TSA luggage master keys duplicated with 3D printer

Just from the photo, which was of a hand posing with an area of master keys, some lock-picking enthusiasts were able to create files with the precise measurements of the key, which works on all the locks you’re supposed to put on your luggage at the airport.

Reports point to the source of the files as being a high-resolution picture from a Washington Post story about the US Transportation Security Administration (TSA) that was published past year – an image that has since been taken down, but is readily available online.

“If someone reported it that my 3-D models are working, well, that’s cool, and it shows how a simple picture of a set of keys can compromise a whole system”. “I did this for fun and don’t even have a TSA-approved lock to test”, a French 3-D printer who only identified himself as Xylitol wrote Wired magazine on Wednesday. The significance of the TSA and Washington Post’s mistake extends further, however, and raises more questions about the potential safety risks of 3D printing.

Of course, none of those companies are to blame for following the TSA’s master key guidelines.

I didn’t do any modifications.

Another user downloaded the file and printed a copy in about five minutes, and said it worked on the first try.

A number of amateur 3D printers have printed the skeleton keys using the blueprints, and posted photos of their successful attempts at opening Travel Sentry locks on social media.

It all started with a Washington Post article published on 24 November 2014 that looked at what happens once your luggage is checked in at United States airports, how the TSA decides which bags to check and a run through of the types of technology used to check the bags. If you use a non-TSA approved lock, you could find it cut off.

The locks are officially approved by the TSA and come with a small red triangle to identify them. Xylitol apparently released the files without testing them, but it seems that the accuracy of at least one key is no longer in dispute thanks to one Bernard Bolduc. Xylitol was helped by two other researchers in his master key project, including Shahab Sheikhzadeh, a New Jersey-based security researcher, who has detailed the timeline of events which led to the publication of the keys.