Locking Your Luggage isn't Actually Secure

While I travel a lot, it's pretty rare that I run across anyone who locks their luggage anymore. Then again, I also never check my luggage anymore either, so I wouldn't have much chance to notice if people are indeed locking their checked luggage. Putting a lock on your luggage may make you feel secure, but the reality of the situation is that with today's technology, TSA locks are not secure at all.



We now live in a world where someone could take a picture of your key, to luggage, your home or any other place we use this aging security method. A single picture of your key, even a low resolution one, is now enough from someone to mock up and quickly 3D print a copy that will work on your lock. While that sounds scary, the one thing going for your here is that there are a lot of people in the world and rarely if ever does this happen. Everyone has multiple keys to all manner of things and getting a picture and then 3D printing a key and then getting into your house or whatever it may be is still difficult and time consuming.

This may not be so true when it comes to locks on your luggage. Why is this the case though? All luggage locks now are compatible with the TSA master key. This allows TSA agents to access a piece of luggage even if it is locked. There in lies the problem, the TSA agents have master keys to everyone's luggage. This is similar to having a backdoor into security software. If there is a key that allows a set group of people to access every conceivable lock, then why try to copy each individual lock, they've given you a master key build right in that is a better option to copy. 

That is exactly what has happened. Security researchers have been able to reverse engineer the TSA master key, probably not a difficult task really, and 3D print a working master key. After a 2015 security breach, all the previous keys were exposed and known to the world. Now the 8th and most recent one has been reverse engineered and released by researchers to make a point. Master key's are a bad idea, they present a massive security loophole and should never be used.

The lesson that needs to be taken away here is that just because something feels secure, or make you feel like it is providing protection, doesn't actually mean it is.