The TSA has long dictated certain “blessed” locks that only it could pick. You know, in case they need or want to open your baggage. For national security, of course. The TSA is able to accomplish this thanks to a set of master keys that can open any TSA-certified luggage lock. Thanks in part to a blunder by Washington Post, however, those keys have now leaked all over the Internet, which doesn’t really forget, giving anyone the keys to all such locks. Pun totally intended.
Big deal, these are just pictures right? Sadly, unlike what spy movies might have you believe, all it really takes is a quality picture of a key to make a duplicate. It is the particular pattern of the teeth that define the unlock pattern and not the whole key itself. The keys were first shown in all their glory in a Washington Post story on the TSA’s airport checks. Since then, various copies of the image has floated around the Internet, as well as a different set of the keys shown in full.
Thanks to the nature of the Web, those photos have now probably landed into the hands of everyone, including the very people that the TSA are fighting against. This means that anyone and everyone who is able to make a working duplicate based on those photos can open luggages without leaving any trace of unauthorized access. In short, TSA’s master keys have just been rendered useless.
More than just the leak of the keys themselves, some are using this incident to point out one critical flaw in the government’s line of thinking. Backdoors are inherently insecure and incidents like this are bound to happen. That is true whether with physical locks like the TSA’s or, more importantly, cryptographic ones. The US government, particularly the NSA and the FBI, has been pushing to include backdoor access to software and networks. But every backdoor will have a master key, something that hackers and criminals will always be on the hunt for. And once those keys have been made public, it will be fair game for everyone.