The US government has always been for maintaining a set of keys as a precaution in case of anything. It has been its modus operandi as far as security goes.

From the time of the Clipper chip to date, there has always been a need for some kind of back door into encryption. Unfortunately for the TSA, this seemed to have gone wrong.

The TSA allows people to use its special suitcase locks that won’t pose any problems for their screening equipment at the airport. These locks can only be opened with any one of seven keys that only the TSA has access to.

TSA Master Keys cloned

This changed in 2014. In one article done by the Washington Post, an image of the keys was published by one reporter. Within a short time almost all the seven keys were accessible to the public as data, ready for 3D printing.

During the HOPE Conference that took place in New York in the third week of July 2016, the team of hackers responsible for the hack stated why and exactly how they pulled off the feat. The trio includes DarkSim905, Johnny Xmas, and Nite 0wl.

We did this by first acquiring one of the TSA locks through legal means. We then analysed the internal system of the locks and came up with the common denominator. It goes to show how vulnerable physical encryption systems can be.

Security Experts tsa

Just get as much data as you can, trace out the pattern, then come up with a master key,” stated Johnny Xmas. “What we did here is, in other words, hacking physical encryption. The problem is that most people won’t understand this metaphor.”

For those that may take an interest in the keys, they can be accessed here and printed using a 3D printer.

The TSA, in a statement, said they did not see the hack as a threat. They said, “The alleged creation of keys to our locks using 3D printers does not represent a security problem on our part. These locks are there merely to give people ‘peace of mind’. We have other serious security measures.”

What this means is that the locks are not necessary at all. If you like, you may not use them and still be safe.

logo hackers news bulletin



This site uses Akismet to reduce spam. Learn how your comment data is processed.