What a nightmare
I'm going to have to keep my keys somewhere private now, like my pocket.
Security researchers have developed a technique for copying house keys using only a picture of a key. The approach - developed by computer scientists at UC San Diego - requires no physical access to keys and only a relatively low resolution picture for the software to work. Boffins at the university said they developed the …
So with a digital camera, a telephoto lens, a computer, some bespoke software and a bit of time you can calculate the necessary details, feed them into a machine and cut a key. This solution replaces, er, plasticene (or a bar of soap at a pinch), a key blank and a file.
Now the security aspect. Who are you more likely to be suspicious of? The bloke taking pics of you at range with a telephoto lens who has a van-load of kit in tow or the bloke sitting at the next table wearing a jacket that may, or may not, have plasticene, a file and a set of key blanks in the pockets.
The one with the plasticene, the file and the key blanks in the pockets, obviously.
Just think of how many places where security personnell walk around with a big bunch of keys hanging on a chain in their belt...
And with 5Mpixel cameras becoming common on cell-phones, it may not be too long before someone breaks into a 'secure' location this way.
Possible solutions are:
'3D' keys where the 'teeth' are layered, and possible even spread around the key, or inside it...
Digital' keys, where part of the key is transmitted, either using RF, an electronic tip, or even using light.
Or possibly even a spring-loaded 'sleeve' on the keys which is pushed back as the key is inserted into the lock.
That is, if the lock-makers could care about security...
They still sell 'high security' doorlocks which isn't even protected against bump-keys...
Mine's the one with the lockpics in the inside pocket...
Who thinks keys are totally secure? Any lock can be bypassed give enough time and the right tools. All key locks do is make it not worth the effort to bust in for the gains and agro that you will get for it. If someone really wants to get into you house, they'll just bust down the door or drive through a wall.
There are some other types of key that are inherently more secure from this sort of attack. I can remember that my university halls had keys that have indentations on the flat of the key rather than notches cut in. Blanks for these types of key are not carried by the high street keycutter/shoe heeler and are difficult to get hold of. And they require more special kit to cut.
Forced entry is more likely. I was burgled and the buggers jemmied open locked patio doors. Didn't need a key.
At least one of these has already been done. My honda motorcycle has some kind of RFID so that only ignition keys supplied by Honda will disarm the security on that part of the bike. Its called HISS (Honda Ignition Security System). Other keys cut will undo the physical lock, but not allow you to start it. In a domestic environment this could be linked to say an alarm system, or a second electro-magnetic lock (yes i know there are other issues with that)
I'm assumimg we're talking about the traditional mortice or yale type lock. Most new locking systems use a computer etching process to create dimples and cuts into special key blanks. Some key systems have additional features (Multi-Lok inparticular) to further enhance security. The new type of keys were prompted by changes in copyright law, which prevented lock companies from patenting any features in the old type of key. This messed up registered key systems, Hence, the change to a key design that could be copyrighted.
I need to get out more.
I didn't know that Honda had it on some of their bikes, but I was aware that such systems did exist in the motoring world.
Strange, though, that these kinds of systems are unheard of in the 'home protection' industry...
Not even certain that they're available for businesses...
And it's places with multiple keys and 'system key' / 'janitors keys' which could really use these additions.
(It's not that difficult to find the pattern on a system key if you have one of more 'user keys' from a location.)
Yeah, right. Ever seen one of those WITHOUT a mechanical override?
Get hold of a janitors override key and you can get past every door in that location.
All "yale" type keys are insecure. Go to Youtube and search for "bump key".
The funniest clip is of a Dutch lock picking club where they have spent years perfecting their craft.
The bump key man opens several locks in a few seconds with no skill needed, the others look *really* pissed off.
Your insurance will not pay up if someone uses one to open your house as there is no trace of forced entry.
As for me, I don't bother locking the door. This laptop is 9 years old and weighs 20lb! Plus you would have to swim with it across the Pentland Firth.
Paris, 'cos she leaves her doors open too
I actually work in the key and security industry for one of the larger distributors in the UK, and whilst the software seems incredibly threatening, I'm betting it's not quite as reliable as the researchers make out. For example, there's machines already on the market that copy a key from a completely blank piece of metal, but they only work about 75-80% of the time.
If you're really worried about this, I hope to god you don't find out about things like cylinder snappers, bump keys and the like which are all far easier ways of gaining entry to a house. The biggest threat from this is being able to gain access covertly and thus not being able to make an insurance claim.
Oh and @AC it's not "Yale" locks that are vulnerable to slipping with a drinks bottle, it's only old fashioned "Traditional Night Latches", which are pretty rare these days.
Most, if not all, new cars sold in the US have a key with a chip in it as part of the theft deterrent system. That technology has been around since the early 90's, if I remember correctly. makes for a pain in the bum to replace lost keys (and allows the dealers to charge whatever they want!), but it does a small amount to slow down the non-determined and non-professional thieves.
As far as home and low end commercial locks go, they *all* have vulnerabilities, some more documented then others. It all boils down to cost and how much they slow down the cretin trying to break in.
Mine's the flameproof one with the burning rod and the oxy-acetylene tank attached to it.
"Very handy indeed for no-one except criminals and the once every 100 years incidence of needing to get into someones flat and only happening to have a picture of their keys...
Can't you invent something to destroy the earth now please?"
They probably didn't invent it. They stole it from the CIA. Or the Lizardmen. Or the Bilderberg Group. Or the Rand Corporation. Or Area 51. Or Doctor Who (oh wait, he uses a sonic screwdriver). Or the non-lizard grey aliens with big heads.
I now wrap all my keys in tinfoil for safety.
Yeah, right. Ever seen one of those WITHOUT a mechanical override?"
Actually... I work in a secure room which requires a card to enter the first door into the outer room, and the card along with its corresponding code to enter the inner room, which itself contains a safe where the cash is kept. There is no mechanical override; if our phone line is cut or we otherwise lose connection to the security company, the secure room becomes inaccessible except by brute force. It's a good system, and means a potential robber would need to defeat at least two steel doors before reaching the locked safe (which also has no mechanical override. C4, anyone?).
The bottom line is, regular old pin-and-tumbler keys are the most cost-effective residential security. Anyone with a rake pick and a tension wrench can get right past them. Nobody is going to bother making a copy of your key unless you have very nice stuff to steal, in which case you likely have a security system which needs to be disarmed shortly after a door is opened. This is not a breakthrough; anyone with a file and a blank can make a copy of their key from a photocopy. The ability to do so with a low-quality photo is nothing more than a novelty.
BMW already makes a key that defeats this new technique; the cuts are made on both long sides rather than the thin edges, and the key folds into the remote. You press a little button on the side of the remote and the spring-loaded key flips out. It's like a dull little secure-entry switchblade. Even with high-resolution photographs of both sides, it would be very difficult to copy compared to a conventional key. Instead of a file, you would need either a milling machine or a very steady hand with a dremel. Even then, your chances of successfully reproducing the key would be very low.
Picks > Photographs
I nearly fell off my chair laughing at that.
It's not that surprising, really. The depth of cuts is quantized; there are at most 10 distinct positions (sometimes fewer, depending on the brand), and there's a limit to the difference in depths between adjacent cuts. Even a blurry photo is enough to give just a handful of possible keys.
This isn't a threat to actual high-security locks, though. Sidebars, rotating pins, dimple keys would all need a much higher resolution photo to duplicate. And you'd probably have to be a locksmith to get blanks for them.
Everytime there's a thread on physical security, there always seems to be three types of answers:
1 - I don't care for technique abc, technique xyz is much better / worse
2 - I've known this all along. Publis-Sector security is a myth. The end is nigh.
3 - That's so scary, I'm selling my house and living on a boat so no one can steal my stuff.
This can be a good thing mind you, because there all valid points.
Sure, there are lots of techniques out there, bump keys, picks, bricks, pizza.. whatever. Most of them more effective than this (you can bump a Medeco/Chubb M3, and you can overlift a Multi-Lock, but you cant get a profile of either from one dodgy picture).
And it's true there is no such thing as public security now-a-days.
While your home with all your posessions in it is your life, no criminal is going to open your locks to steal an iPod and a few photo albums when they could be down the road breaking into the accounts department of Debenams.
And sure, living on a boat would be more secure than living on an estate (provided the 21st century pirates stay in Sweden)
But for gods sake people stop being so god-damn self-rightous!
Lots of people are learning the basics of security now-a-days. Good. Knowledge drives technology.
But please, no one cares that you know what a bump key is, or how you managed to open a Yale in 20 seconds using a plastic bottle, a rubber band, and three crumbs from under the sofa.
Your arrogance makes you lie to make up for your shortcommings in actual knowledge, so we hear things like:
- Dimple keys being the modern standard. They're not. They're just regular locks with the pins on the side. You can pick/bump them just as easy (or over lift the advanced Multi-Locks)
- That copyright laws forced a change to dimple. Nonsense. You can still copyright a regular keyway. People are still producing restricted keys after all.
- That all keys are unsecure. Not true at all, many locks have never been broken (without perminent damage like drilling anyway)
- There is a machine that can copy any key using just a blank bit of metal, but it only works 70~80% of the time. I don't even know where to start on that one.
Everyone treats security like some god-damn competition >_<
Hate to be you when you stagger home half-drunk after clubbing one night... ain't no way you'll be treating your new lady friend to a fun-filled night of debauchery!
On the other hand, it would save all those nasty moments when you wake up and realise that the beautiful blonde you brought home after one too many White Lightnings is actually the labradoodle from down the road who you wouldn't normally touch with *somebody else's* barge pole...
"Which locks was it, Peter? Um, William? Um, Dave? Um, who are you again..."
are there none here that remember the eighties when ford introduced a high security chubb key (a sort of hexagonal affair), people soon worked out you could copy the key from just looking at it
also nearly all, if not all cars in the last 5-10 years have an rf transponder in the key to activate the engine managment ECU (if you car has a factory fitted immobiliser it has this feature)
also it is all well and good copying a key, but you need to know where the lock is it fits, so no good taking masses of pics at the pub unless you know the addresses of the doors (work or home) they fit
i see no need to worry unless this becomes a mass market product / software
mine the one with the reality check in the pocket
>> Can this method actually be carried out in full (i.e., from seeing a photo of the key to gaining entry) in less time than it would take an expert with a lock-picking set?
I absolutely agree, but why go so far as an expert with a lock picking set when all it takes is an amateur with an automatic lock pick.
Besides anything else, this really isn't news, it wasn't that long ago that we were reading (I think on El Reg) about a UK prison having to spend an obscene amount of money replacing all their locks, after a key was accidentally shown on a regional news program.
Okay, so someone has written a bit of software to automate it, it's not really that impressive. I would be more impressed if someone wrote software that would allow key cutters to cut perfect keys each time, rather than requiring you to go back and get it filed.
>> Most, if not all, new cars sold in the US have a key with a chip in it as part of the theft
>> deterrent system. That technology has been around since the early 90's, if I remember
>> correctly. makes for a pain in the bum to replace lost keys (and allows the dealers to charge
>> whatever they want!), - AC
Indeed, surely anyone who drives must have run into this problem at some point and had to pay a dealership an extortionate fee for a replacement key (and then had to get an actual key cut to boot). The only bigger con is the coded parts (obviously only the electronic parts) where by you can't use an otherwise perfectly serviceable scrap part because it is locked to a different car. Cars are the new ink jet printers (Lexmark may even have copied the idea from the car manufacturers).
I'm not sure why a prison would go to all that bother when numerous companies are allowed to sell masterkeys for such places .. including this masterkey to Chubb handcuffs.
(the Police have to buy them from somewhere I guess)
2"-thick steel door with no glass panes in it, steel shutters over the window, reinforced steel roof, concrete block walls, three different locks (Abloy, card-and-PIN and combination) and the buggers will be forced to use a sledgehammer to smash their way through the walls or a gas torch to burn through a shutter or the door - either of which'd be far too much effort to go to for a 4-year-old computer, a crappy TV and assorted clothes, kids' toys (which aren't even electronic) and other household items, especially when the neighbours have a lovely (easily broken) glass picture window big enough to get a lounge suite through...
Sadly, the effort of shuttering all the windows every time we go out and having to work a combination lock to get back in (on top of waving a ProxCard at the sensor, entering a PIN and turning a key) would probably be to much for me, too, so I'd stay home and get bored waiting for the burglars to turn up...
Fuck it, we'll sell everything except the clothes on our backs and a couple of simple bowls and move into a hermit-cave up a mountain - no doors, windows or locks.
30 years approx ago in New Zealand , I had a job looking at Bulldozers building roads for NZ Forest Service.
Not anything high tech. or IT but locks and keys got involved.
We fitted meters to the Dozers that recorded the time that they were actually moving (doing work), and I went to a local locksmith to get a spare key cut and he said he could not get the blank required as it was a high security lock.
Blanks difficult to obtain. If I remember correctly it was a pretty secure system-proof that it was your property etc.
There MUST BE improved versions now surely .
Biting the hand that feeds IT © 1998–2022