Friday, January 19, 2018
TSA Master Keys
TSA Master Keys can unlock any brand "Travel Sentry" (https://www.travelsentry.org/us/) lock, no matter if it's from Master Lock, Brinks, Samsonite, American Tourister, Stanley, or any other manufacturer.
These locks were not really intended to provide you with security while traveling, rather they are intended to give the government (the TSA) a way to bypass your security. The shackles on Travel Sentry locks are so thin that they can be easily cut. The locks are very easily picked, and if you have a high-resolution picture of the master keys (as shown here - https://imgur.com/a/JQD7l - click on each picture for high resolution) you can easily make your own set of master keys.
TSA recommends that you use Travel Security locks, so that they are able to easily open your luggage for inspection. The problem of course is that when you give the government a way to bypass your security (ostensibly for a valid purpose) you also provide criminals a way to bypass your security, as well.
The hacking of the TSA Master Keys is a powerful example of the problem with creating government backdoors to bypass security, physically or digitally. Most security experts and computer scientists believe backdoors for law enforcement inevitably make systems less secure, and easier for criminals to break into.
Recently the FBI has been trying to convince technology companies to design some sort of special way for its agents to access encrypted communications on digital devices. But companies including Apple and Google have resisted this pressure, insisting that developing backdoors will only weaken security that they have worked hard to improve for the sake of average customers around the world.
The fact that TSA Master Keys are available to anyone goes to prove the stupidity of key escrow (the arrangement in which keys needed to decrypt communications are held in escrow to be accessed by a third party if necessary).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.