I feel like this is a complete misunderstanding of the threat model here. Keys are not "like passwords", because to use a key you need to physically go up to someone's door, whereas with a password, you can generally do so from a computer terminal anywhere in the world, potentially using anonymizing proxies.
If anyone in the world could anonymously try and open my doors and, if they succeeded, could steal my valuables, locks would have been found insecure a long time ago.
Yes, the author here doesn't know how to use lockpicks or a crowbar to break into a house. The author also has presumably never tried to steal something from a house. Houses are generally just secure enough that the casual passer-by can't easily get into them, but not secure enough that if you really wanted to you couldn't get in. Most people who pick locks will tell you that picking locks is not a particularly good way to break into a house to steal things because breaking into a house is easy when you don't mind destroying someone's property. If you're a criminal you don't need anything more sophisticated than a crowbar (and even then you might just walk around until you find a door that's not locked at all).
So sure, maybe this makes one particular attack marginally easier (not really all that much easier than it was before), but illicit key duplication is still not the weakest part of your physical security by a long shot, so I don't think there's anything to worry about.
You seem to only care about theft. What about restricting access to those who have other reasons to break into someone's property? Spurned lovers, coworkers, friends you can't really trust... The kind of people who would actually have access to take photographs of your keys to begin with?
This only adds the ability to copy keys with momentary access to your keys. Anyone with sustained access to your keys can just take them down to the hardware store, so this doesn't really change the "spurned lovers" equation.
I don't see why the other people would want to break into my house if they weren't interested in stealing my things or hurting me (and if they are just breaking in to like, hang out in my house, that's a bit weird but not really something to lose any sleep over). If they do that habitually, I think they'd find breaking into the house without using a credit card to buy a copy of my key is quicker and less risky than using KeyMe. I am not particularly worried about the extremely rare threat model of being my non-criminal friend or coworker's first break-in, where they decide opportunistically to break into my house because I left my keys somewhere and they know they can easily make a copy of them at a kiosk.
The issue is thinking average keys and locks are anything but a mild inconvenience. Spurned lovers/friends/coworkers could easily "borrow" a key and get it copied.
They could also just get a screwdriver and a rubber mallet and remove the lock, or smash a window.
And people must be careful if they buy 'secure' doors which can't resist a crowbar too. Unless spending time and money on security, a house is quite easy to break in.
"Parking valets suddenly require a ludicrous level of trust"
They always have. It was always possible to take a blank key and just copy it with a file. You could use a softer material to expedite the process and then copy it again later...
Which is why, most cars come with a valet parking key that only turns the ignition, and doesn't open your trunk. You're not supposed to hand the valet your entire keyring. That's ludicrous (although a lot of people do this)
Though with the availability of this app we're going to see a lot more crime committed this way.
Many (most?) modern cars also have a radio-based transponder fob to operate the immobilizer, which, being both electronic and obfuscated / proprietary, isn't as easy to clone.
I don't really know that this app will perpetuate a lot more crime - 5 kiosks in NYC actually seems like less availability than your crooked buddy at the hardware store turning a blind eye to you bringing in a key or two every so often.
Plus, it seems to me that use of the app and kiosks is even more trackable than walking into a physical location.
It's not the car key that I'm worried about people cloning. It's the droves of people who leave their house keys attached to the keyring when they hand it to the valet.
My Honda has a lockout that disables the lever used to open the trunk from the driver's seat. Of course, many cars have a fold down rear seat (mine doesn't) meaning any valet that really wants to check out your trunk will still be able to.
My 15 year old Honda has locks on all of those things, that you cannot unlock with the valet key. There is a lock on the trunk lever, a lock on the shelf in the back window for the seats, and a lock inside the armrest cubby in the back for the fold-down cup-holder stowaway door thinger.
I think a lot of cars have some kind of lockout for it. I have a VW, and there's a electric trunk lever in the driver side door, which has a keyhole above it to disable it. Both sides of the rear seat also fold down to allow trunk access, and both sides also have keyholes to lock them out. So I guess you could keep the valet out of your trunk, if you actually remember the valet key and go to the trouble of locking 3 different locks. Which gets to your second point, that I don't really have anything there worth caring about anyways. Maybe if they really want to steal my spare tire or something.
But then again, I don't really like valeting my car anyways.
Killer escaped prison after being issued picture of master key to all locks.
A former prison officer said the design of the master key - which could open every lock in Berrimah jail in Darwin - was printed on the front of the prisoners' information handbook.
It's KeyMe, a service that lets people make copies of keys from a vending machine, using photographs of keys. He got the photos because his neighbor let him handle the keys.
No particular high-tech involved. (Even though he claims they're 3d-printed in the vending machine, i suspect they're simply cut from a raw.)
Minor nitpick: The author indicated that custom styled and mailed keys were 3d printed, and the kiosks cut the keys from a blank. (end of 4th paragraph)
Otherwise an accurate and brief summary. The article is relatively short and worth the read, though.
for those playing along at home, the app he used to break into his neighbor's home is called "my neighbor gave me a key to their home".
if we are willing to call this a "break in" then the app is not the operative concept, it's the social engineering that enabled the guy to give you the fucking key.
might as well have written about the shoes you used to break in with.
it says he "spent about 30 seconds in the stairwell scanning his keys". the app doesn't "make" anything in 30 seconds.
> "Do Not Reproduce" keys can be reproduced
"do not reproduce" does not mean "can not reproduce".
> Lock nerds can reproduce keys from a 60-feet picture.
i read "One group of researchers ... could reproduce keys photographed from nearly 200 feet away and at an angle." this is without the app. which is more to my point.
moving on, if the person trusts you enough to give you a key, you don't need it.
Lock nerds can also open your lock in less than 30 seconds using lockpicks or door shims or any number of other techniques. Locks are not a very robust technology.
I think that this article, and many of the comments, show a misunderstanding of what robbing houses is really all about. Not that I've done it, but it seems pretty obvious when you think about it from the robber's perspective.
Anything to do with locks is not really relevant to robbery, since virtually none of the houses in the world have good enough security to resist anyone even moderately determined and willing to break things. Why bother with some elaborate charade to copy keys when a crowbar, or usually a boot, will get you into any house?
What is actually relevant is information about the house and what's in it. First, information about whether there is anything stealable in there - stuff that's easy to transport out and can be sold in a grey market for a good price without being easy to track back to the thief. Most houses don't have a lot of stuff like this, and there's probably a pretty stiff haircut on the price you can get when moving stolen goods through fences. I'm guessing that you'd want trustworthy information that there's stuff you can take and move for at least $1,000 or so to make it worth your risk to break into a specific house.
You'd also want solid information about who can be expected to be at the house, and when. Any chance at a confrontation is going to add a lot of risk.
Threats like the valet copying your keys don't really make any sense. Yeah, he has the keys, and information that could lead to an address, like registration and license plate. But he doesn't know anything about what's in the house or who's there. Why should he care that, after going through a complex and risky process to get a copy of the keys and the address, he has slightly easier access to a house of unknown quality?
Worry instead about people who have access to that information. Repairmen, exterminators, maids, anybody who has a legitimate reason to go around your house. And be wary of letting untrusted people know when your house might be empty for an extended amount of time.
In contrast to "stupid" ordinary house locks, which are not powered, car keys these days incorporate RFID chips so that the key at least cannot be used to steal the car. Granted, you can still empty it, but at least better than losing the car altogether.
So what if there's an app? Copying keys has been done for centuries and it's trivial. I forgot my personal storage locker key once at home when working at one metal company. It didn't take too long to call my dad, as details about the key, and creating a working copy. It was a Abloy Classic key, so it was trivial to copy of it from bolt using lathe and a bandsaw. With some key types you might also need a drill. All this work can be done bit slower using plain hand tools, you don't need even electric power for copying keys. And the lathe was only needed, because I naturally didn't have a right 'blank'. Copying keys has been always trivial if you have access to key you want to copy. I guess it's now ok to confess that I also had a teachers set of keys at school. Of course a copied set. One teacher borrowed me their keys once, and that's it. And this was 20 years ago and before copying the keys needed for personal locker at work.
Apparently 95% of USA home locks use SC1 or KW1 keys... and OpenSCAD files can be downloaded to easily generate a 3D model of any key configuration using a statement like this for example: sc1([3,3,1,7,2]);
http://www.thingiverse.com/thing:8925/#files ... then send it to your 3D printer
The dude is suffering from a major depression and is about to go on medication, give him a break. Anyone who invests in a kickstarter must understand there's just one guy behind a lot of them and there's a massive risk they'll fail to deliver.
And Jason Scott is on the case to get things righted, you can't get a much more trustworthy caretaker than that...
Why yes, in the latest episode of the soap opera it seems both of them conform to the "Ever feel not perfect? Ask your doctor about..." American pharmaceutical stereotype. It has been almost worth it backing just to read the excuses. Almost, but not. Funny how in traditional societies people just go get some exercise or something and don't need chemical crutches with lists of side-effects scarier than the original so-called symptoms. Having lived in a few countries, to me it's clear: US mental health issues are partly socio-psychosomatic. Warm fuzzies and all that, but four years is a long time.
This is not the time or the place for this discussion so I'll try to keep it brief and non-argumentative.
As a non-American, I agree the U.S. is way overmedicated.
That said, some people still do need medication. If you read the post you'll see the guy himself has avoided the medication until now due to a bad episode of being misdiagnosed and medicated as a child. He has literal first-hand experience of what you're complaining about.
I'm in Japan now, and this place is the exact opposite. Mental illness "doesn't exist" and half the medications prescribed in the US are illegal here. And hey, 3 train jumpers a day. "Hey pussy, pull yourself up by your bootstraps" doesn't work either.
This is why I use 2 factor on my front door.. Mainly fingerprint backed by a code or key.
Noting is 100% safe..but I prefer ease of use in making a decision.
Does the fact that a burglar used a crowbar vs. entered silently via a copied key play into how easy it is to deal with your homeowners insurance provider? (Genuinely curious, and couldn't find anything via a brief Google search.)
I know people who made keys from photos in high school (I attended boarding school, there was a lot of free time). It is not hard to do, even without KeyMe.
Like magnetic stripe credit cards, keys need to die. The security model is broken for the same reason - anyone who handles or even looks at the token has free reign on whatever is protected by the secret. The secret should instead remain encapsulated, used only to sign encrypted, replay-attack-proof authorizations.
It's 2014. Smart cards need to be everywhere. Even my college dorm had contactless smart card authentication.
Keys still have a place for manual override in outages, but that should be rare and set off alarms.
Just like imperfect passwords, keys have a valid place in the security models.
Security is always a tradeoff, and there are many usecases where a huge increase in security isn't worth even a tiny increase in accessibility or cost.
Let's take an example of cheap padlock on a garden shed or a lock on a filing cabinet. Both of them are trivially broken, either by skill or simply brute force. Yet, they achieve their security goal - they do prevent (as in, significantly reduce frequency) random passers-by from taking the stuff inside. A more secure model, such as smart cards, would be an inferior choice there due to increased cost and decreased usability.
For example, a secure system would require to make it harder for a random person to make copies of the key/token/whatever. An accessible system would require to actually make it easier - so that any keyholders can easily make copies without authorization from 'key owner' that takes some time and effort. For example, if a renter needs to involve the landlord to copy his key if one of them was lost, then it's more secure but less usable. "Easily copied" is a bug or a feature only depending on the system needs.
I agree about the smart cards. My college had chipped id cards (like modern non-USA credit cards) in 1992!
I just stayed at a hotel in New York with smart card locks. It was so nice to be able to just hold my wallet against the door rather than pull the card out of my wallet and try to remember which way the magstripe goes, etc.
The reader on the elevator was placed low enough that I just needed to stand within a few inches of it to "unlock" my floor.
Do keep in mind that hotel doors are anything but secure, regardless of the kind of lock. It doesn't even take a sophisticated exploit to unlock the door, just a simple metal gadget.
With apologies to all, everyone is missing the point, including the author.
Spoiler/tl;dr summary of this comment: Soon you will be able to generate a key while standing at the lock, scanning it with the laser scanner built into your mobile device, generating the key with a hand-held 3D printer you bought at the convenience store on the corner.
OK, longer version.
A number of comments dismiss the security threat as not particularly meaningful (give someone your keys, give them an opportunity to mess you up) and they are correct insofar as this very specific threat is concerned. It really is very similar to the traditional "give someone your credit card, they can mess you up" threat.
But think about that threat for a moment: The reality of that threat led to chip-and-pin cards, to CCVs, and to PCI compliance.
That threat was also greatly magnified by the move from the pen-and-paper world to the world of online shopping - and we've had to adjust our threat mitigation strategies appropriately.
The point of the article isn't actually for example that valets require great trust. The author actually misses the real point while describing it quite clearly: It has always been possible to do this, it's just orders of magnitude easier, and cheaper, to do it today, because of the blend of off-the-shelf widely available low-tech technology. That's the point of mentioning KeyMe: It is so easy to build the bits to do this threat that there are reliable commercial services that make money from low-cost apps and unattended kiosks.
And it is going to get much, much, much, much worse, very, very, very soon.
Very soon now you will be able to buy a pocket or at worst back-pack size multifunction replication device, that is, a 3D printer with a scanner built-in, or perhaps a 3D printer that uses your mobile device as a scanner.
With that device, you will be able to duplicate the keys on the way up the stairs.
And soon you will be able to use a commercial hand-held 3D printer with a commercial hand-held laser scanner to generate a key by scanning the lock.
That's just the beginning of tomorrow's threat model.
EDIT: Added a missing word above, and the following thought....
We assess attackers based on motivation and resourcefulness: a motivated, resourceful attacker is always a worry. The key duplication threat used to require a motivated attacker capable to acquiring resources, e.g., the prisoner, who would duplicate a key slowly and laboriously, using low-tech tools. This is a very motivated attacker.
Existing and emerging technologies make the resources widely available and lower the motivation bar dramatically. The key duplication scenario will soon be populated by the equivalent of script kiddies who will perform the threat just because they can, just because it's that easy.
That's the point of the article. That's the threat model we face going forward.
It is very very unlikely that you'll be able to duplicate keys using any kind of laser scanning technology, that's just not how they work. You could probably get the appropriate shape of the keyway, but you wouldn't be able to decode the lock without being able to image through metal, which is simply not going to be a technology built into phones any time soon.
I still find it an unlikely threat model, but I would admit that in the unlikely event that a technology allowing you to enter a door just by scanning it and printing up a key were invented and integrated into mobile phones or something else people are carrying around anyway, then that might actually overtake "crowbar"/"breaking the window" as the lowest-cost lowest-risk way of breaking into someone's home. And even then, probably it wouldn't affect all that many people. Plus you'd just have to modify lock technology slightly to fix the problem.
You got me wondering about other ways to scan, such as sonically. I'll bet that right now any kind of sonic scan would be crude and rough - but how long before signal processing can be cleaned up to make it good enough to guesstimate the lengths of the pin segments?
Especially if the scan included analyzing against known lock types? This is the sort of problem for which the Internet is ideal: An optical scan to narrow down lock makers and models, load custom signal processing configurations for those likely locks, perform a sonic scan of the lock and collect reflections, distortions, etc., and use the custom config to ease the decoding: Wah-la! A picture of the inside of the lock, with pin segment lengths.
Then print 5-10 likely keys on the spot.
Picking a lock requires a suspicious body posture and special tools.
Scanning a lock this way just requires you be close enough to the door. Checking your messages? Patting your pockets to make sure you have everything? Leaning your bag against the door on your knee to make sure you have everything? Many plausible scenarios for staying close enough long enough, and the tools are COTS, common.
Or maybe I "deliver" a "package" to your door, lean it against the door (UPS and others do this all the time), and the top of the package contains the scanning tools. I come back later (seconds, minutes?) after realizing I've made a mistake and take the package back.
The more I think about it, the more I cannot help but wonder if the physical lock of the future will not need a proof-of-authorization mechanism to vet the keyholder - at which point we eliminate the keyhole entirely and move to direct identification of authorized entrants.
And then of course watch for 0-day vulnerabilities in THAT technology.
If anyone in the world could anonymously try and open my doors and, if they succeeded, could steal my valuables, locks would have been found insecure a long time ago.
Yes, the author here doesn't know how to use lockpicks or a crowbar to break into a house. The author also has presumably never tried to steal something from a house. Houses are generally just secure enough that the casual passer-by can't easily get into them, but not secure enough that if you really wanted to you couldn't get in. Most people who pick locks will tell you that picking locks is not a particularly good way to break into a house to steal things because breaking into a house is easy when you don't mind destroying someone's property. If you're a criminal you don't need anything more sophisticated than a crowbar (and even then you might just walk around until you find a door that's not locked at all).
So sure, maybe this makes one particular attack marginally easier (not really all that much easier than it was before), but illicit key duplication is still not the weakest part of your physical security by a long shot, so I don't think there's anything to worry about.