TSA Master Keys Compromised

The world wide web has set information free.  Good information and bad information. Recently the Washington Post publicized photos of the TSA’s keys on their website and that was all that was needed for people to start replicating them. When the physical key is displayed then you can mathematically deduce the cuts that need to be replicated. I offer this service for people who have a picture of their key.

The root of this problem is that the TSA relied on security through obsurity, trusting that nobody would ever slip up and publicize a picture of the key, or that the key would fall into the wrong hands. Truthfully speaking, the problem is all a bit silly considering that it would be trivial for a locksmith to take apart a TSA approved lock and make a key from the lock. The whole thing is silly because the TSA approved lock is only meant to work while the baggage is in the control of the airline or the airport security.  Even so, this is an excellent example of security through obscurity, a model which the software industry was forced to abandon decades ago when it became apparent that a lot of people with the requisite brains and time on their hands would figure out how to bypass authentication mechanisms to give their software away for free.

Now, in 2015, lock manufacturers are having to deal with this problem. Actually they have been dealing with it ever since software people started getting interested in hardware security, about ten years ago. Back then there might have even been vulnerabilities that the lock manufacturers purposely built in for locksmiths or government entities.

Published by

Bjørn Madsen

I am the Seattle locksmith you’ve been looking for. High Quality work at a reasonable price delivered in a timely fashion.