How A Photograph & A Bad Decision Made Millions Of TSA Approved Luggage Locks Useless

Sep 11, 2015

Tiffany Mueller

Tiffany Mueller is a photographer based in Hawi, Hawaii. You can follow her Twitter here and her personal life here.

How A Photograph & A Bad Decision Made Millions Of TSA Approved Luggage Locks Useless

Sep 11, 2015

Tiffany Mueller

Tiffany Mueller is a photographer based in Hawi, Hawaii. You can follow her Twitter here and her personal life here.

Join the Discussion

Share on:

tsa-lockA good photograph has the power to stop us in our tracks, take our breath away, inspire us, make us wish we were there, standing inside of it. It’s true, the power of photography is magnificent. Unfortunately, it’s magical powers are sometimes used in ways that are not quite so inspirational. Like last year, when a 31-year old hacker who works under the name”Starbug”, claimed he could recreate a person’s fingerprints using just a few images from a “standard photo camera”, which proved by duplicating the fingerprints of German defense minister, Ursula von der Leyen.

In the same presentation, Starbug demonstrated how embarrassingly easy it is to trick facial recognition software using printed out photographs. Strabug’s work prompted an international conversation on security and how rapidly evolving camera tech is causing new concerns about the way criminals can use photography to commit crimes.

Now, the latest security breach brought about by a photograph has created a massive problem for TSA and travelers. In September of 2014, the Washington Post ran a story titled The Secret Life of Baggage: Where Does Your Luggage Go At The Airport, which featured a photograph of set of master keys TSA uses to access luggage locks on baggage–the locks TSA requires travelers to use if they wish to lock their baggage.

YouTube video

In August of this year, Washington Post pulled the photo from the article as soon as reports began popping up that France based individual who calls himself Xylitol, used the image to make CAD files that would allow anyone with a 3D printer to print their own master keys. Xylitol then posted his files to Github, free for anyone to download.

Xylitol told Wired,

“Honestly I wasn’t expecting this to work, even though I tried to be as accurate as possible from the pictures. I did this for fun and don’t even have a TSA-approved lock to test. But if someone reported it that my 3D models are working, well, that’s cool, and it shows…how a simple picture of a set of keys can compromise a whole system.”

Though Xylitol hadn’t tested his work out himself, within hours of posting the CAD files, a Montreal based man by the name of Bernard Bolduc had printed out one of the keys in about 10 minutes using cheap PLA plastic and a 3D printer. When he put the key to the test on one of his own TSA approved locks, sure enough, the lock popped right open as he demonstrated in this Twitter post:

Think Before You Shoot

As far as photographers go, it can be hard–if not impossible–to always control who happens to get their hands on your work. But, you can control what you are taking photographs of. In this case, I can’t help but wonder what the photographer, the Washington Post, and TSA thought was going to happen when they chose use a photo that comes with such obvious security concerns.

[ via Wired ]

Filed Under:

Tagged With:

Find this interesting? Share it with your friends!

Tiffany Mueller

Tiffany Mueller

Tiffany Mueller is a photographer based in Hawi, Hawaii. You can follow her Twitter here and her personal life here.

Join the Discussion

DIYP Comment Policy
Be nice, be on-topic, no personal information or flames.

Leave a Reply

Your email address will not be published. Required fields are marked *

20 responses to “How A Photograph & A Bad Decision Made Millions Of TSA Approved Luggage Locks Useless”

  1. Mr. Brimm Avatar
    Mr. Brimm

    Did anyone think these tiny locks were secure anyway?

    1. doge Avatar
    2. Tiffany Mueller Avatar
      Tiffany Mueller

      lol, valid point! :)

    3. Kay O. Sweaver Avatar
      Kay O. Sweaver

      As someone who used to work at the airport I can assure you that luggage locks are about as effective as a condom made out of kleenex.

    4. Kit Cosper Avatar
      Kit Cosper

      Locks only keep the honest people out.

  2. Steve Happy Acheson Avatar
    Steve Happy Acheson

    Can TSA fuck up anymore??? What a total waste of our money…

  3. 孟恬 Avatar
    孟恬

    Hackers say for years that you shouldn’t use fingerprints for any related to security. Nobody listens though and we get fingerprints in phones, notebooks and passports… We needed some drastic measures to talk some common sense into people. And Mr. Brimm already said all there is to say about those locks ^^

    So in conclusion I’d say, if your security system can be breached by a few photographs, you don’t have a security system.

  4. David DiCarlo Avatar
    David DiCarlo

    Anyone who thought such widely distributed locks with a handful of master keys provided any kind of security had to have been seriously deluded.

    There are more ways than just taking a photo of the keys to generate master keys.

    TSA is security theater, nothing more. Oh, that and a yet another excuse for a government employees union.

  5. Galip Kürkcü Avatar
    Galip Kürkcü

    such a perfect viral ad for sony :)

  6. Matthew Hanson-Weller Avatar
    Matthew Hanson-Weller

    “Think before you shoot.” Nah, don’t. Keep shooting and expose false security for what it is.

  7. Steve Johnson Avatar
    Steve Johnson

    best comment from the article “As someone who used to work at the airport I can assure you that luggage locks are about as effective as a condom made out of kleenex.”

  8. Renato Murakami Avatar
    Renato Murakami

    You could easily see this as a way to show how weak those systems are, and how important it is to photograph and make public such situations to force those companies to improve their security measures… or at least so that public is aware of how much security it’s really providing.

    Washington Post probably did it by mistake though, but at least it exposed the situation.

    Would you rather get the report from someone who’s warning about the flaws, or later on when you are using said “security” systems and somehow get them bypassed easily without knowing exactly how?

    Yes, you gotta think about shooting when it comes to ethics and such… but this isn’t the case here. Good locks should not have master keys, and TSA is a joke.

    In any case, it has been proven that locks on most types of common baggages do nothing to improve security, so be aware of that too. If you don’t know about it… well, here:

    https://www.youtube.com/watch?v=zMTXzQ0Vqn8

    Case in point: if your luggage has standard zippers, putting a lock there does absolutely nothing. I’m not sharing priviledged information here too… anyone working around luggage already knows this. If you are carrying anything of value inside you luggage, I highly recommend to either get cases that prevent this sort of tampering, find a way to lock the stuff inside your luggage alternatively, or just put it in your carry on baggage.

  9. Miles F. Bintz II Avatar
    Miles F. Bintz II

    I would argue that this is exactly the kind of image that gives photography its journalistic power. This isn’t a matter of someone taking a bad picture or picture that should have been kept secret. This is a matter of revealing that security through obscurity is dangerous. The world is better off when vulnerabilities are shared. Not kept hidden. Case and point: A TSA lock implies your traveling, right? Staying at a hotel? Do you keep your TSA lock on your bag at the hotel? Do you lock your hotel door? Did you know http://www.extremetech.com/computing/133448-black-hat-hacker-gains-access-to-4-million-hotel-rooms-with-arduino-microcontroller ?

  10. Ben Palmer Avatar
    Ben Palmer

    Josh Eddy

  11. inerlogic Avatar
    inerlogic

    “Think before you shoot?”

    BULLSHIT…..

    expose the weaknesses and absurdities and get them fixed.
    security through obscurity, isn’t security….

    1. Wander Lima Avatar
      Wander Lima

      I totally agree!

  12.  Avatar
    Anonymous

    This is a perfect example of why there should not be a back door in encryption.

  13. Load of Truth Avatar
    Load of Truth

    My favorite is people who pay to get their luggage wrapped in plastic.

    If someone wanted to steal something, they could just cut the plastic, take what they wanted and then wrap the luggage back in plastic.

  14. Eetu Saloranta Avatar
    Eetu Saloranta

    The thieves already knew this. Now everyone knows.

  15. Deacon Blues Avatar
    Deacon Blues

    1. TSA requires all “approved” locks to have a backdoor.
    2. Photographer makes backdoor public knowledge.
    3. Hilarity ensues.

    Lesson learned: backdoors are BAD.