OMG, it’s actually working!!! pic.twitter.com/rotJPJqjTg
— Bernard Bolduc (@bernard) September 9, 2015
Within hours of the their upload, someone had already downloaded, printed, and successfully tested a key, much to the surprise of Xylitol, the Github user who first published the files. “Honestly I wasn’t expecting this to work, even though I tried to be as accurate as possible from the pictures. I did this for fun and don’t even have a TSA-approved lock to test,” he wrote in an email to Wired. “But if someone reported it that my 3D models are working, well, that’s cool, and it shows…how a simple picture of a set of keys can compromise a whole system.”
Indeed, the relative ease and speed with which the entire baggage key system has unraveled drives home the point that in today’s digital age, security is often little more than an illusion. Locking your bag, when it comes down to it, may make you feel better, but when it comes to protecting its contents, well…let’s just say that’s not a guarantee.
Shahab Sheikhzadeh, a New Jersey-based security researcher who assisted Xylitol with his Github work told Wired, “We’re in a day and age when pretty much anything can be reproduced with a photograph, a 3-D printer, and some ingenuity.” And even though the photograph wasn’t live for very long, when it comes to the Internet, everything is immortal.
It’s a growing problem, but one that is difficult to address. As the Electronic Frontiers Foundation warned: “There is no way to put in a backdoor or magic key for law enforcement that malevolent actors won’t also be able to abuse. Any key, even a golden one, can be stolen by ne’er-do-wells. Simply put, there is no such thing as a key that only law enforcement can use – any universal key creates a new backdoor that becomes a target for criminals, industrial spies, or foreign adversaries.”
