back to article Lock-hackers crack restricted keys used to secure data centres

A group of Melbourne lock-pickers have forged a creative method for popping so-called restricted locks by 3D printing keys found on freely available designs on patent sites. The feat demonstrated at the BSides Canberra security conference last week is a combination of opportunistic ingenuity and lock-picking mastery, and will …

  1. Anonymous Coward
    Anonymous Coward

    master suites

    Any site with any sense will use a different master suite, or no suite at all, for sensitive areas.

    Even my employer does it, so it can't be that revolutionary.

    1. Voland's right hand Silver badge

      Re: master suites

      Any site which has a master key gets whatever it deserves.

      Like it or not:

      1. The master key concept is known in the security industry as a backdoor

      2. The master key can be reverse engineered from any lock/cylinder which matches it.

      It walk like a backdoor, it quacks like a backdoor it is a backdoor. Unlocked one.

    2. Topy

      Re: master suites

      This is the better way to do it.

      However, 2 things.

      1) Its not commonly done (sad to say)

      2) If your already in the building, you tend to get questioned a whole lot less if your already in an area that needs a key.

  2. jake Silver badge

    Physically picking locks is nothing new.

    Seriously. I learned to pick physical locks in the mid 1960s.

    Nothing has changed.

    So-called "restricted locks" are just as vulnerable as your bicycle lock.

    A bit of street sweeper bristle, a couple of files, and a bit of know-how ,and you are in. I won't even get into the concept of "bump keys".

    See the MIT Locksmithing Guide.

    Remember, most locks are only there to stop crimes of opportunity ... If a criminal chooses to bust into your home, a brick through the window next to your front door will work quite nicely, the lock isn't going to help any.

    1. Charles 9

      Re: Physically picking locks is nothing new.

      "Seriously. I learned to pick physical locks in the mid 1960s.

      Nothing has changed."

      Actually, it has to an extent. Modern high-security locks are pick-resistant by using techniques that either require the tumbler pins to rotate as well as rise as well as means to prevent holding the pins in place while you're trying to dial them in.

      Anyway, the obvious wasn't mentioned in the article. It seems a lot easier to find a way to steal the key, no matter how sophisticated, and make a mold of it.

      1. A Non e-mouse Silver badge

        Re: Physically picking locks is nothing new.

        It seems a lot easier to find a way to steal the key, no matter how sophisticated, and make a mold of it.

        Obligatory XKCD cartoon: xkcd.com/538/.

        1. Charles 9

          Re: Physically picking locks is nothing new.

          That cartoon doesn't take sissies or masochists into consideration.

    2. Christoph
      Mushroom

      Re: Physically picking locks is nothing new.

      Goes back to at least the mid 1940s. Feynman needed to get a paper out of one of a set of combination safes, but the person in charge wasn't there.

      Knowing that person was a mathematician, Feynman tried a few obvious things. The safe opened to 'e' to six places.

      He checked the other safes. They all opened to the same code.

      The content of these safes was a complete duplicate set of all papers for the Manhattan Project. From 'First mine your Uranium' to 'Light the blue touch paper and RUN AWAY'.

      He took a piece of paper, wrote 'Guess Who' on it, put it in the safe and locked the door again.

    3. Anonymous Coward
      WTF?

      Re: Physically picking locks is nothing new.

      "I won't even get into the concept of "bump keys"."

      You do that and I won't go into the concept of Anti-bump and Anti-Snap locks....

    4. Blank Reg

      Re: Physically picking locks is nothing new.

      I used to defeat the server room lock with a coat hanger, without picking the lock. I just had to slide it behind the latch bolt and pull.

      1. Topy

        Re: Physically picking locks is nothing new.

        This is a whole separate type of technique known as a 'bypass attack' and its also something we like to use as its surprisingly effective in a variety of circumstances

    5. Topy

      Re: Physically picking locks is nothing new.

      When it comes to restricted locks and locks that are resistant to picking, i'd suggest moving away from pin-tumbler locks altogether and looking at high security disc detainer locks like the Abloy Protec Series. These, as far as I've seen, are currently 'unpickable'. Thats not to say that they won't be forever, but for now, they're pretty impressive.

      You're right, most crimes are due to opportunity. However, we're discussing this in the context of 'red-teaming' engagements and attempting to be as subtle about things as possible.

  3. allthecoolshortnamesweretaken

    File under

    convenience vs security.

    It's very convenient to have a master key that can be used on any lock in the building. However, once a master key goes missing, you'd have to replace all the locks. In my part of the woods that's roundabout 100 EUR per lock if you buy in bulk.

    Not a bad idea to use different systems/manufactures for locks on the perimeter of the site, the outer hull of the buliding(s) and the inner doors; or different systems for sensitive/not-sensitive parts.

    You'll have to clear this with your local firefighters and/or buliding authorities though.

  4. Mr Dogshit
    Facepalm

    No way!

    Do bears shit in the woods?

  5. Anonymous Coward
    Anonymous Coward

    I don't understand why they need the patent drawings.

    If you have to buy an identical lock to replace the one you cut off the gate then you could just measure the key that came with it.

    If you can cut the lock off their gate with an angle grinder without being detected then you may not actually need a master key.

    1. The Mole

      The article said you don't have to buy an identical lock - you just need the face of the lock looking similarly enough/the right shape to accept the key (easily knocked up from a photo), and then have the cylinder accept any key so locks and unlocks but doesn't actually check the shape of the key.

    2. Topy

      Patent drawings were used because it was easier to render a 3D model off them than to do precise detailed measurements of the key-ways.

      On your standard house locks, its fine, but on a restricted profile with lots of warding its actually quite hard to get accurate measurements.

      As for the angle grinder.

      Its just one of several ways to get the cylinder. But you'd be surprised how many extremely large facilities exist and how many of them use master keys over multiple sites with no-one around for miles.

    3. deanjones45

      A group of lock-picking hackers and Locksmiths, has cracked open the controversy surrounding 3D printing and personal security. Using images from publicly available patent websites, the hackers managed to replicate so-called ‘restricted’ keys that could be used to open businesses, government buildings or secure data centers.

  6. Mage Silver badge

    Or electric drill

    Locks are only a time delay / deterrent or to stop casual stupidity by employees.

    They are only part of an over all strategy.

    Battery powered drills, bolt cutters, angle grinders, gas cutting torch, explosives ...

    Any have decent locksmith can make a key from a photo that has something to give scale. The 3D printer and patents are irrelevant. A patent only tells you profile and method, not the actual specific physical "code".

    A lock system with a single master key isn't really a lock.

    1. I am the liquor

      Re: Or electric drill

      The patent's relevant if the lock manufacturer restricts access to the key blanks as a security feature. 3D printing a plastic key blank from the patent drawings is surely a lot more accurate and reliable than cutting one by hand based on a photo.

      CNCing a metal blank from the patent drawings would be even better, but CNC machining is so last decade.

    2. Topy

      Re: Or electric drill

      I think you missed the point here, the point isn't to open a single door. Its to open every door thats part of the same key system. One standard master-keyed lock will usually yield 32 different 'master keys' when disassembled. This is where the printing comes in handy. You can make all 32 quite quickly and use them all as needed.

      The photo->key was actually covered in the talk but not mentioned here.

      See: http://vision.ucsd.edu/~blaxton/sneakey.html

  7. PNGuinn
    Thumb Up

    Locksmithing in Colditz

    All this is very clever, using the latest technology and all that. And I'm not knocking it.

    However, accurately dimensioned drawings publicly available?? SHIRLEY whoever filed those should have been instructed to alter / redact them sufficiently to JUST include the information required for the patent??

    Does this mean that if I copy the lock and simply make minor dimensional changes I'm outside the patent??

    But for real kudos, read up on what POWs managed to do in prison camps during the last war, under close guard and with prison made and designed tools.

    If you can get a copy of it Major PR Reid's "Colditz The Full Story" is well worth a read. (Pan ISBN 978-0-330-50999-2. First published by Macmillan.)

    In the end there is no such thing as security. Get used to it.

    1. AndyS

      Re: Locksmithing in Colditz

      From a quick Google:

      In one highly organized lightning operation, the actual lock was removed and the notches in the key blank were sawn to the exact depth required. The key worked and the lock was replaced. Having opened the principal door with his cruciform key, there were two further doors and more lock-picking before Guigues reached the actual parcels store. Every visit was a major operation involving seventeen men each with a different role to play. Fredo's first poy was to order from his wife two parcels of tools. When they arrived he intercepted them, replacing them with innocent parcels before distribution (and examination by the Germans) took place...

      ...Eventually the Germans installed an electric alarm on the locks of the parcels office. But this was no thread to Fredo and his clandestine visits because he intercepted the circuit before the installation was complete, carrying it through to the floor above...

      Fascinating stuff. Might need to get that.

  8. Duncan Macdonald

    Making a non-pickable electronic lock is possible

    However when it breaks (always at the worst possible time) the lock (and possibly the door) will need to be physically destroyed to gain access.

    (The lock issues a random challenge string encoded with its public key to the inserted key. If the inserted key is a valid one it will be programmed with the corresponding private key and will be able to decode the challenge and pass the decoded string back to the lock. If the decoded string is correct then the lock opens - otherwise it activates alarms.)

    This method is not suitable for padlocks or other locations without electrical power.

    1. SImon Hobson Bronze badge

      Re: Making a non-pickable electronic lock is possible

      Which is more or less the basis of modern car security - at least for some manufacturers/models. The key has a "chip" in it, and the security system in the car interrogates the chip when it's close to the ignition lock. So with some models it's possible to have a key which will unlock the steering wheel but won't allow the vehicle to be started - useful for those who tow a vehicle around (eg those small cars you see on tow behind a large motorhome).

      1. Anonymous Coward
        Anonymous Coward

        Re: Making a non-pickable electronic lock is possible

        ... and this car lock scheme is easily defeated through a kind of man-in-the-middle attack, as demonstrated by the ADAC in Germany. NFC is only 'near' for a given antenna. Target the car key near the victim with a directional antenna, run any (more or less arbitrary) connection to a second transponder near the car, and you can open the doors and start the engine. Once the engine is running, you can cut the connection to the key and drive off.

  9. Harry Stottle

    Good analogy

    for what happens when you insist on a crypto "back door"...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like