Key duplication without the Key
Thursday, October 30th, 2008A picture is worth a thousand locksmiths.
This is a somewhat interesting article. I’ve used very similar procedures long long ago. The concept isn’t too far from what you’d see in old spy movies where the agent would make a wax mold of the key.
Whereas this is a bit of fear mongering, to anyone who has been paying attention, physical keys are rarely as secure as you think they are. To me, this is yet another attempt by the computer security industry to highlight known physical security issues and try and make it look like it was a huge discovery. Being able to use a computer to do it is neat, but hardly groundbreaking. I can say with certainty that when I was in practice, there were certain keys that I could manually read and memorize the cut depths from a distance of 5-6 feet. This came from a lot of practice of analyzing that particular manufacturer’s locks and knowing the specifications of their system. Some vendors may be more difficult than others.
In terms of protecting yourself against this sort of attack, the first line of defense is a good offense: don’t let other people scan or photocopy your keys. Beyond that, you want to try and use a locking system that doesn’t translate well to a 2 dimensional representation. Medeco may be a good example in that I suspect that it’s harder to tell the cut angle, so you’d only have the cut depth, which isn’t enough to open the lock. There are several other vendors that use keys that are more 3 dimensional in utility which would be harder to get around. Moving to a key with data in 3 dimensions doesn’t eliminate the problem, it just adds one more layer, making it that much more difficult to recreate.
Still… locks and keys have been around for a very very long time, and they’ve been known to be vulnerable for a very long time. This attack is hardly new. There is a reason that jails don’t allow any pictures of the cells keys to ever be taken.
