TSA luggage master keys have been compromised
TSA-approved luggage locks are no longer secure as anyone can 3D print the master keys from freely available CAD design files Reuters

The Transportation Security Administration (TSA) agency in the US has unwittingly given criminals easy access to TSA-approved luggage locks, after a media image of the organisation's universal master keys inspired lock pickers to design their own 3D printable versions and put the files on the internet for anyone to download.

It all started with a Washington Post article published on 24 November 2014 that looked at what happens once your luggage is checked in at US airports, how the TSA decides which bags to check and a run through of the types of technology used to check the bags. For some reason, the TSA allowed the Washington Post to publish a clear picture of its master key patterns that enable its security officers to unlock virtually any type of luggage in the world.

Perhaps realising that this wasn't the smartest of ideas, the Washington Post removed the photo of the master keys from its website at some point (we don't know when). However, the paper sold the article and its accompanying images to a local newspaper in Everett, Washington, called The Daily Herald, which published it on 30 November 2014.

Your TSA luggage locks are no longer safe

A redacted image of the TSA keys
A redacted image of the TSA master keys that were published in the Washington Post IBTimes UK / Washington Post

The picture continued to be visible to anybody on the internet on the Daily Herald website, until an enterprising individual pointed it out and posted the issue on Reddit on 21 August, more than nine months after the article went live. The image clearly shows the different shapes of the TSA master keys, making it simple for an enterprising locksmith to duplicate.

And of course, being the internet, on Wednesday 9 September, security enthusiasts and lock picking hobbyists decided that the keys should be recreated as 3D printable CAD files and uploaded to Github where anyone can download them.

The hobbyists claim that they posted the CAD files to Github without checking whether they worked, but people on Twitter have already printed out copies and proved that at least one of the key replicas does work on an approved TSA lock.

"Honestly I wasn't expecting this to work, even though I tried to be as accurate as possible from the pictures. I did this for fun and don't even have a TSA-approved lock to test," Xylitol, the Github user who published the files, told Wired. "But if someone reported it that my 3D models are working, well, that's cool, and it shows...how a simple picture of a set of keys can compromise a whole system."

Seeing that TSA-approved luggage locks are used by millions of US travellers in order to avoid their bags being damaged, since the TSA has to cut off conventional padlocks and unapproved locks during security checks, this presents a pretty big issue to pretty much anyone in the world who is using a bag or padlock that can be unlocked using one of the universal master keys.