

KnoxBox brand Lockboxes hacked - bifrost
http://www.reuters.com/article/2013/03/01/us-security-lockbox-idUSBRE92004T20130301

======
rdl
It would be fun to set up a fully automated "take photo of Medeco key from 2
angles and with/without flash", decode, print, and mail to you service for key
duplication.

I'm not sure what it would take to decode a lock and produce a key with a
zero-skill operator onsite.

Then of course a simple database of geolocation to fire department to key. I
wonder if Knox is bad with key control and just assigns sequential/related
keys based on when cities ordered the system, or per geographic area. Or if
maybe there's a master keying system in effect -- city and county departments
in a given region having everything masterkeyed so mutual-aid could happen. Or
just how big the given area for a key is.

The silly thing is people have known mechanical keys are ~worthless for the
past 15+ years.

------
gridscomputing
but they use medeco locks, those are impossible to attack

~~~
bifrost
Some quick googling will show thats actually not the case.

IMHO, This attack basically illustrates a misplaced trust in city/state
employees to protect our privacy and property. This lock is apparently
trivially defeatable to someone who's interested in figuring this out. Not
saying that a standard lockpick attack is harder, but this is basically ->
steal one key, get every single key in every building in a city.

~~~
rdl
He was being sarcastic :)

