a 3D printer and some ingenuity."

The photograph in question, though quickly removed from the Washington Post website, was evidently not taken down in time. Both the Washington Post and the Transport Security Agency have neglected to comment on the release of the master key design up until this point, but we anticipate a response soon.

While the leaking of the TSA master key is a far reaching security breach, the severity of it is still unclear, especially considering that the luggage locks affected are not the most secure in the first place and can relatively easily be lock-picked or broken. The significance of the TSA and Washington Post's mistake extends further, however, and raises more questions about the potential safety risks of 3D printing.

Of course, 3D printed weapons have been a controversial topic for years now, but this story goes to show how various the manifestations of more dangerous 3D printing can be, especially in terms of replication. It is not the first time that 3D makers have found ways to additively manufacture copies of keys, as even high-security, supposedly non-replicable keys have been re-manufactured on 3D printers.

Hopefully Xylitol's CAD key designs have again highlighted this potential risk of 3D printing and will, from now on, make organizations such as the TSA, an agency created for the sole purpose of security, more aware and careful of what information is released or published, and consumers aware of the potential vulnerabilities of the products they buy.

Posted in 3D Printing Applications

Maybe you also like:









Proteus wrote at 9/12/2015 12:25:10 AM:Once again, folks are looking at 3D Printing as the only way these things are happening. Given the SAME picture, and thd ssme CAD, someone could manufacture amey in any number of ways. The "trouble" is that 3D Printingis an easy maker tool. Really, that's it. All this is about folks being able to make stuff w/o some overriding control. Sigh. Stupid Washington Post.



