Shortly after The Washington Post inadvertently published a photo of seven TSA master keys, a group of security experts were able to copy their designs and release their 3D models online. Now, these same experts have deciphered the secrets of the eighth and last master key the agency uses even without a photo to guide them. The first seven keys are manufactured by a company called Travel Sentry, while this one is by a separate manufacturer named Safe Skies. Since the hackers didn’t have a photo of the last key, they bought as many Safe Skies locks as possible, took them apart and examined their innards. Anyone with access to a 3D printer can now reproduce all eight keys.
The hackers, who go by the pseudonyms Johnny Xmas, DarkSim905 and Nite 0wl presented their work at the 11th Hackers On Planet Earth (HOPE) Conference in New York. According to 3D Printing Industry, the trio explained that it’s not their intention to scare people — they merely want to highlight the dangers of giving a third party access to master keys, whether digital or physical.
“This was done by legally procuring actual locks, comparing the inner workings and finding the common denominator,” Xmas said at the conference. “It’s a great metaphor for how weak encryption mechanisms are broken — gather enough data, find the pattern, then just ‘math’ out a universal key (or set of keys). What we’re doing here is literally cracking physical encryption, and I fear that metaphor isn’t going to be properly delivered to the public.”