master suites
Any site with any sense will use a different master suite, or no suite at all, for sensitive areas.
Even my employer does it, so it can't be that revolutionary.
A group of Melbourne lock-pickers have forged a creative method for popping so-called restricted locks by 3D printing keys found on freely available designs on patent sites. The feat demonstrated at the BSides Canberra security conference last week is a combination of opportunistic ingenuity and lock-picking mastery, and will …
Any site which has a master key gets whatever it deserves.
Like it or not:
1. The master key concept is known in the security industry as a backdoor
2. The master key can be reverse engineered from any lock/cylinder which matches it.
It walk like a backdoor, it quacks like a backdoor it is a backdoor. Unlocked one.
Seriously. I learned to pick physical locks in the mid 1960s.
Nothing has changed.
So-called "restricted locks" are just as vulnerable as your bicycle lock.
A bit of street sweeper bristle, a couple of files, and a bit of know-how ,and you are in. I won't even get into the concept of "bump keys".
See the MIT Locksmithing Guide.
Remember, most locks are only there to stop crimes of opportunity ... If a criminal chooses to bust into your home, a brick through the window next to your front door will work quite nicely, the lock isn't going to help any.
"Seriously. I learned to pick physical locks in the mid 1960s.
Nothing has changed."
Actually, it has to an extent. Modern high-security locks are pick-resistant by using techniques that either require the tumbler pins to rotate as well as rise as well as means to prevent holding the pins in place while you're trying to dial them in.
Anyway, the obvious wasn't mentioned in the article. It seems a lot easier to find a way to steal the key, no matter how sophisticated, and make a mold of it.
It seems a lot easier to find a way to steal the key, no matter how sophisticated, and make a mold of it.
Obligatory XKCD cartoon: xkcd.com/538/.
Goes back to at least the mid 1940s. Feynman needed to get a paper out of one of a set of combination safes, but the person in charge wasn't there.
Knowing that person was a mathematician, Feynman tried a few obvious things. The safe opened to 'e' to six places.
He checked the other safes. They all opened to the same code.
The content of these safes was a complete duplicate set of all papers for the Manhattan Project. From 'First mine your Uranium' to 'Light the blue touch paper and RUN AWAY'.
He took a piece of paper, wrote 'Guess Who' on it, put it in the safe and locked the door again.
When it comes to restricted locks and locks that are resistant to picking, i'd suggest moving away from pin-tumbler locks altogether and looking at high security disc detainer locks like the Abloy Protec Series. These, as far as I've seen, are currently 'unpickable'. Thats not to say that they won't be forever, but for now, they're pretty impressive.
You're right, most crimes are due to opportunity. However, we're discussing this in the context of 'red-teaming' engagements and attempting to be as subtle about things as possible.
convenience vs security.
It's very convenient to have a master key that can be used on any lock in the building. However, once a master key goes missing, you'd have to replace all the locks. In my part of the woods that's roundabout 100 EUR per lock if you buy in bulk.
Not a bad idea to use different systems/manufactures for locks on the perimeter of the site, the outer hull of the buliding(s) and the inner doors; or different systems for sensitive/not-sensitive parts.
You'll have to clear this with your local firefighters and/or buliding authorities though.
I don't understand why they need the patent drawings.
If you have to buy an identical lock to replace the one you cut off the gate then you could just measure the key that came with it.
If you can cut the lock off their gate with an angle grinder without being detected then you may not actually need a master key.
The article said you don't have to buy an identical lock - you just need the face of the lock looking similarly enough/the right shape to accept the key (easily knocked up from a photo), and then have the cylinder accept any key so locks and unlocks but doesn't actually check the shape of the key.
Patent drawings were used because it was easier to render a 3D model off them than to do precise detailed measurements of the key-ways.
On your standard house locks, its fine, but on a restricted profile with lots of warding its actually quite hard to get accurate measurements.
As for the angle grinder.
Its just one of several ways to get the cylinder. But you'd be surprised how many extremely large facilities exist and how many of them use master keys over multiple sites with no-one around for miles.
A group of lock-picking hackers and Locksmiths, has cracked open the controversy surrounding 3D printing and personal security. Using images from publicly available patent websites, the hackers managed to replicate so-called ‘restricted’ keys that could be used to open businesses, government buildings or secure data centers.
Locks are only a time delay / deterrent or to stop casual stupidity by employees.
They are only part of an over all strategy.
Battery powered drills, bolt cutters, angle grinders, gas cutting torch, explosives ...
Any have decent locksmith can make a key from a photo that has something to give scale. The 3D printer and patents are irrelevant. A patent only tells you profile and method, not the actual specific physical "code".
A lock system with a single master key isn't really a lock.
The patent's relevant if the lock manufacturer restricts access to the key blanks as a security feature. 3D printing a plastic key blank from the patent drawings is surely a lot more accurate and reliable than cutting one by hand based on a photo.
CNCing a metal blank from the patent drawings would be even better, but CNC machining is so last decade.
I think you missed the point here, the point isn't to open a single door. Its to open every door thats part of the same key system. One standard master-keyed lock will usually yield 32 different 'master keys' when disassembled. This is where the printing comes in handy. You can make all 32 quite quickly and use them all as needed.
The photo->key was actually covered in the talk but not mentioned here.
See: http://vision.ucsd.edu/~blaxton/sneakey.html
All this is very clever, using the latest technology and all that. And I'm not knocking it.
However, accurately dimensioned drawings publicly available?? SHIRLEY whoever filed those should have been instructed to alter / redact them sufficiently to JUST include the information required for the patent??
Does this mean that if I copy the lock and simply make minor dimensional changes I'm outside the patent??
But for real kudos, read up on what POWs managed to do in prison camps during the last war, under close guard and with prison made and designed tools.
If you can get a copy of it Major PR Reid's "Colditz The Full Story" is well worth a read. (Pan ISBN 978-0-330-50999-2. First published by Macmillan.)
In the end there is no such thing as security. Get used to it.
From a quick Google:
In one highly organized lightning operation, the actual lock was removed and the notches in the key blank were sawn to the exact depth required. The key worked and the lock was replaced. Having opened the principal door with his cruciform key, there were two further doors and more lock-picking before Guigues reached the actual parcels store. Every visit was a major operation involving seventeen men each with a different role to play. Fredo's first poy was to order from his wife two parcels of tools. When they arrived he intercepted them, replacing them with innocent parcels before distribution (and examination by the Germans) took place......Eventually the Germans installed an electric alarm on the locks of the parcels office. But this was no thread to Fredo and his clandestine visits because he intercepted the circuit before the installation was complete, carrying it through to the floor above...
Fascinating stuff. Might need to get that.
However when it breaks (always at the worst possible time) the lock (and possibly the door) will need to be physically destroyed to gain access.
(The lock issues a random challenge string encoded with its public key to the inserted key. If the inserted key is a valid one it will be programmed with the corresponding private key and will be able to decode the challenge and pass the decoded string back to the lock. If the decoded string is correct then the lock opens - otherwise it activates alarms.)
This method is not suitable for padlocks or other locations without electrical power.
Which is more or less the basis of modern car security - at least for some manufacturers/models. The key has a "chip" in it, and the security system in the car interrogates the chip when it's close to the ignition lock. So with some models it's possible to have a key which will unlock the steering wheel but won't allow the vehicle to be started - useful for those who tow a vehicle around (eg those small cars you see on tow behind a large motorhome).
... and this car lock scheme is easily defeated through a kind of man-in-the-middle attack, as demonstrated by the ADAC in Germany. NFC is only 'near' for a given antenna. Target the car key near the victim with a directional antenna, run any (more or less arbitrary) connection to a second transponder near the car, and you can open the doors and start the engine. Once the engine is running, you can cut the connection to the key and drive off.