Publishing photos of sensitive keys, after all, is a well-understand screwup in the world of physical security, where researchers have shown for years that a key can be decoded and reproduced even from a photo taken from as far away as 200 feet and at an angle. The real security blunder, as Berkeley computer security researcher Nicholas Weaver noted after the key photos were first published, was made by the TSA and the Washington Post, who released the photos on the Post's website. Of course, none of those companies are to blame for following the TSA's master key guidelines. Now those photos have been used to derive exact cuts of the master keys so that anyone can reproduce them in minutes with a 3-D printer or a computer-controlled milling machine. Those photos first began making the rounds online last month, after the Washington Post unwittingly published (and then quickly deleted) a photo of the master keys in an article about the "secret life" of baggage in the hands of the TSA. Within hours, at least one 3-D printer owner had already downloaded the files, printed one of the master keys, and published a video proving that it opened his TSA-approved luggage lock. The TSA is learning a basic lesson of physical security in the age of 3-D printing: If you have sensitive keys-say, a set of master keys that can open locks you've asked millions of Americans to use-don't post pictures of them on the Internet.Ī group of lock-picking and security enthusiasts drove that lesson home Wednesday by publishing a set of CAD files to Github that anyone can use to 3-D print a precisely measured set of the TSA's master keys for its " approved" locks-the ones the agency can open with its own keys during airport inspections.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |