<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=805153362943600&amp;ev=PageView&amp;noscript=1">

Why master keys suck? The TSA locks hack is a great example

[fa icon="calendar"] Jul 26, 2016 6:18:33 PM

TSA 7 master keys

So maybe you heard over the weekend that hackers had reengineered the 8th and final TSA (Transport Service Administration) master key, which opens physical locks made by Safe Skies. This, by itself, is big news, but the real takeaway is that master keys are always a huge risk in security, whether in the physical or in the virtual world.

This story started much earlier, as TSA-approved locks became common with passengers in 2003. It's not that these locks offer greater protection, they're pretty normal locks. What's peculiar about them is that they're all designed in a way that allows customs officers to unlock and lock them with master keys, i. e. without the overhead cost and time to brake stuff.

Those master keys are held in escrow, and the TSA is trusted to use them only when necessary.

Two companies are responsible for the majority of the TSA approved baggage locks and their master keys - Travel Sentry and Safe Skies.

So, logically, lock enthusiasts started fiddling with these locks as early as 2004. But 2015 was when it became really interesting and the media "smelled blood".

In late 2015, a hacker called Xylit0l managed to make 3D-printable copies of the Travel Sentry master keys using high-quality public images released by the TSA and published by Travel Sentry, as well as community-driven research. Later, hackers DarkSim905, Johnny Xmas, and MS3FGX, fixed a few of the early design flaws and shared more knowledge, and last weekend we saw the release of the final key.

Mass media locked on to the wrong point

Baggage lock

Sadly, the mass media has primarily focused on breaking into baggage, theft of valuables, etc., and completely missed the point, which the hackers complained about.

What's more striking is that journalists had a great example right before their eyes - the Apple-FBI debate, which occurred around the time of the Travel Sentry hack coverage. For those who don't know or remember about it, the FBI wanted Apple to make a master key, or a backdoor, especially for the bureau so that they can easily access iOS devices whenever necessary. And Apple rightfully said no because neither they, nor anyone else trusted the FBI's ability to protect such golden keys and use them only when really necessary.

As Johnny Xmas said during a recent interview with Salted Hash, the point isn't about "how bad men can lick your travel toothbrush" after opening your baggage with a printed key. It's about the dangers of government key escrow.

"The point we were trying to make, which everyone involved stated very clearly over and over again, was that this was all an act of civil disobedience in order to create an excellent metaphor for the general public to better understand the inherent dangers of trusting a highly-targeted third-party to have the tools necessary to grant unfettered access to your stuff," Johnny Xmas said during the Eleventh HOPE conference in New York.

Master keys are a weak element

Security weak link

As we all know, every security system is as strong as its weakest element. In this case, Travel Sentry had keys that are easily reproduced due to images, while Safe Skies had a system that could be reverse engineered because it's only protected by the concept of security through obscurity.

"It's a great metaphor for how weak encryption mechanisms are broken - gather enough data, find the pattern, then just 'math' out a universal key (or set of keys). What we're doing here is literally cracking physical encryption, and I fear that metaphor isn't going to be properly delivered to the public," Johnny Xmas commented.

Well, at least there are people and companies like us who are trying to spread the word that's worth hearing. The issue with master keys and backdoors is larger than any company in the world just like customers are larger than any company in the world. And the one who suffers the most in this case is exactly the unsuspecting individual who mistakenly feels secure.

"At its best, key escrow creates a larger attack surface and places significant, if not complete, control or your security in the hands of a third-party. How much can you trust that third-party? If they're dishonest or greedy, they can steal your property or access your sensitive information without your knowledge or consent," Nite 0wl pointed out during a recent interview with Salted Hash.

Guess what, there's a master key for standard BlackBerries

Master key for BlackBerry devices

Here's another fresh example. And be warned, this time it's not a cryptographic metaphor.

In April 2016, following a joint investigation with Motherboard, Vice announced that in 2010 the Royal Canadian Mounted Police had acquired a global master key to decrypt messages on standard BlackBerry devices.

While neither the RCMP nor BlackBerry Ltd. (formerly Research in Motion, or just RIM) confirmed that the cellphone manufacturer handed over the global encryption key, guess where the police got it from... RIM is our bet. And that's the company (well, BlackBerry Ltd.) that later showed off its privacy-focused BlackBerry Priv! What a joke! 

"According to technical reports by the Royal Canadian Mounted Police that were filed in court, law enforcement intercepted and decrypted roughly one million PIN-to-PIN BlackBerry messages in connection with the probe. The report doesn't disclose exactly where the key - effectively a piece of code that could break the encryption on virtually any BlackBerry message sent from one device to another - came from. But, as one police officer put it, it was a key that could unlock millions of doors," Vice wrote.

With this key, the RCMP intercepted and decrypted “over one million” BlackBerry messages during an investigation into a mafia slaying, called “Project Clemenza," that ran between 2010 and 2012.

It's important to note that the key compromises only standard, consumer-grade BlackBerry phonesnot ones connected to BlackBerry Enterprise Server (BES), which allows clients to run their own network of phones and keep possession of their own decryption keys.

BlackBerry Ltd. encrypts all messages between consumer phones, known as PIN-to-PIN or BBM messages, using a single global encryption key that’s loaded onto every handset during manufacturing. With this key, all these messages phones can be decrypted and read by BlackBerry Ltd. or anyone else who has the key.

Secure BlackBerry phones are not affected

Secure BlackBerry key features

This means that our Secure BlackBerry phones are safe from the master key in question or any similar case because they also use BES.

Privacy expert Christopher Parsons from Canadian security research hub Citizen Lab has confirmed that the RCMP has the ability to read anybody’s encrypted BlackBerry messages, as long as the phone isn’t linked to a corporate BES account.

"So right now, with my device, if I'm not on the [BlackBerry Enterprise Server], I'm a dead chicken," he said, as quoted by Motherboard.

On top of that, Secure BlackBerry runs a highly modified operating system - the Secure BlackBerry OS - which doesn't allow any backdoors and data leaks. And every app that comes preinstalled on Secure BlackBerry is developed by us at Secure Group to provide maximum security, privacy and reliability. For example, for messaging we provide Secure Chat that employs OTR end-to-end encryption, and for emailing we provide Secure Email, which relies on PGP end-to-end encryption.

With all that said, we hope every reader will remember the important takeaway. A key that can open many locks is called a master key. A lock that can be opened by a master key is called a bad idea.

LEARN MORE ABOUT SECURE BLACKBERRY

[fa icon="twitter-square"]

Topics: Encryption, Secure BlackBerry, cryptography, master key

Tihomir Ivanov

Written by
Tihomir Ivanov

Senior Inbound Marketing Expert