Stories
Slash Boxes
Comments

SoylentNews is people

posted by azrael on Tuesday September 02 2014, @01:46AM   Printer-friendly
from the opening-pandora's-box dept.

One of the unintended consequences of cheap 3-D printing is that any troublemaker can duplicate a key without setting foot in a hardware store. Now Andy Greenberg reports that clever lockpickers are taking that DIY key-making trick a step further printing a "bump key" that opens even high-security locks in seconds, without seeing the original key.

A bump key resembles a normal key but can open millions of locks with a carefully practiced rap on its head with a hammer. Using software they created called Photobump, Jos Weyers and Christian Holler say it's now possible to easily bump open a wide range of locks using keys based on photographs of the locks' keyholes. As a result, all anyone needs to open many locks previously considered "unbumpable" is a bit of software, a picture of the lock's keyhole, and the keyhole's depth. "You don’t need much more to make a bump key," says Weyers. "Basically, if I can see your keyhole, there’s an app for that."

Weyers and Holler want to warn lockmakers about the possibility of 3-D printable bump keys so they can defend against it. Although Holler will discuss the technique at the Lockcon lockpicking conference in Sneek, the Netherlands, next month, he doesn't plan to release the Photobump software publicly and is working with police in his native Germany to analyze whether printed bump keys leave any forensic evidence behind.

Ikon maker Assa Abloy argues 3-D printing bump keys to its locks is an expensive, unreliable trick that doesn’t work on some locks whose keys have hidden or moving parts but Weyers argues that instead of dismissing 3-D printing or trying to keep their key profiles secret, lockmakers should produce more bump resistant locks with electronic elements or unprintable parts.

"The sky isn't falling, but the world changes and now people can make stuff," says Weyers. "Lock manufacturers know how to make a lock bump-resistant. And they had better."

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by gman003 on Tuesday September 02 2014, @01:53AM

    by gman003 (4155) on Tuesday September 02 2014, @01:53AM (#88320)

    Bump keys are already easy. All you really need is a key for any similar lock that you can file down - one that will fit into the lock, but not necessarily turn it. So if I did that to my apartment key, I would (theoretically) be able to use it on any other apartment in my complex, or any other that uses that same lock design (regardless of how it was keyed). All 3D printing does is remove the difficulty of getting that blank key.

    Bump keys are also a well-known problem. Many common locks are still vulnerable to them, but any high-security lock will have countermeasures. This doesn't really change the attack, it's basically the equivalent of a script-kiddie version of an existing well-known attack.

    Starting Score:    1  point
    Moderation   +3  
       Informative=3, Total=3
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 4, Informative) by frojack on Tuesday September 02 2014, @02:01AM

    by frojack (1554) Subscriber Badge on Tuesday September 02 2014, @02:01AM (#88322) Journal

    Right, this whole 3D printing business is becoming like "do any common thing with a computer and suddenly its novel and new and (usually) scary.

    Go look at any hardware store and you will find the shelves are full of new locks (not even the high-security models) that advertise Non-Bump-able.

    There are a bazillion locks installed that are bumpable, but locks tend to get replaced when people move out or in. The problem is that large apartment buildings don't want to replace all their locks, they just want to re-key them. Non-bump usually involves replacing the cylinder, rather than simply rekeying (changing the pins). Almost any lock smith can replace a bumpable cylinder with a non-bump one for a few bucks. But chances are your building super won't want to foot that bill.

    --
    No, you are mistaken. I've always had this sig.
    • (Score: 0) by Anonymous Coward on Tuesday September 02 2014, @04:07PM

      by Anonymous Coward on Tuesday September 02 2014, @04:07PM (#88545)

      Go look at any hardware store and you will find the shelves are full of new locks (not even the high-security models) that advertise Non-Bump-able.

      RTFA! This is about making working bump keys for said "Non-Bump-able" locks.

      • (Score: 2) by frojack on Thursday September 04 2014, @05:56AM

        by frojack (1554) Subscriber Badge on Thursday September 04 2014, @05:56AM (#89216) Journal

        Nope. There isn't a hint of a suggestion of that capability in the article or the linked sites.

        --
        No, you are mistaken. I've always had this sig.
  • (Score: 5, Interesting) by Snotnose on Tuesday September 02 2014, @02:15AM

    by Snotnose (1623) on Tuesday September 02 2014, @02:15AM (#88327)

    CSB

    About 30 years ago I lived in an Apt complex that consisted of about 10 rows of rectangular buildings, all with 8 units each, each had a different street address. I worked night shift at the time and we used to get off at midnight, close a local bar, go get dinner, and head home. One night I unlocked my door but, when I went to open it the door chain was on. As my brain was processing WTF some old guy comes up to the door yelling "hey,who are you and what are you doing!".

    Turns out I'd gone to the row next door. A bit of experimentation the next day showed that my #7 key unlocked all 10 #7 doors. Went to my neighbor, his #6 key opened all #6 doors. we went to the landlord and got our locks replaced the next day.

    /CSB

    --
    I hate when I put something off to tomorrow, and tomorrow arrives.
  • (Score: 0) by Anonymous Coward on Tuesday September 02 2014, @02:35AM

    by Anonymous Coward on Tuesday September 02 2014, @02:35AM (#88335)

    I got a lockout tool set off a tool truck, it included a thin key that opens gas caps, some car doors, tool boxes, some padlocks, some house door locks, etc. Not very high tech, could easily make one with a bench grinder and a thin piece of metal.

  • (Score: 2) by nyder on Tuesday September 02 2014, @02:41AM

    by nyder (4525) on Tuesday September 02 2014, @02:41AM (#88337)

    Getting blank keys are easy. Lots of stores have key copying kisoks in them, that needs a store person to operate, but they leave them open, and you can palm keys easy. Knew some peeps who did that for car keys because they knew how to make their own master for many models.

    • (Score: 2) by LoRdTAW on Tuesday September 02 2014, @02:23PM

      by LoRdTAW (3755) on Tuesday September 02 2014, @02:23PM (#88502) Journal

      How about the key counter in Home Depot that is only manned when a employee is summoned by a customer. The best part is the decorative key blanks with sports teams and other colorful designs are right on the counter facing the aisle. I can walk up, grab a blank, which already has a barcode tag attached, and walk to the self checkout counter which is right next to it.

      And really this isn't scary news at all. I learned how to make a tension bar and rake in shop class from my shop teacher. Hacksaw blade is used for the rake and the tension bar made from a short piece of fish tape (or wire snake) which is heat treated spring metal. All done on a bench grinder.

      Also, if key blanks were next to impossible to obtain it would be trivial for a machinist to make one using a surface grinder and perhaps a slotting saw on a horizontal mill. Then a bit of work with a file to cut the ridges.

      • (Score: 2) by Snow on Tuesday September 02 2014, @07:26PM

        by Snow (1601) on Tuesday September 02 2014, @07:26PM (#88603) Journal

        I was at a walmart wanting a new key and couldn't find any service (Surprise, Surprise). I had enough time to root through the cupboards, find the instruction booklet, follow the instructions and make my own key. No one challanged me at all. I was there for probabaly 20 minutes. It's not exactly Ft. Knox.

  • (Score: 5, Informative) by q.kontinuum on Tuesday September 02 2014, @04:33AM

    by q.kontinuum (532) on Tuesday September 02 2014, @04:33AM (#88367) Journal

    Getting a blank key for high security locks was *not* easy before. Companies selling these locks were careful to patent their key profile, to sue others creating the same blanks, and to only work together with selected, certified partners. For cheaper locks this was always simpler, but now it gets simple even for the high security locks, and that's mainly what the story is about.

    --
    Registered IRC nick on chat.soylentnews.org: qkontinuum
    • (Score: 2) by gman003 on Tuesday September 02 2014, @04:46AM

      by gman003 (4155) on Tuesday September 02 2014, @04:46AM (#88371)

      So the locks were relying on security through obscurity (make blank/used keys hard to obtain) rather than security through security (making it resistant to bump keys). Yeah, I'm not gonna waste much sympathy on them.

      • (Score: 2) by q.kontinuum on Tuesday September 02 2014, @05:56AM

        by q.kontinuum (532) on Tuesday September 02 2014, @05:56AM (#88384) Journal

        Nor do I :-) But it wasn't even obscurity. The profile can be seen from the outside. The interesting thing about the article is that basically the potential trouble maker new all along how the key was supposed to look like, but usually the effort to build one would have been prohibitive. Now it's a child game.

        --
        Registered IRC nick on chat.soylentnews.org: qkontinuum
        • (Score: 5, Informative) by TheLink on Tuesday September 02 2014, @06:20AM

          by TheLink (332) on Tuesday September 02 2014, @06:20AM (#88386) Journal

          There are mechanical keys/locks systems that aren't crap: https://en.wikipedia.org/wiki/Disc_tumbler_lock [wikipedia.org]

          Why not use those instead? Padlocks using this tech seem fairly common where I live.

          • (Score: 2) by q.kontinuum on Tuesday September 02 2014, @11:23AM

            by q.kontinuum (532) on Tuesday September 02 2014, @11:23AM (#88447) Journal

            Thanks for the link. Sounds interesting.

            --
            Registered IRC nick on chat.soylentnews.org: qkontinuum
          • (Score: 1) by My Silly Name on Tuesday September 02 2014, @02:47PM

            by My Silly Name (1528) on Tuesday September 02 2014, @02:47PM (#88515)
            Chubb also make make locks similar in principle to the Abloy mechanisms in your link. (Expensive, though.)

            Another interesting design is the Bramah [bramah.co.uk] lock, which despite its origins in the 18th century is still pretty damn hard to pick, and is definitely resistant to crude bumping techniques.

            Unfortunately, no matter how groovy the lock technology we use, there's always the thermorectal method of obtaining a key. In my case, having abandoned big cities and now living in the boonies in Tasmania, I almost never lock my front door at all.
          • (Score: 2) by LoRdTAW on Tuesday September 02 2014, @08:18PM

            by LoRdTAW (3755) on Tuesday September 02 2014, @08:18PM (#88626) Journal

            Picking is not an issue but disc key copying is actually quite easy. The MTA uses these locks in the subway and perhaps other places to lock up just about anything. I had a friend in high school who was NYC subway obsessed and his neighbor was an MTA employee. Dont ask me how but he got ahold of the disc tumbler key and the lever keys used on the various doors and compartments of the subway cars. He secretly made clay casts and hand copied them using nails and sheet metal. The disc tumbler key was made from a nail with a flat filed on its length and then grooves for the discs filed at an angle into the half. The lever tumbler keys (aka old timey skeleton keys) he already made from bent sheet metal brazed to a nail by making a clay pressing from the slot on the door. He just had to figure out the rejection notch which was surprisingly dead center square and easy to cut.

            The both of us had MTA keys we would show off by opening the doors between cars and unlocking gates with the disc locks. We were young and dumb but it was quite fun. But you had to be careful so we kept mischief to a minimum as that was jail right there. We only unlocked stuff to show off and stole a disc lock to lock our bikes with. Those locks were super strong. A solid steel uni body and a thick hardened shackle. Locking was simple: turning the key 90 degrees twisted a cam that pushed two steel bearings outward into grooves on each side of the shackle. There was no push to snap the lock, you had to turn the key to lock and unlock it. Impossible to break the lock by hammer, chisel or bolt cutter. You were better of cutting the chain or what ever the chain was around unless you had a torch. Master locks are garbage next to these things.

    • (Score: 2) by mrchew1982 on Tuesday September 02 2014, @11:53PM

      by mrchew1982 (3565) on Tuesday September 02 2014, @11:53PM (#88701)

      Most high security locks now use other means to overcome unauthorized copying. The one that I'm most familiar with from my day job is ASSA ABLOY; they use a secondary set of pins on the sidebar of their locks. They have also started to use pins on the top that twist and turn, as well as fancy profiles on the pin/key interfaces that require special cuts at odd angles.

      It's always a race...