Hacker Easily Cracks TSA-Approved Luggage Locks

Advertising Disclosure: When you buy something by clicking links on our site, we may earn a small commission, but it never affects the products or services we recommend.

Image Not Available

Your TSA-approved luggage lock may no longer keep unapproved snoops from checking out what’s inside your baggage.

Lockpickers and security enthusiasts have figured out how to use 3-D printers to reproduce Transportation Security Administration master keys, and they posted the instructions on Github. The TSA, however, told Money Talks News the reproductions are not a security threat and that the locks are merely for travelers’ “peace of mind.”

The key designs were derived from photos originally published online last fall with a Washington Post story about “The secret life of luggage” behind the scenes at airports.

The photos were deleted recently, but not before they were copied and distributed.

As Wired magazine reported this week, shortly after the key designs were posted, people began reporting they had success replicating the master keys and using them on TSA-approved locks.

“OMG, it’s actually working,” tweeted Bernard Bolduc, who also posted a video he said showed the key unlocking a TSA-approved lock.

Bolduc, from Montreal, Canada, told Wired he printed a key in five minutes on his PrintrBot Simple Metal printer using cheap PLA plastic.

Image Not Available
The master key design posted at Github for TSA-approved luggage locks.

“Honestly I wasn’t expecting this to work, even though I tried to be as accurate as possible from the pictures,” said the Github user known as Xylitol, who posted the printer instructions, in an email to Wired. “I did this for fun and don’t even have a TSA-approved lock to test.”

The TSA says it recognizes travelers want to lock their luggage to protect personal belongings but that TSA officers must be able to inspect baggage and contents when the need arises. Agents have tools for opening and re-locking baggage with accepted and recognized locks, such as Safe Skies and Travel Sentry, reducing the likelihood of damaging the lock or bag if a physical inspection is required, the TSA says.

“The reported ability to create keys for TSA-approved suitcase locks from a digital image does not create a threat to aviation security,” TSA spokesman Mike England said. “These consumer products are ‘peace of mind’ devices, not part of TSA’s aviation security regime.”

“In fact,” he said, “the vast majority of bags are not locked when checked in prior to flight.”

In theory, only the TSA or other screeners should be able to open TSA-approved locks with their master keys, according to Nicholas Weaver, a senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California. Baggage handlers and hotel staff should not be able to open TSA-approved locks, he said. But in a Lawfare blog deriding the weakness of such “backdoors” in physical and encrypted security systems, Weaver urges travelers to skip the TSA locks.

“So the TSA backdoor has failed: we must assume any adversary can open any TSA ‘lock'”, Weaver wrote. “If you want to at least know your luggage has been tampered with, forget the TSA lock and use a zip tie or tamper-evident seal instead, or attach a real lock and force the TSA to use their bolt cutters.”

Do you lock your luggage when you travel, or worry about its security? What’s your solution? Share with us in comments below or on our Facebook page.

Get smarter with your money!

Want the best money-news and tips to help you make more and spend less? Then sign up for the free Money Talks Newsletter to receive daily updates of personal finance news and advice, delivered straight to your inbox. Sign up for our free newsletter today.