That TSA-approved lock on your suitcase just got hacked

11.09.2015
It's a basic fact of life that once you publish something on the Internet, it's pretty much impossible to get it back. Now illustrating that point with painful clarity, images of the TSA's master luggage keys have been published online, meaning that anyone with a 3D printer can make their own.

It all started when The Washington Post published a story last November about "the secret life of baggage" that was reportedly accompanied -- only briefly -- by a photo of the master keys the Transportation Security Administration uses to open what it calls "TSA recognized" luggage locks.

The photo was hastily taken down, but -- predictably -- not before it was snagged and circulated. Reports about the leak began to appear last month, but it wasn't until this week that detailed blueprints showed up on GitHub.

"Security researchers have long warned of the dangers of using master-keyed locks," wrote Xyl2k, the GitHub user who posted the detailed plans.

Now, anyone with a 3D printer can create their own copies of the TSA master keys -- and create them they have, according to reports from exuberant users.

"OMG, it's actually working!!!" wrote Bernard Bolduc on Twitter, for example.

The TSA's master keys are designed to enable security officers to inspect luggage without having to cut off any locks protecting it. They work on locks created specifically for that purpose through partnerships between the agency and lock manufacturers.

"These locks are available at most airports and many travel stores nationwide," the TSA noted in a blog post early last year. "The packaging on the locks indicates whether they can be opened by TSA."

Neither The Washington Post nor the TSA responded immediately to a request for comment.

Katherine Noyes