Security researchers have developed a technique for copying house keys using only a picture of a key. The approach - developed by computer scientists at UC San Diego - requires no physical access to keys and only a relatively low resolution picture for the software to work. Boffins at the university said they developed the …
What a nightmare
I'm going to have to keep my keys somewhere private now, like my pocket.
Too clever by half.
So with a digital camera, a telephoto lens, a computer, some bespoke software and a bit of time you can calculate the necessary details, feed them into a machine and cut a key. This solution replaces, er, plasticene (or a bar of soap at a pinch), a key blank and a file.
Now the security aspect. Who are you more likely to be suspicious of? The bloke taking pics of you at range with a telephoto lens who has a van-load of kit in tow or the bloke sitting at the next table wearing a jacket that may, or may not, have plasticene, a file and a set of key blanks in the pockets.
The one with the plasticene, the file and the key blanks in the pockets, obviously.
I've been waiting for something like this for a while.
Just think of how many places where security personnell walk around with a big bunch of keys hanging on a chain in their belt...
And with 5Mpixel cameras becoming common on cell-phones, it may not be too long before someone breaks into a 'secure' location this way.
Possible solutions are:
'3D' keys where the 'teeth' are layered, and possible even spread around the key, or inside it...
Digital' keys, where part of the key is transmitted, either using RF, an electronic tip, or even using light.
Or possibly even a spring-loaded 'sleeve' on the keys which is pushed back as the key is inserted into the lock.
That is, if the lock-makers could care about security...
They still sell 'high security' doorlocks which isn't even protected against bump-keys...
Mine's the one with the lockpics in the inside pocket...
Surely the real news here is ...
that people think this is news?
Can this method actually be carried out in full (i.e., from seeing a photo of the key to gaining entry) in less time than it would take an expert with a lock-picking set?
If not, we probably all have drier lentils to soak.
For added security...
...just keep the door with you at all times.
And in case you lose your key, leave a window open.
That's seriously expensive, and not at all stealthy. Cheaper to kosh me and use putty to copy my key.
I prefer the keyless pizza entry system - deliver pizza, door opens.
Paris because she has nowhere to put her keys.
Key inherently secure? - Not!
Who thinks keys are totally secure? Any lock can be bypassed give enough time and the right tools. All key locks do is make it not worth the effort to bust in for the gains and agro that you will get for it. If someone really wants to get into you house, they'll just bust down the door or drive through a wall.
Yes thank you science
Very handy indeed for no-one except criminals and the once every 100 years incidence of needing to get into someones flat and only happening to have a picture of their keys...
Can't you invent something to destroy the earth now please?
simple - just use one of those mifare based contactless card readers..
There are some other types of key that are inherently more secure from this sort of attack. I can remember that my university halls had keys that have indentations on the flat of the key rather than notches cut in. Blanks for these types of key are not carried by the high street keycutter/shoe heeler and are difficult to get hold of. And they require more special kit to cut.
Forced entry is more likely. I was burgled and the buggers jemmied open locked patio doors. Didn't need a key.
Another blow to photographers then
Adds to the government's ammunition against photographers then. Though they don't need any more laws, just shove it like everything else under the banner of anti-terrorism.
you just need a skeleton key, or a lockpick, or a credit card, or something to #force the lock, or failing all that it's ctrl-D and hope you don't wake anyone
I love my Brick.
So, with some intelligence, a camera with expensive lens, time to write a software application, key cutting equipment and all the rest of it, you can copy someones key and break in.
Or, use a brick?
Any old yale key and a file is all you need to open a yale lock in a couple of seconds.
Quite frightening really.
Rather excessive really...
...considering the fact that they copied Yale keys and you can bypass a Yale lock in under 30 seconds with a strip of plastic from an old drinks bottle.
@ Trygve Henriksen
At least one of these has already been done. My honda motorcycle has some kind of RFID so that only ignition keys supplied by Honda will disarm the security on that part of the bike. Its called HISS (Honda Ignition Security System). Other keys cut will undo the physical lock, but not allow you to start it. In a domestic environment this could be linked to say an alarm system, or a second electro-magnetic lock (yes i know there are other issues with that)
Am I missing something?
people can copy something from looking at it?
Keys in pocket
used to be secure until my mobile phone developed a taste for taking pictures in my pocket. Now I know why :-)
@ Dave B
Faster than keygen..exe is boot.exe!
Mine is the one with the battering ram in the pocket....
Hold on a moment!
I'm assumimg we're talking about the traditional mortice or yale type lock. Most new locking systems use a computer etching process to create dimples and cuts into special key blanks. Some key systems have additional features (Multi-Lok inparticular) to further enhance security. The new type of keys were prompted by changes in copyright law, which prevented lock companies from patenting any features in the old type of key. This messed up registered key systems, Hence, the change to a key design that could be copyrighted.
I need to get out more.
I like the idea of having 6 locks on the front door, but randomly using only three. The thief with high tech key copying software can then spend his/her time unlocking some but also locking the others...
I didn't know that Honda had it on some of their bikes, but I was aware that such systems did exist in the motoring world.
Strange, though, that these kinds of systems are unheard of in the 'home protection' industry...
Not even certain that they're available for businesses...
And it's places with multiple keys and 'system key' / 'janitors keys' which could really use these additions.
(It's not that difficult to find the pattern on a system key if you have one of more 'user keys' from a location.)
Yeah, right. Ever seen one of those WITHOUT a mechanical override?
Get hold of a janitors override key and you can get past every door in that location.
How long before they copy keys from Google Earth, I say? Only a matter of time. Ban this sick filth and all the information regarding it. Doomed we're all doomed!
Proving what some of us already knew..
You still can't copy an ABLOY key..
All "yale" type keys are insecure. Go to Youtube and search for "bump key".
The funniest clip is of a Dutch lock picking club where they have spent years perfecting their craft.
The bump key man opens several locks in a few seconds with no skill needed, the others look *really* pissed off.
Your insurance will not pay up if someone uses one to open your house as there is no trace of forced entry.
As for me, I don't bother locking the door. This laptop is 9 years old and weighs 20lb! Plus you would have to swim with it across the Pentland Firth.
Paris, 'cos she leaves her doors open too
Why go to all that effort ??
Why bother with all this photo nonsense, 95% of domestic barrel locks can be opened using the 'bump-key' method....
Wake me when they can make a key based on a picture of a lock taken 200 meters away...
I actually work in the key and security industry for one of the larger distributors in the UK, and whilst the software seems incredibly threatening, I'm betting it's not quite as reliable as the researchers make out. For example, there's machines already on the market that copy a key from a completely blank piece of metal, but they only work about 75-80% of the time.
If you're really worried about this, I hope to god you don't find out about things like cylinder snappers, bump keys and the like which are all far easier ways of gaining entry to a house. The biggest threat from this is being able to gain access covertly and thus not being able to make an insurance claim.
Oh and @AC it's not "Yale" locks that are vulnerable to slipping with a drinks bottle, it's only old fashioned "Traditional Night Latches", which are pretty rare these days.
re: Trygve Henriksen, M7S...
Most, if not all, new cars sold in the US have a key with a chip in it as part of the theft deterrent system. That technology has been around since the early 90's, if I remember correctly. makes for a pain in the bum to replace lost keys (and allows the dealers to charge whatever they want!), but it does a small amount to slow down the non-determined and non-professional thieves.
As far as home and low end commercial locks go, they *all* have vulnerabilities, some more documented then others. It all boils down to cost and how much they slow down the cretin trying to break in.
Mine's the flameproof one with the burning rod and the oxy-acetylene tank attached to it.
It wouldn't be the first time...
...that a jail has had to have a complete change of locks because someone's taken a publicity photo of the new governor holding a big bunch of keys. Old lags have been able to copy keys from sight for ages.
Re: Yes thank you science
"Very handy indeed for no-one except criminals and the once every 100 years incidence of needing to get into someones flat and only happening to have a picture of their keys...
Can't you invent something to destroy the earth now please?"
They probably didn't invent it. They stole it from the CIA. Or the Lizardmen. Or the Bilderberg Group. Or the Rand Corporation. Or Area 51. Or Doctor Who (oh wait, he uses a sonic screwdriver). Or the non-lizard grey aliens with big heads.
I now wrap all my keys in tinfoil for safety.
Yeah, right. Ever seen one of those WITHOUT a mechanical override?"
Actually... I work in a secure room which requires a card to enter the first door into the outer room, and the card along with its corresponding code to enter the inner room, which itself contains a safe where the cash is kept. There is no mechanical override; if our phone line is cut or we otherwise lose connection to the security company, the secure room becomes inaccessible except by brute force. It's a good system, and means a potential robber would need to defeat at least two steel doors before reaching the locked safe (which also has no mechanical override. C4, anyone?).
The bottom line is, regular old pin-and-tumbler keys are the most cost-effective residential security. Anyone with a rake pick and a tension wrench can get right past them. Nobody is going to bother making a copy of your key unless you have very nice stuff to steal, in which case you likely have a security system which needs to be disarmed shortly after a door is opened. This is not a breakthrough; anyone with a file and a blank can make a copy of their key from a photocopy. The ability to do so with a low-quality photo is nothing more than a novelty.
BMW already makes a key that defeats this new technique; the cuts are made on both long sides rather than the thin edges, and the key folds into the remote. You press a little button on the side of the remote and the spring-loaded key flips out. It's like a dull little secure-entry switchblade. Even with high-resolution photographs of both sides, it would be very difficult to copy compared to a conventional key. Instead of a file, you would need either a milling machine or a very steady hand with a dremel. Even then, your chances of successfully reproducing the key would be very low.
Picks > Photographs
Required, a title is.
I want one of those fancy ruby prism keys from Da Vinci Code
Open source security
If we publish pictures of all keys, then the householder and the theives will know where the weakness lies and there won't be any security issues.
A drill, a screw, and 30 seconds
and the locksmith asked for his night shift triple rate. Never looked at doors the same way since.
I also liked his comment about safer locks (replace door), and safer doors (how much are you willing to pay me next time :).
I nearly fell off my chair laughing at that.
It's not that surprising, really. The depth of cuts is quantized; there are at most 10 distinct positions (sometimes fewer, depending on the brand), and there's a limit to the difference in depths between adjacent cuts. Even a blurry photo is enough to give just a handful of possible keys.
This isn't a threat to actual high-security locks, though. Sidebars, rotating pins, dimple keys would all need a much higher resolution photo to duplicate. And you'd probably have to be a locksmith to get blanks for them.
@ A J Stiles
Why would the photo burgler need to do it in the same amount of time?
Surely time is no issue. How many times a day do you change your door locks ??
I wonder if google streetview are going to blur peoples keys that appear in the photos
@ AC 08:43
Because otherwise, the guy with the set of lock picks would already have broken in and nicked all the good stuff, obviously.
Locksmiths across the world...
...are wondering why this is news? "Hey guys, the computer guys finally figured out what we have known since the dawn of time."
Paris, because she can.
i have taken my motorcycle steering lock key to 4 different locksmiths and not a single one of them could find a matching blank to cut a spare from, even with the physical key for reference.
Why does increase in awareness = Increase in obnoxious-ness
Everytime there's a thread on physical security, there always seems to be three types of answers:
1 - I don't care for technique abc, technique xyz is much better / worse
2 - I've known this all along. Publis-Sector security is a myth. The end is nigh.
3 - That's so scary, I'm selling my house and living on a boat so no one can steal my stuff.
This can be a good thing mind you, because there all valid points.
Sure, there are lots of techniques out there, bump keys, picks, bricks, pizza.. whatever. Most of them more effective than this (you can bump a Medeco/Chubb M3, and you can overlift a Multi-Lock, but you cant get a profile of either from one dodgy picture).
And it's true there is no such thing as public security now-a-days.
While your home with all your posessions in it is your life, no criminal is going to open your locks to steal an iPod and a few photo albums when they could be down the road breaking into the accounts department of Debenams.
And sure, living on a boat would be more secure than living on an estate (provided the 21st century pirates stay in Sweden)
But for gods sake people stop being so god-damn self-rightous!
Lots of people are learning the basics of security now-a-days. Good. Knowledge drives technology.
But please, no one cares that you know what a bump key is, or how you managed to open a Yale in 20 seconds using a plastic bottle, a rubber band, and three crumbs from under the sofa.
Your arrogance makes you lie to make up for your shortcommings in actual knowledge, so we hear things like:
- Dimple keys being the modern standard. They're not. They're just regular locks with the pins on the side. You can pick/bump them just as easy (or over lift the advanced Multi-Locks)
- That copyright laws forced a change to dimple. Nonsense. You can still copyright a regular keyway. People are still producing restricted keys after all.
- That all keys are unsecure. Not true at all, many locks have never been broken (without perminent damage like drilling anyway)
- There is a machine that can copy any key using just a blank bit of metal, but it only works 70~80% of the time. I don't even know where to start on that one.
Everyone treats security like some god-damn competition >_<
Hate to be you when you stagger home half-drunk after clubbing one night... ain't no way you'll be treating your new lady friend to a fun-filled night of debauchery!
On the other hand, it would save all those nasty moments when you wake up and realise that the beautiful blonde you brought home after one too many White Lightnings is actually the labradoodle from down the road who you wouldn't normally touch with *somebody else's* barge pole...
"Which locks was it, Peter? Um, William? Um, Dave? Um, who are you again..."
remember the 80's
are there none here that remember the eighties when ford introduced a high security chubb key (a sort of hexagonal affair), people soon worked out you could copy the key from just looking at it
also nearly all, if not all cars in the last 5-10 years have an rf transponder in the key to activate the engine managment ECU (if you car has a factory fitted immobiliser it has this feature)
also it is all well and good copying a key, but you need to know where the lock is it fits, so no good taking masses of pics at the pub unless you know the addresses of the doors (work or home) they fit
i see no need to worry unless this becomes a mass market product / software
mine the one with the reality check in the pocket
@A J Stiles
>> Can this method actually be carried out in full (i.e., from seeing a photo of the key to gaining entry) in less time than it would take an expert with a lock-picking set?
I absolutely agree, but why go so far as an expert with a lock picking set when all it takes is an amateur with an automatic lock pick.
Besides anything else, this really isn't news, it wasn't that long ago that we were reading (I think on El Reg) about a UK prison having to spend an obscene amount of money replacing all their locks, after a key was accidentally shown on a regional news program.
Okay, so someone has written a bit of software to automate it, it's not really that impressive. I would be more impressed if someone wrote software that would allow key cutters to cut perfect keys each time, rather than requiring you to go back and get it filed.
>> Most, if not all, new cars sold in the US have a key with a chip in it as part of the theft
>> deterrent system. That technology has been around since the early 90's, if I remember
>> correctly. makes for a pain in the bum to replace lost keys (and allows the dealers to charge
>> whatever they want!), - AC
Indeed, surely anyone who drives must have run into this problem at some point and had to pay a dealership an extortionate fee for a replacement key (and then had to get an actual key cut to boot). The only bigger con is the coded parts (obviously only the electronic parts) where by you can't use an otherwise perfectly serviceable scrap part because it is locked to a different car. Cars are the new ink jet printers (Lexmark may even have copied the idea from the car manufacturers).
I'm not sure why a prison would go to all that bother when numerous companies are allowed to sell masterkeys for such places .. including this masterkey to Chubb handcuffs.
(the Police have to buy them from somewhere I guess)
Like this is news
Is this some sort of big surprise? I needed a spare key for my car, a good few years ago, and went down to my local Renault dealer.
In order to create the key, without taking it from me, they took a PHOTOCOPY of the key, and the serial number for the electronic / chip code.
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- It's true, the START MENU is coming BACK to Windows 8, hiss sources
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- Microsoft: Don't listen to 4chan ... especially the bit about bricking Xbox Ones
- FreeBSD abandoning hardware randomness