Another year, another hacker conference, another method for 3D printing keys to previously unhackable locks. That’s right, it’s an ongoing trend in the hacker community to demonstrate methods for bypassing security measures, both in the virtual world of software and the physical world of high-security locks.
This year, at the eleventh Hackers On Planet Earth (HOPE) conference in New York City, security researchers going by the names Nite 0wl, Johnny Xmas and DarkSim905 demonstrated the ability to copy a master key for Safe Skies luggage locks, used by the Transportation Security Administration (TSA) to quickly unlock luggage during clearance checks. The 3D-printable key copy was then made public, allowing anyone to 3D print the Safe Skies master key themselves.
The TSA Master Keys
While luggage locks may prevent theft during travel, this protection is only a slight hurdle in the way of quick and easy security checks on the part of TSA agents. For this reason, the agency turned to two companies, Travel Sentry and Safe Skies, to create master keys for luggage locks. With these two manufacturers producing the majority of TSA-approved locks on the market, it would be possible both for travelers to protect their belongings and for the TSA to conduct its inspections for the sake of travel safety.
As a means of demonstrating the problematic nature of giving a third party access to your security protocols—whether it be a luggage lock or an iPhone passcode—the three hackers created their own master key for bypassing locks made by Safe Skies. To do so, Nite 0wl and Johnny Xmas purchased a wide variety of Safe Skies locks and found the common pattern that would open multiple locks.
In an interview with CSO Online, Nite Owl explained, "The big breakthrough was when I acquired several Safe Skies locks that used wafer-tumbler mechanisms instead of pin-tumbler mechanisms, because of the different mechanical design I was able to work out the master key cuts very quickly and then confirm that the key worked on all of the sample locks I had.”
To break Pandora’s box open further, the hackers converted the master key design to a 3D-printable model and uploaded the design to GitHub. Though the master key is now publicly accessible, Johnny Xmas pointed out that the same manual process employed by the hackers could be pulled off by any lockpicker.
"This was done by legally procuring actual locks, comparing the inner workings and finding the common denominator. It's a great metaphor for how weak encryption mechanisms are broken—gather enough data, find the pattern, then just ‘math’ out a universal key (or set of keys). What we're doing here is literally cracking physical encryption, and I fear that metaphor isn't going to be properly delivered to the public," he said.
Hacking Your Keys
This is actually the eighth such master key that has been compromised by the hacker community. Last year, seven other keys for Travel Sentry locks were made publicly available by a French security researcher with the nickname Xylitol. Xylitol had an easier time of replicating the keys, as the Washington Post actually published high-resolution photos of the keys (later removed) in an article related to the TSA’s most recent security measures.
Studying the key cuts, the hacker was able to quickly create 3D printable CAD models that were subsequently uploaded to GitHub. Soon after the story of Xylitol’s hack went out, a Montreal-based 3D printer owner was able to print one of the keys and successfully test it on a TSA-approved luggage lock.
OMG, it's actually working!!! pic.twitter.com/rotJPJqjTg
— Bernard Bolduc (@bernard) September 9, 2015
This is not the only instance in which keys have been illegally copied with 3D printing. In 2013, MIT students David Lawrence and Eric Van Albert released a program capable of copying high-security keys for Schlage’s Primus-brand locks, associated with government facilities and detention centers. All that it would take to copy them was the original keys, a flatbed scanner and a 3D printer.
In fact, numerous individuals have copied keys with 3D printing, some using photos of the keys alone. The practice even saw some commercialization with digital locksmithing services popping up around the time that these stories began to spread. The fact that digital lockpicking has been replicated so many times in so many different ways suggests that it may not go away any time soon.
The Implications of Digital Lockpicking
Johnny Xmas elaborated on the meaning behind the most recent key hack, saying, "The point we were trying to make, which everyone involved stated very clearly over and over again, was that this was all an act of civil disobedience in order to create an excellent metaphor for the general public to better understand the inherent dangers of trusting a highly-targeted third-party to have the tools necessary to grant unfettered access to your stuff.”
The relevance of the story to the Fourth Amendment of the U.S. Constitution, related to illegal search and seizure, has parallels in the recent dispute between Apple and the FBI, in which the federal agency demanded backdoor access to the encrypted data on a suspect’s iPhone. By granting an agency like the FBI or TSA the ability to break into a customer’s belongings, a company like Safe Skies may unintentionally provide unfettered access to that customer’s privacy. Whereas Apple was steadfast in opposing the FBI, Safe Skies and Travel Sentry have openly complied.
The two cases have recently met in the most unusual way when Michigan police made a request to computer scientists at Michigan State University to 3D print a model of a fingerprint in order to unlock a victim’s iPhone in order to solve a murder investigation. The police had access to the victim’s fingerprints due to a prior arrest, but could not use a fingerprint alone to unlock the phone due to the touch-capacitive nature of the screen. To activate the capacitive sensors, the school’s lab is working to coat the print in metallic particles. The story is still in development, but the lab aims to hand the 3D-printed fingerprint over to the authorities in the coming weeks.
From a privacy perspective, the issue is a complex one that expands far beyond iPhones and luggage and ventures into the troubling revelations of Edward Snowden. In a world in which government agencies, corporations and organized hackers have access to our personal information, what can we do to protect ourselves? Once artificial intelligence programs are used by the aforementioned parties to get around existing safety protocols, is there any protection left?
While we attempt to answer those questions, lock manufacturers have some more immediate and tangible problems to solve—like developing locks that can’t be hacked so easily with 3D printing.