THE TSA IS learning a basic lesson of physical security in the age of 3-D printing: If you have sensitive keys—say, a set of master keys that can open locks you’ve asked millions of Americans to use—don’t post pictures of them on the Internet.
A group of lock-picking and security enthusiasts drove that lesson home Wednesday by publishing a set of CAD files to Github that anyone can use to 3-D print a precisely measured set of the TSA’s master keys for its “approved” locks—the ones the agency can open with its own keys during airport inspections. Within hours, at least one 3-D printer owner had already downloaded the files, printed one of the master keys, and published a video proving that it opened his TSA-approved luggage lock.
Those photos first began making the rounds online last month, after the Washington Post unwittingly published (and then quickly deleted) a photo of the master keys in anarticle about the “secret life” of baggage in the hands of the TSA. It was too late. Now those photos have been used to derive exact cuts of the master keys so that anyone can reproduce them in minutes with a 3-D printer or a computer-controlled milling machine.
“Honestly I wasn’t expecting this to work, even though I tried to be as accurate as possible from the pictures. I did this for fun and don’t even have a TSA-approved lock to test,” writes Xylitol, the Github user who published the files, in an email to WIRED. Xylitol, who noted that he was based in France, declined to reveal his real name. “But if someone reported it that my 3D models are working, well, that’s cool, and it shows…how a simple picture of a set of keys can compromise a whole system.”
Though Xylitol had warned Wednesday morning that he hadn’t tested the CAD files, Montreal-based Unix administrator Bernard Bolduc showed just hours later that the printable files worked as advertised. Bolduc says he printed one of keys in five minutes on his PrintrBot Simple Metal printer using cheap PLA plastic and immediately opened one of his TSA-approved luggage locks.
“I didn’t do any modifications,” he said in a phone call with WIRED. “It worked on the first try.”
Despite Bolduc’s successful test, the 3-D printed keys may still require some tweaking. On Friday, another lockpicking enthusiast who goes by J0hnny Xm4s reported on Twitter that he’d also been able to open TSA-approved locks with the 3-D printed keys, but that he’d had to change the scale of the CAD models.1
Bolduc says he doesn’t know the brand of the luggage lock he opened, but based on the “TSA” inscription on the bottom, he can conclude it is on the approved list. The problem likely extends well beyond one brand, anyway; the leaked master keys include those that open every type of TSA-approved lock made by companies such as Master Lock, Samsonite and American Tourister.
Of course, none of those companies are to blame for following the TSA’s master key guidelines. The real security blunder, as Berkeley computer security researcher Nicholas Weaver noted after the key photos were first published, was made by the TSA and the Washington Post, who released the photos on the Post’s website. Publishing photos of sensitive keys, after all, is a well-understand screwup in the world of physical security, where researchers have shown for years that a key can be decoded and reproduced even from a photo taken from as far away as 200 feet and at an angle. Neither the Washington Post nor the TSA immediately responded to a request for comment.
The Github release of those printable master key files, according to one of the lockpickers who decoded the master key photo, is meant to prove to anyone who uses the TSA-approved locks that they should no longer expect them to offer much security. “People need to be aware that even though someone says ‘use these approved locks,’ don’t take their word for it,” says Shahab Sheikhzadeh, a New Jersey-based security researcher who usually goes by the handle DarkSim905, and who helped Xylitol with his work on Github. “We’re in a day and age when pretty much anything can be reproduced with a photograph, a 3-D printer and some ingenuity.”
Even so, the TSA’s master key leak doesn’t exactly represent a critical security crisis, argues University of Pennsylvania computer science professor and noted lock picker Matt Blaze. The TSA-approved luggage locks were never very high security devices to begin with. “I’m not sure anyone relied on these kinds of locks for serious security purposes,” he says. “I find it’s actually quicker to pick the TSA’s locks than to look for my key sometimes.” (Blaze also notes that he believes that a photo of TSA’s master keys leaked earlier than the Post‘s story, though he can’t recall where and doesn’t believe they were actually published as printable CAD files until now.)
But Blaze says that the photo leak and subsequent 3-D printing demonstration does show just how quickly a theoretical slip-up can turn into a real security compromise. And he says that the TSA should have known better than to allow its master keys to be photographed. Prisons, for instance, have long kept cell keys covered on guards’ belts, he points out. “In high-security environments, it’s clear that you want people to not just take photos of your keys, but to not even look at them,” he says. “We would hope the TSA would have taken better care of their keys than they have.”
1Updated 9/11/2015 6:23pm EST with a tweet from J0hnny Xm4s noting that the printed keys worked only after he rescaled them.
Germs are everywhere. That’s what we were told in school, but how does this connect with our everyday experiences? There is perhaps no better setting to demonstrate this than where people from around the world come together as they travel between cities, states, and countries. To find out just how dirty the airports and airplanes that we rely on for business and vacation really are, we sent a microbiologist to take samples from five airports and four flights.
The general consensus from this study: Airports and airplanes are dirtier than your home (NSF, 2011). Surprisingly, it is the one surface that our food rests on – the tray table – that was the dirtiest of all the locations and surfaces tested. Since this could provide bacteria direct transmission to your mouth, a clear takeaway from this is to eliminate any direct contact your food has with the tray table. It’s also advisable to bring hand sanitizer for any other dirty surface you may touch along your journey.
To summarize, here is a ranking of the dirtiest places and surfaces on airplanes and at airports:
Tray table – 2,155 CFU/sq. in.
Drinking fountain buttons – 1,240 CFU/sq. in.
Overhead air vent – 285 CFU/sq. in.
Lavatory flush button – 265 CFU/sq. in.
Seatbelt buckle – 230 CFU/sq. in.
Bathroom stall locks – 70 CFU/sq. in.
Bathrooms were some of the cleaner surfaces tested, which may be contrary to conventional thought. Regular cleaning schedules mean these surfaces are sanitized more frequently. This is a good thing; while not discrediting the importance of cleaning all major surfaces between flights, bathrooms have the most potential for fecal coliforms to spread.
Airline staff are under more pressure in recent years to quickly deboard arriving flights and board departing flights to maximize profit for their carriers. Boarding times have actually increased since 1970, from approximately 20 passengers per minute down to nine in 1998 (Milne and Kelly, 2014). There are many things that the cabin crew must attend to, so tray tables are often only cleaned at the end of the day. This study demonstrates the need for tray tables to be cleaned between flights. Most carriers set their own cleaning standards since federal regulations through agencies such as the FAA and OSHA are quite minimal in this area (McCartney, 2014). The EPA does occasionally monitor water quality, however (EPA, 2009).
What is needed is a procedure for increased efficiency of boarding and deplaning that gives the cabin crew more time to do a thorough cleaning between flights. Much research is being done on theoretical boarding procedures; however, one aspect that could improve boarding time is encouraging more checked bags and thus reducing carry-on luggage. Boarding delays have been estimated to cost carriers a net $8 billion in 2007 for the United States alone (Ball et al., 2010). This indicates that lost revenues from checked bag fees might be recouped through reduced boarding time, with the added benefit of giving airline staff more time to clean between flights.
Ghost Airports: Unfinished, Abandoned or Forgotten
Airports are typically lively places — full of activity, bustle and people zooming from place to place. Or, at least, they should be. Today, TPG Contributor Eric Rosen takes a look at several airports that… didn’t quite pan out.
Scattered all over the world are the bones of airports that have been hilariously overbuilt, abandoned, left incomplete or forgotten altogether. These façades are both a testament to bygone industry and grandeur, as well as a reminder of the great, unseen cycles that shape human civilization.
They’re also just kind of cool and creepy to explore.
While many of the following decommissioned airports are lying in abject disuse, others have been salvaged for great new purposes … so it appears there’s hope for all of us.
1. Berlin’s Boondoggle
Germans are known for efficiency and keeping tight schedules, but when it comes to building a new airport for their capital, they just can’t seem to keep things on track. Almost since construction on the Berlin-Brandenburg Willy Brandt International Airport began in 2006, the project has had a series of setbacks including fire safety system problems and other technical issues.
The facility was originally supposed to open in November 2011. Then June 2012. Then March 2013. Then October 2013. Then late 2016. Then … well, you get the picture. Now, German officials are predicting an opening date in late 2017 — 11 years after the project began.
When it does finally open, Berlin Brandenburg will have capacity for 27 million passengers a year — but that’s still a couple years in the future. For now, you can take a bus tour for 10 euros (about $11) or even take a two-hour bike tour of the grounds for 15 euros ($16.50) hosted by Berlin Airports.
2. Spain’s Ghost Airport
When it was completed in 2008, privately owned (and ironically named) Don Quixote Airport in the town of Ciudad Real, set nearly 150 miles from Madrid in the region of La Mancha, was meant to be a symbol of Spain’s economic boom.
Instead, the project became a glaring emblem for the country’s financial woes. Turns out the private investors who built it were as delusional as the literary character for whom they named it.
The airport actually did welcome flights for a few years, with a 2.5-mile runway and a gleaming passenger terminal meant to handle 2.5 million passengers a year. Ryanair flew there for a while, and then Vueling offered government-subsidized flights. But in the end, only about 30,000 passengers or so a year were flying through here, and it was closed in 2012.
The Don Quixote complex made it back into the news in July when a Chinese investment company called Tzaneen International put in a bid at auction for a mere 10,000 euros (about $11,000 at the time) for the whole thing. There’s still time for counter offers, but those look unlikely.
Tzaneen plans to invest 60-100 million euros (roughly $67.5-$112.5 million) to make Ciudad Real’s airport a major point of entry for Chinese companies looking to bring business to Europe.
3. There’s Airports in That Thar Desert
Literally, the following airports are in India’s Thar Desert. And they’re … deserted. (Sorry, I couldn’t resist.)
The Thar Desert is also known as the Great Indian Desert, and stretches along four Indian states, forming a natural boundary between India and Pakistan. Since 2009, the Indian government has reportedly spent about $50 million constructing and renovating eight airports in the Thar — none of which receive regular, scheduled flights.
These eight airports were part of a government plan to build dozens, if not hundreds, of low-cost airports for the Airports Authority of India to help fuel India’s domestic aviation boom, and to connect remote regions to the rest of the country.
Among the most notable: Jaisalmer, a remote desert city in Rajasthan, got a $17-million terminal designed for 300,000 passengers a year and including parking areas for three narrow-body jets, according to Reuters. However, it’s stood empty for over two years now. That same story is playing out across the country, as around half of the AAI’s 100 or so domestic-service airports didn’t receive a scheduled flight this year.
4. Gaza Stripped
The Gaza International Airport was an ambitious project built for $86 million in 1998. It remained in service for three years before the control tower and radar station were bombed by the Israeli Defense force during the 2001 Al-Aqsa Intifada. Then the IDF bulldozed the runway in 2002.
Though many in the international community have since called for it to reopen, and it’s been renamed for late Palestinian leader Yasser Arafat, the facility is totally mothballed and its tarmac has been scavenged for other building projects.
5. Spooky in Cyprus
Mothballed during the invasion of Turkish forces in 1974, the Nicosia International Airport on Cyprus is creepier than many others on this list because it feels as though it was abandoned in the middle of a busy day — and not disturbed since.
Though there’s nothing terribly special about the ‘70s architecture, you can still see the check-in desks, passenger seating and even two abandoned planes on the tarmac, including a Cyprus Airways jet.
Today, the airport is under the aegis of the UN and not open for commercial use.
6. Denver’s Lone Tower
Although its first terminal was built in 1929, you don’t have to be an old-timer to remember Denver’s former hub, Stapleton International Airport. The final departure was a Continental Airlines flight to London that left on February 25, 1995.
The culprit for the airport’s closure? Traffic congestion, little space for expansion and irregular weather that required longer runways than the six found at this sprawling facility.
You won’t see much of the complex today, as the area has since been turned into a housing development with streets and streets of planned communities and even a main drag with stores. But over it all looms the airport’s former control tower, which the Denver Post reported is going to be turned into a 25,000-square-foot dining and entertainment venue managed by Punch Bowl Social.
7. From Airliners to Cruise Liners at Hong Kong Kai Tak
Before the opening of the massive, modern new Hong Kong Airport on Chek Lap Kok island, Hong Kong Kai Tak was the city’s hub.
Originally built in 1925, the airport was tiny for such a busy metropolis. It was comprised of just a solitary runway extending into Kowloon Bay, and surrounded by residential buildings in what became one of Hong Kong’s most densely populated areas. They used to say that if you were hungry on your flight into Hong Kong, you could just reach out the plane window and grab a bowl of noodles from an apartment as you passed by.
Humor aside, it was widely considered one of the world’s most dangerous airports. Nearly a third of all flights there were delayed, noise and air pollution were huge issues and there was just no way to expand its capacity, so something had to change.
When the new airport opened, much of the site was systematically dismantled. But it reopened in 2013 as the Kai Tak Cruise Terminal after over $300 million in renovations, so if you arrive in Hong Kong on a ship instead of a plane, you can still pass through Kai Tak.
8. Isolated in Inner Mongolia
The past few years have been replete with stories of entire ghost cities in the vast Inner Mongolia region of China, but perhaps the most shocking is Ordos. It was built to house over one million people, but only two percent of its buildings were ever inhabited.
Today, you’ll find a smattering of folks living here, but certainly not enough to require a behemoth airport like the one called Eerduosi that was built here and now gets just a few flights a week from Beijing.
This Gizmodo report takes you through it, pointing out features like Mongolian statues and murals, as well as hanging gardens and futuristic fountains.
9. Magnificent, Misapplied Montreal-Mirabel
This massive project originally opened in 1975, just in time to welcome visitors from around the world to the 1976 Summer Olympics.
The airport was designed to handle a whopping 50 million passengers, making it the biggest in the world at the time. But almost immediately after its opening, it started facing problems. The first was its distance from the city – over 30 miles. A high-speed rail connection to the city was supposed to be built but never materialized.
The second: The government mandated that all international passenger flights come through here instead of the older Dorval (now Trudeau) Airport. But Dorval continued to field domestic flights. Can you say misconnect?
Instead, airlines and passengers opted to fly to Toronto and avoid the hassle. Dorval was eventually reopened to international flights in 1997, and by then, an economic slump relegated Mirabel to mostly cargo service. Its final passenger flight took off to London in 2004.
Right after, it was used as the set for the Tom Hanks film, Terminal. Today, it’s mainly an air cargo facility, and there’s even a motorsport complex around it, but plans to turn it into an amusement park have been scrapped.
10. Athletic Athens Ellinikon International
It’s not all gloom and doom for abandoned airports, though. Athens’ former airport is just four miles from the city center, and was the former hub of Olympic Airlines. It was originally built in 1938, but abandoned in 2001 with the opening of the new airport in advance of the 2004 Summer Olympics.
Seeing an opportunity, the Greeks actually turned it into a venue for the games, and sports like baseball, kayaking and field hockey took place on its grounds.
You can still visit it today and wander around the remains of decommissioned airliners.
11. Born-Again Berlin Tempelhof Airport
We started with Berlin, and we’re ending with Berlin. That’s right, the city’s got not one but two derelict airports!
Tempelhof is actually the city’s former international airport – a huge complex built in the early 20th century that was at one time an SS camp and then a US military base crucial to the success of the Berlin Airlift, before eventually becoming one of Germany’s commercial hubs.
The airport was finally closed in 2008, but it’s finding new life today as a huge public park with plans for a public library and a garden center. You can walk and bike along its former runways and even marvel at abandoned aircraft rusting away in one of the fields.
I am a pilot and here is my experience:
A flight of 14 hours means that there are two full crews (for flights requiring two operating pilots). This usually means that the first 30 and last 45 minutes have all four pilots on the flight deck and during the remaining time, two of them are taking a break, splitting it up so that the operating crew—the ones at the controls for landing—get a long break around the middle of the flight, so as to be adequately rested for the arrival, but fully engaged with the last portion.
Many planes have rest areas; small rooms with a couple bunks and a couple seats. Sometimes these seats will have entertainment systems similar to those in the cabin. Other planes will have designated rest seats in the cabin; usually business/first-class seats with curtains to separate them from the light and some of the noise of the cabin.
With such a long flight, it would be unusual if some sleeping weren’t involved. Even if the flight left at body-clock 0800 and arrived at body-clock 2000, the flight crew has been in the plane since at least 0700, arriving at the airport likely 30 minutes earlier. With a close home or layover hotel, they might have awakened at 0530, but it’s likely earlier. That makes for a long, tiring day. Some sleeping is in order, but they can also pursue any other normal form of diversion available to the passengers: read, watch movies, eat, listen to music, play games, etc.
But come on! You have the chance to get paid to sleep! I nap aggressively, like lives depended on it.