The TSA Keys Leak: Government Backdoors and the Dangers of Security Theater

Presented at The Eleventh HOPE (2016), July 23, 2016, 11 p.m. (60 minutes)

In late 2015, hackers revealed yet another threat to American privacy, but this time it hit far closer to home than credit cards and Social Security numbers. The master keys the TSA uses to inspect all luggage being placed on an airplane were now available to anyone with a 3D printer! Three of the primary contributors to the leak and the subsequent reproduction of those keys will discuss their trials and tribulations during the event, including why government backdoors like key escrow are a <em>really bad idea,</em> the preposterousness of 3D printing keys in the first place, how the media completely missed the point of the entire operation, and how journalism doesn't actually even exist anymore. This will be a comprehensive discussion of literally every aspect of the TSA keys leak from top to bottom, including the release of previously undisclosed research. No talk of this magnitude has been given at any con on this topic! Notice: This talk will include the first public release of a <em>brand new master key!</em>

Presenters:

• Johnny Xmas
  Johnny Xmas is a penetration tester for RedLegg, based in Chicago, and has been speaking internationally on the topics of information security, career advancement, and social engineering for nearly 15 years, both in and very far outside of the information security community. His infamous mixture of humor, raw sincerity, and honest love of people lead to hilarious - but at their core serious - discussions revolving around our inherent desire to get in our own way.
• Nite 0wl
  Nite 0wl has been picking and bypassing locks since kindergarten and continues to do this at his own expense. He has spoken on communications and physical security at The New York Times as well as at various less formal events. You may have recognized him in his recurring role as "sleep deprived volunteer who is outweighed by his beard" at previous HOPE conferences or at various TOOOL lockpicking villages.
• DarkSim905
  DarkSim905 is founder of TOOOL New Jersey and has experience in instructing individuals on lockpicking, increasing their physical and virtual security posture. His particular interest is in bypass techniques and augmenting 3D designs to assist in generating keys for high security systems. Professionally, he is a sysadmin and Infosec goon. Curator of the #TSAkeys hashtag and living timeline, when not roaming the conference he can be found at the TOOOL lockpick village.

Links:

• https://xi.hope.net/schedule.html#-the-tsa-keys-leak-government-backdoors-and-the-dangers-of-security-theater- (Conference Schedule)
• https://infocon.org/cons/2600/The Eleventh HOPE (2016)/The Eleventh HOPE (2016) - TSA Keys Leak Government Backdoors and the Dangers of Security Theater.srt (subtitles)
• https://infocon.org/cons/2600/The Eleventh HOPE (2016)/The Eleventh HOPE (2016) - TSA Keys Leak Government Backdoors and the Dangers of Security Theater.mp4
• https://www.youtube.com/watch?v=R3j6qSvMflE

Similar Presentations:

• DEF CON 21 (2013) / Key Decoding and Duplication Attacks for the Schlage Primus High-Security Lock
• Nuit du Hack 2015 / 3D Printing is a threat to your keys
• 32C3 (2015) / Replication Prohibited: 3D printed key attacks