SoylentNews is people
SoylentNews
Earlier this year, a new type of mobile app blew the collective minds of many—including NBC News investigative reporter Jeff Rossen. Using the camera of a smartphone, these applications could scan a house key, allowing it to be duplicated remotely. Rossen warned America that it could allow someone to digitally steal your house keys if you left them unattended—by uploading photos and getting shipped a custom-cut copy. Of course, they could do the same thing with your house keys just by running with them to a nearby hardware store. But hackers !
One of the contenders in this market is called KeyMe ( https://key.me/ ). No one is going to shoulder surf your house key with KeyMe—it requires photos of a key placed on a white background, taken from 4 inches away. But KeyMe is doing something that will further boggle minds and will likely raise even more security concerns: using the app, you can store scanned copies of your keys on their server and download them at a kiosk. The company has been rolling out kiosks across the country and has just expanded its fleet after inking a deal to place them at the Lowe's home improvement chain. And you can also share your keys with others via e-mail, allowing them to make copies for themselves.
(Score: 5, Interesting) by khchung on Sunday March 22 2015, @07:20AM
KeyMe - so it became trivial for burglars to enter your home when* their servers got compromised and all the key images stolen?
* - when, not if.
Make more sense if the kiosks can accept an image from USB stick, print out the key for a price, then delete the image immediately afterwards. By storing the images in their cloud, you can be sure they will be (1) finding ways to link more of your data to make money, and (2) sending copies of the images to NSA, willingly or unwillingly. Both meaning less security for users.
(Score: 2) by davester666 on Sunday March 22 2015, @05:16PM
well, if you have physically go there, it would be better to just have a direct scanner for the physical key, so you can't just photograph someone elses keys and make dups...
(Score: 5, Informative) by fleg on Sunday March 22 2015, @07:48AM
anyone worried about house security should be much more concerned about how easy the average house lock is to pick.
The MIT Guide To Lockpicking [lysator.liu.se]
(Score: 3, Interesting) by Runaway1956 on Sunday March 22 2015, @08:11AM
Yep. I've opened a few locks just by sticking random keys into locks, and trying them. Some very cheap locks don't require much of a match at all, it the key fits in the key hole, you can jiggle the damned thing around and get it to open. Some, slightly better locks require a near match, but there are limited numbers of keys to start with. If the manufacturer only has 120 different key designs, chances are that you can stumble over a matching key if you try. Then, of course, there are picks. Virtually all locks sold in America are pickable, some very easily, some with a little more difficulty.
There are some pretty good locks available in Europe, which master lock pickers claim are impossible, or nearly impossible to pick. But, those things are also pretty high dollar. One simply doesn't buy a $200 - $500 lock to secure ten dollars worth of tools. Not when most people use a cheap twenty dollar lock to secure their homes!
Abortion is the number one killed of children in the United States.
(Score: 1, Insightful) by Anonymous Coward on Sunday March 22 2015, @10:23AM
the average home door is not anywhere near secure...
(Score: 2) by c0lo on Sunday March 22 2015, @12:04PM
Windows is not very secure either, even less effort require to hack it
(grin)
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 2) by fleg on Sunday March 22 2015, @01:19PM
sure, but the amount of time it takes to pick the average lock is not much more and the big advantage is you could lock it again on the way out.
(Score: 1) by Pseudonymous Coward on Sunday March 22 2015, @07:53AM
So yeah, let's say you're locked out of your house but you have a key saved with key.me...
I'll bet you $50 they wouldn't even give you your key if you didn't give them your fingerprint.
(Score: 2) by Runaway1956 on Sunday March 22 2015, @08:17AM
People leave them all over the place. Just pick a few up ahead of time.
http://www.wikihow.com/Fake-Fingerprints [wikihow.com]
This isn't the "best" guide on the subject, but you can find more if you care to google for technical details.
Abortion is the number one killed of children in the United States.
(Score: 4, Interesting) by VLM on Sunday March 22 2015, @11:47AM
Its easier to use a photocopier. You photocopy both sides of the key, then pick up a blank, then tape/glue/whatever a photocopy and start grinding on the dremel (keep it cool!) and eventually switch to file and finally using a photocopy and some calipers you get it exact-ish.
Non-security oriented locks (pretty much everything at a big box store, etc) are pretty weak by design to make it easy to "officially" copy keys so it turns out unofficial copies work pretty well too. You can buy high security locks for maybe $500 a piece and aside from being more secure, not being made in China to the lowest possible specs also means they'll work smooth as butter for 50 years at a time. I plan to upgrade my house locks in my infinite spare time, just to have quality locks.
You'd be surprised how few store clerks care about giving away blanks, IF you don't fit some stereotypical profiles.
I had to do this for a broken key where the clerks went all stupid mode "It don't fit in the machine cause its broke and it don't have the code stamped on it so we can cut to code so you'll have to cut off the lock and install a new one". Ah no thanks, I'll take care of it myself thanks.
Cut to code is another whole scam. (I look at my keychain) I have a bike rack on one of my cars hitches and a hitch lock with a stamped "027" so if you know its a double sided trailer hitch pin lock for whatever brand hitch lock then they can crack open a big book that says given a code 027 set the machine to whatever and it'll probably work. Lots of places won't give a guarantee on cut to code keys because the customers and employees are too dumb and the keyspace is really small (Imagine the duplication when everyone uses a couple alphanumeric chars for ALL codes). Also good luck figuring out if thats zero-27 or Oh-27.
The reason this doesn't matter for practical security, is its more effort to steal using a key than to buy a used '93 Giant crossover bicycle, and if I had a $15K bike a thief would simply cutting torch / angle grinder the hitch off the car. Or, frankly, steal the whole car and figure out how to remove the bike later and elsewhere.
A truly disruptive and interesting idea would be a QR code for keys with enough bits to uniquely ID all keys (like a MAC) AND some kind of ID of whoever purchased the key.
(Score: 0) by Anonymous Coward on Sunday March 22 2015, @02:00PM
Care to give some links to the security locks you are considering? I've seen many people make similar statements, but seldom if ever does anyone actually list the manufacturer or seller of suck locks. Thanks in advance for additional education/links!
(Score: 3, Informative) by darkfeline on Sunday March 22 2015, @02:58PM
Not him obviously, but here's an interesting lock design I've come across: https://www.youtube.com/watch?v=1ey2SFHbZV8 [youtube.com]
Join the SDF Public Access UNIX System today!
(Score: 1) by Jesus_666 on Sunday March 22 2015, @06:14PM
Extensive research (five minutes with Google) pointed me towards a certain "bosnianbill" who seems to know his locks. Oh look, there's even a buyer's guide [youtube.com]. That video should be a good place to start because it talks more about which features make certain locks hard to crack than about which specific locks to buy. Of course it's only a start. Going for a reputable brand is always a must, though.
Another source of information are independent testing outfits like the German Stiftung Warentest. Those guys regularly test samples of random product groups and are pretty thorough. You may need to pay for the precise test results but at least the rankings are often easily available.
Of course you have to match the lock with what you want to protect. Putting a 500 USD lock on a typical American front door won't do you much good if anyone can just jimmy the door open. Actually, it won't do you much good with a thick, heavy front door either because then they'll go for the windows. It's probably still a good idea to go for a reasonably decent lock, though; fewer people will want to physically break something open (which is noisy) than to just pick the lock. It's just that 100 bucks will probably buy you just as much actual security here as 500 bucks will.
(Score: 2) by wonkey_monkey on Sunday March 22 2015, @12:16PM
No one is going to shoulder surf your house key with KeyMe—it requires photos of a key placed on a white background, taken from 4 inches away.
Not sure what that means. Just a few seconds would still be enough for someone to take such a photo of your keys without you knowing, if you mislaid them.
systemd is Roko's Basilisk
(Score: 3, Interesting) by looorg on Sunday March 22 2015, @01:30PM
As fancy as the idea might be what does your insurance company thing and say about it. That is really all that matters in the end. Oh you got burgled and you had uploaded all your house-keys to the internet you say? Claim denied.
(Score: 2) by tathra on Monday March 23 2015, @04:44PM
insurance company employees get bonuses [propertyinsurancecoveragelaw.com] for denying claims and keeping the claims they can't deny to as little as possible. they're going to look for any excuse to deny a claim? duh, that's exactly how for-profit insurance companies work.
(Score: 0) by Anonymous Coward on Sunday March 22 2015, @11:30PM
Finally common criminals can do what the intelligence agencies criminals have been doing for ages.
Common criminals want things. Intelligence agencies criminals want total control. They would get into your house and install spy devices. Hear every word you speak. With modern electronics, don't be surprised if the walls are listening to you.
(Score: 0) by Anonymous Coward on Monday March 23 2015, @02:52AM
So if the government wants to snoop in your house without your knowledge and consent all they have to do now is get a warrant to make a copy of that key from some company and now they can open your door unannounced.