3D Printed Keys

3D Printed Keys

Callie

Jul 25th, 2017

Have you ever lost a key, forgot the combo or just felt like committing a crime? Well, cracking TSA approved locks just got even easier. (We do not support criminal lockpicking. Please do not commit a crime… seriously).  

Thanks to a series of leaked images and a clever maker, the key to every TSA lock is a simple 3D print away. Not that these locks weren’t already a mirage of security but an anonymous maker has uploaded the CAD files of the TSA’s master keys to Github. The designs were lifted from a Washington Post image that was accidentally released in an article about the “secret life” of baggage in the hands of the TSA.  

Nick Lolopulos, education and technology director at the Idea Foundry printed the CAD files after a member expressed frustration trying to keep and coordinate a variety of locks and combos. Will Nickley, program director at Safety Third Racing provides a program in which children solve puzzles to unlock a treasure box. Will may be keeping track of up to 7 different locks and combinations all at once. As a solution to keeping every lock and combo correctly organized, Nick and Will began looking for a master key. Just a short google search away was the perfect solution for Will and the rest of us who forget our keys regularly or for those with less than admirable intentions.  

The very existence of a master key controlled by a government agency raises serious security and privacy concerns--particularly when it can be so easily leaked and hacked. It was a mistake to allow the keys to be photographed.  It’s best practice to keep high-security keys out of sight and certainly away from cameras. Prisons, for example, keep cell keys out of plain view. These days you can even get your house key duplicated from a picture on your phone. The photo leak followed by the release of CAD files demonstrates just how fast a small error can turn into a large security compromise.

The application of a master key has recently made headlines in the world of digital security as well. Bill Sempf, application security architect, and Idea Foundry locksport instructor explains:

“The encryption used by devices like the iPhone or Nexus devices, or operating systems like Windows and Android, or apps like Signal or WhatApp, were a topic of some debate after a few recent terrorist instances.  The government started making noise about maintaining a copy of the private key used to encrypt the messages, a master key of sorts. This would allow them, or anyone else, to decrypt the messages on the devices. The parallel isn't perfect, but it is close enough - they clearly can't hold on to data any more than they can hold onto the physical keys (Snowden, OPM) and that leads one to worry.”  

Darksim905, one of the three original security experts to help clone the keys explains that

"The motivation was to shed light on how having a master key or back door to any system where there is implicit trust, is a bad idea. Once you lose the security of a system you rely on for privacy, you realize how vulnerable you are & how easy it is to abuse that broken trust. [My] hope is that either people take their personal security a bit more seriously by getting locks that no one has the keys to & taking the steps necessary to protect themselves."

In conclusion, you probably shouldn't trust the TSA approved locks and you should be wary of anything with a master key. Accidents happen, leaks happen and we can't afford to compromise on security.  But hey, this master key does solve Will’s multi lock coordination issue so thanks to all parties involved!    

 

Learn more about our 3D printing services by contacting nick@ideafoundry.com

Come to a Locksport Meetup: https://app.getoccasion.com/p/n/ag9hakcj

Check out the Thingiverse files Here: https://www.thingiverse.com/thing:1687424