How A Photograph & A Bad Decision Made Millions Of TSA Approved Luggage Locks Useless
Sep 11, 2015
Tiffany Mueller
Tiffany Mueller is a photographer and content strategist based in Hawi, Hawaii. Her work has been shared by top publications like The New York Times, Adobe, and others.
Share:
A good photograph has the power to stop us in our tracks, take our breath away, inspire us, make us wish we were there, standing inside of it. It’s true, the power of photography is magnificent. Unfortunately, it’s magical powers are sometimes used in ways that are not quite so inspirational. Like last year, when a 31-year old hacker who works under the name”Starbug”, claimed he could recreate a person’s fingerprints using just a few images from a “standard photo camera”, which proved by duplicating the fingerprints of German defense minister, Ursula von der Leyen.
In the same presentation, Starbug demonstrated how embarrassingly easy it is to trick facial recognition software using printed out photographs. Strabug’s work prompted an international conversation on security and how rapidly evolving camera tech is causing new concerns about the way criminals can use photography to commit crimes.
Now, the latest security breach brought about by a photograph has created a massive problem for TSA and travelers. In September of 2014, the Washington Post ran a story titled The Secret Life of Baggage: Where Does Your Luggage Go At The Airport, which featured a photograph of set of master keys TSA uses to access luggage locks on baggage–the locks TSA requires travelers to use if they wish to lock their baggage.
In August of this year, Washington Post pulled the photo from the article as soon as reports began popping up that France based individual who calls himself Xylitol, used the image to make CAD files that would allow anyone with a 3D printer to print their own master keys. Xylitol then posted his files to Github, free for anyone to download.
Xylitol told Wired,
“Honestly I wasn’t expecting this to work, even though I tried to be as accurate as possible from the pictures. I did this for fun and don’t even have a TSA-approved lock to test. But if someone reported it that my 3D models are working, well, that’s cool, and it shows…how a simple picture of a set of keys can compromise a whole system.”
Though Xylitol hadn’t tested his work out himself, within hours of posting the CAD files, a Montreal based man by the name of Bernard Bolduc had printed out one of the keys in about 10 minutes using cheap PLA plastic and a 3D printer. When he put the key to the test on one of his own TSA approved locks, sure enough, the lock popped right open as he demonstrated in this Twitter post:
OMG, it’s actually working!!! pic.twitter.com/rotJPJqjTg
— Bernard Bolduc (@bernard) September 9, 2015
Think Before You Shoot
As far as photographers go, it can be hard–if not impossible–to always control who happens to get their hands on your work. But, you can control what you are taking photographs of. In this case, I can’t help but wonder what the photographer, the Washington Post, and TSA thought was going to happen when they chose use a photo that comes with such obvious security concerns.
[ via Wired ]
Tiffany Mueller
Tiffany Mueller is a photographer and content strategist based in Hawi, Hawaii. Her work has been shared by top publications like The New York Times, Adobe, and others.
Related Posts
Arizona Real Estate Photographer Is First To Be Approved By FAA To Use Drones For Aerial Photography
Panasonic S1H becomes the first Netflix-approved mirrorless camera
Flying with gear? You may soon be able to keep it in the carry-on luggage thanks to new scanners
New airport hand luggage scanners will destroy your unprocessed film
Join the Discussion
DIYP Comment Policy
Be nice, be on-topic, no personal information or flames.
20 responses to “How A Photograph & A Bad Decision Made Millions Of TSA Approved Luggage Locks Useless”
Did anyone think these tiny locks were secure anyway?
No.
lol, valid point! :)
As someone who used to work at the airport I can assure you that luggage locks are about as effective as a condom made out of kleenex.
Locks only keep the honest people out.
Can TSA fuck up anymore??? What a total waste of our money…
Hackers say for years that you shouldn’t use fingerprints for any related to security. Nobody listens though and we get fingerprints in phones, notebooks and passports… We needed some drastic measures to talk some common sense into people. And Mr. Brimm already said all there is to say about those locks ^^
So in conclusion I’d say, if your security system can be breached by a few photographs, you don’t have a security system.
Anyone who thought such widely distributed locks with a handful of master keys provided any kind of security had to have been seriously deluded.
There are more ways than just taking a photo of the keys to generate master keys.
TSA is security theater, nothing more. Oh, that and a yet another excuse for a government employees union.
such a perfect viral ad for sony :)
“Think before you shoot.” Nah, don’t. Keep shooting and expose false security for what it is.
best comment from the article “As someone who used to work at the airport I can assure you that luggage locks are about as effective as a condom made out of kleenex.”
You could easily see this as a way to show how weak those systems are, and how important it is to photograph and make public such situations to force those companies to improve their security measures… or at least so that public is aware of how much security it’s really providing.
Washington Post probably did it by mistake though, but at least it exposed the situation.
Would you rather get the report from someone who’s warning about the flaws, or later on when you are using said “security” systems and somehow get them bypassed easily without knowing exactly how?
Yes, you gotta think about shooting when it comes to ethics and such… but this isn’t the case here. Good locks should not have master keys, and TSA is a joke.
In any case, it has been proven that locks on most types of common baggages do nothing to improve security, so be aware of that too. If you don’t know about it… well, here:
https://www.youtube.com/watch?v=zMTXzQ0Vqn8
Case in point: if your luggage has standard zippers, putting a lock there does absolutely nothing. I’m not sharing priviledged information here too… anyone working around luggage already knows this. If you are carrying anything of value inside you luggage, I highly recommend to either get cases that prevent this sort of tampering, find a way to lock the stuff inside your luggage alternatively, or just put it in your carry on baggage.
I would argue that this is exactly the kind of image that gives photography its journalistic power. This isn’t a matter of someone taking a bad picture or picture that should have been kept secret. This is a matter of revealing that security through obscurity is dangerous. The world is better off when vulnerabilities are shared. Not kept hidden. Case and point: A TSA lock implies your traveling, right? Staying at a hotel? Do you keep your TSA lock on your bag at the hotel? Do you lock your hotel door? Did you know http://www.extremetech.com/computing/133448-black-hat-hacker-gains-access-to-4-million-hotel-rooms-with-arduino-microcontroller ?
Josh Eddy
“Think before you shoot?”
BULLSHIT…..
expose the weaknesses and absurdities and get them fixed.
security through obscurity, isn’t security….
I totally agree!
This is a perfect example of why there should not be a back door in encryption.
My favorite is people who pay to get their luggage wrapped in plastic.
If someone wanted to steal something, they could just cut the plastic, take what they wanted and then wrap the luggage back in plastic.
The thieves already knew this. Now everyone knows.
1. TSA requires all “approved” locks to have a backdoor.
2. Photographer makes backdoor public knowledge.
3. Hilarity ensues.
Lesson learned: backdoors are BAD.