backtop


Print 32 comment(s) - last by HostileEffect.. on Aug 7 at 11:48 PM

Students show 3D printing can be used to copy "difficult to duplicate" designs with ease

"If we show that mechanical locks are vulnerable to key duplication just by having a handful of numbers you can download off the internet, hopefully they ‘ll be phased out more quickly... Either that or make 3D printers illegal," warns Eric Van Albert, a 21-year-old engineering student at the Massachusetts Institute of Technology (MIT) in an interview with Forbes, following his keynote at Def Con 21.

Along with fellow student and researcher David Lawrence, Mr. Van Albert showed off a software tool that used scans from a flatbed scanner of a highly advanced "secure" key design to create a 3D model of the key and then duplicate it via online printing services Shapeways (nylon; $5 USD) and i.Materialise (titanium: $150 USD).

The researchers focused their efforts on Schlage Lock Comp.'s flagship secure-key solution, dubbed Primus.  Primus keys carry glaring "do not duplicate" message, which references Schlage's patent on its two-tracked toothed key design, U.S. Patent No. 5,808,858.  The patent was filed in 1997 and granted in 1998.  The keys are typically used by law enforcement, mental health institutions, and military detention centers; they are even personally recommended by famous lockpick expert Marc Weber Tobias who wrote the much-referenced 1970 textbook on security Locks, Safes, and Security.

Schlage Primus
3-D Printing subverts Schlage's high-end, high-security patented "PRIMUS" key design.

Inspired by security expert Bruce Schneier's "Sneakey" project, which has performed duplication of keys based on photos taken from hundreds of feet away, the pair of MIT researchers studied the Schlage keys and the patents involved carefully, looking to unlock their secrets.

David Lawrence printed schlage keys
David Lawrence (left) along with another MIT student researcher found a way to print Schlage high security keys. [Image Source: Forbes (right)]

They found two unique numeric codes -- six numbers cut into the top of the key and another set of five in its sidecut.  Describes Mr. Lawrence, age 20:

In the past if you wanted a Primus key, you had to go through Schlage. Now you just need the information contained in the key, and somewhere to 3D-print it.  You can take a high security ‘non-duplicatable’ key and basically take it to a virtual hardware store to get it copied.

All you need is a friend that works there, or to take a picture of their key, or even a picture of the key hanging off their belt.  Pirating keys is becoming like pirating movies. Someone still has to get the information in the first place, but then everyone can get a copy.  Our message is that you can do this for any high-security key.  It didn’t take that much work. In the future there will be models available online for almost any kind of key you’re looking for.  There’s no way of getting the cat back in the bag when you can print a New York city fire elevator key.  Those files won’t go away.

Mr. Lawrence is referring to a set of keys sold in 2012 by a retired New Jersey locksmith to an undercover reporter with The NY Post.  The keys were capable of shutting down elevators, opening subway gates and even getting into electric circuit breaker boxes all over New York City.  The NY Post briefly printed a picture of the keys taken Tamara Beckwith, but has since taken it down, realizing it could be used by locksmiths to create illicit copies.  However, that image still lingers on the internet, such as the version below which we found at The Huffington Post.

NY Master Keys
The NY master key set: (left to right) electrical panel key, fire elevator key, traffic light key, fireman service key, fire alarm box key [Image Source: NY Post via The Huffington Post]

The 3D-printing hack is the latest controversy over the hot do-it-yourself manufacturing technology.  Thus far the greatest debate has surrounded the rise of self-printed plastic guns like "The Liberator", which the Obama administration's justice wing has eyed warily and begun to crack down on.

One of the first demoes of using the technology to "hack" keys was given by "Ray", a German lockpicking expert who spoke at HOPE 2012 ("Hope Number Nine"), held in New York City, New York.  He used 3-D printing and laser cutters to reproduce high-security handcuff keys, which are interchangeable to allow any officer to unlock a suspect's handcuffs.  The presenter suggested would-be criminals could smuggle a set on their person and use it to escape if they were detained.

Sources: Def Con 21, Forbes



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

I thought...
By GGA1759 on 8/5/2013 7:42:04 PM , Rating: 5
Locksmiths and lock picks made mechanical locks insecure.




RE: I thought...
By flyingpants1 on 8/5/2013 8:14:20 PM , Rating: 2
"There’s no way of getting the cat back in the bag when you can print a New York city fire elevator key. Those files won’t go away."


RE: I thought...
By Mitch101 on 8/5/2013 11:28:12 PM , Rating: 3
I was wondering when 3D Printers were going to be used to print keys from a photo. After all you know the length and width of a key its just a matter of resizing the image and camera resolution seemed high enough to do so.

Still unless they make Windows out of gorilla glass I still see breaking a window as the quicker and easier point of entry.

There was a pretty good show on Discovery Channel about stuff like this
It Takes a Thief (2005 TV series)
https://www.youtube.com/watch?v=3gttq1l7m8I


RE: I thought...
By marvdmartian on 8/6/2013 7:45:42 AM , Rating: 3
Still won't defeat the alarm system you didn't render inoperative, the pissed off dog inside the house, or the more pissed off resident with a shotgun, that you didn't realize was still home, though, will it?


RE: I thought...
By BRB29 on 8/6/2013 8:09:54 AM , Rating: 3
Alarm systems can be defeated easily. Pissed off dog?, most people don't have that. Pissed off resident with a shotgun? who sits home and wait for robbers with a shotgun?

Most robberies are by people you know. They know your patterns. They know when you'll be home and where you'll be at. They know what you have for security. They know what you have that they want to take. They get to pick who to rob.

So what can you do? the best way to not get robbed is to prevent it from happening in the first place. Use common sense.
1. Make the right friends
2. Don't bait people to rob you. (EG. flash your wealth/valuables)
3. Make yourself a hard target or at least less vulnerable target than others.


RE: I thought...
By daboom06 on 8/6/2013 9:48:03 AM , Rating: 1
heh. 'merica

you only have to run faster than the next slowest...


RE: I thought...
By Schrag4 on 8/6/2013 2:35:05 PM , Rating: 2
I agree with pretty much all of this, including the word "Most." I know the chances of being randomly targeted for a robbery or home invasion are beyond remote, but I still choose to take measures to defend against someone who REALLY wants into my house. As rare as it is, it does happen. Do I sit at home with a shotgun waiting? No, I'm usually busy doing chores or hanging out with the wife and kids - I'm almost never waiting for anything. Plus, a shotgun isn't really a practical thing to carry around so a handgun on my waist will have to do. I would employ a long gun if it happened to be handy at the time, though. The fact that I carry a gun in my house doesn't mean I plan on using it anymore than I plan on using the seatbelt in my car.


RE: I thought...
By Mint on 8/6/2013 8:19:28 PM , Rating: 2
quote:
The fact that I carry a gun in my house doesn't mean I plan on using it anymore than I plan on using the seatbelt in my car.
Did you mean airbag? Or do you actually never buckle up?

Or are you saying 'using' only counts when you're in an accident?


RE: I thought...
By Schrag4 on 8/7/2013 12:44:39 PM , Rating: 2
What I meant by used was needed. I wear my seatbelt but I'm not really using it. Just like I wear my gun but I'm not really using it. To put it another way:

I wear my seatbelt when I drive even though I never expect that it'll actually keep me from getting impaled on the steering column or from being ejected from the vehicle that day (I won't "use" it).

Seatbelts, fire extinguishers, and guns (worn for protection) are basically insurance policies. All three have the cost of inconvenience, however small. They all can severely, even completely mitigate a disaster that none of the "users" thought would ever occur.


RE: I thought...
By ipay on 8/6/2013 11:39:05 AM , Rating: 2
I did that roughly a year ago as an experiment. I took a photo of a standard house key, created a model from the photo, printed it, and opened my front door first try. I can pick such locks much, much faster, but it was an interesting thing to try.


RE: I thought...
By stonemetal on 8/6/13, Rating: 0
RE: I thought...
By ipay on 8/6/2013 12:59:21 PM , Rating: 2
No... the entire cycle is faster: taking/obtaining a photo, making a model, printing...


RE: I thought...
By inperfectdarkness on 8/6/2013 7:44:17 AM , Rating: 2
The inherent problem of locks is that even if one were to make a lock completely impervious to unauthorized access (which is impossible) there would still be idiots who "lock themselves out".

Retinal scanners, fingerprint scanners, etc...they all potentially require some form of "master-key" in case the user is unable to access data/etc.

Personally, I favor hard-wired, push-button-electronic keypads. Wireless can be hacked/copied. Using a non-repeating 9-digit code on a 9 or 10 digit pad safeguards against fingerprint ID on which keys are used to access the door. That means that the only method is either brute force, circumventing the lock entirely, or a master-code--which isn't necessarily something that can/will be required by the lock MFG.


RE: I thought...
By BRB29 on 8/6/2013 8:19:11 AM , Rating: 2
Every electronic lock, regardless of verification methods, has to send the same signal to unlock.


RE: I thought...
By laviathan05 on 8/6/2013 9:54:49 AM , Rating: 3
Yep, what it comes down to is that locks are simply deterrents, not fail-safes. With enough time and resources any lock can be circumvented, and thinking otherwise is foolish.


RE: I thought...
By HostileEffect on 8/7/2013 11:48:54 PM , Rating: 2
I once locked my wall locker with a previous room occupants issued combination lock (school locker type) and had to cut it off with a knife. Recently, I forgot my combo again and had the same type of master lock off around or under five minutes.

Not dissing on master lock, their No. 40s are legit and I just use a better lock for the extra few bucks.


RE: I thought...
By MozeeToby on 8/6/2013 10:13:08 AM , Rating: 2
Not necessarily, you can prevent rebroadcast attacks with a simple cryptography scheme, it's just more complex because it requires processing power on both ends of the connection.

Put a cheap system on a chip at the keypad and another on the deadbolt. The user comes home and punches in his passcode. The keypad says to the deadbolt "hey, I wanna get in" and the deadbolt responds with a random number. The keypad encrypts the random number using the user entered passcode as the key and sends it back to the deadbolt. The deadbolt decrypts the result with the expected passcode as the key. If the decrypted number matches the random number it just sent it unlocks, else it doesn't.

Since the number changes each time, you can't resend the same response to get access. And the passcode is never sent unencrypted between the keypad and the deadbolt.


RE: I thought...
By Yojimbo on 8/6/2013 3:31:21 PM , Rating: 2
yes, mechanical locks have always been insecure.


Easist solution: confuscate.
By n0b0dykn0ws on 8/6/2013 9:04:28 AM , Rating: 2
I saw this a while back online, and it would prove an easy solution for this.

Install multiple deadbolts on your door, say three, but only lock two of them.

That way if someone is using a copied key or picking the locks, there is at least a chance they won't be paying attention to which ones are opening and which ones are locking.




RE: Easist solution: confuscate.
By axeman1957 on 8/6/2013 10:11:36 AM , Rating: 2
I have heard this before and the plan is VERY flawed and nobody ever says it... every deadbolt I have ever had unlocks by rotating the same direction. Do you intend to have 2 of your deadbolts unlock clockwise, with the other being counter clockwise?


By n0b0dykn0ws on 8/6/2013 3:45:08 PM , Rating: 2
You would need to use new deadbolts, but it is possible to manufacture the tumblers that operate in reverse.


Hmmmmm
By bodar on 8/5/2013 10:55:47 PM , Rating: 2
quote:
"If we show that mechanical locks are vulnerable to key duplication just by having a handful of numbers you can download off the internet, hopefully they ‘ll be phased out more quickly... Either that or make 3D printers illegal," warns Eric Van Albert


I wonder which way they'll go...




RE: Hmmmmm
By gdtaylor on 8/5/2013 11:38:50 PM , Rating: 2
quote:
I wonder which way they'll go...


My guess is that it will be similar to currency detection in software/hardware where the software will be detect that a *prohibited item* is being printed and prevent it.


By EricMartello on 8/6/2013 4:27:59 AM , Rating: 1
quote:
"If we show that mechanical locks are vulnerable to key duplication just by having a handful of numbers you can download off the internet, hopefully they ‘ll be phased out more quickly... Either that or make 3D printers illegal," warns Eric Van Albert, a 21-year-old engineering student


I'd like to phase out 21-year-old engineering students who don't realize that they should STFU and get schooled instead of making idiotic suggestions about outlawing 3D printers. In fact STFU should become an accredited institution were we send liberals to learn the art of silence.

Obviously this genius has never heard about bump keys and their ubiquitous availability...or lockpicks if you prefer the hard way. How about making bricks illegal since they make it too easy to break windows?




By jimbojimbo on 8/6/2013 12:49:49 PM , Rating: 2
He was making a joke.


By EricMartello on 8/6/2013 5:01:39 PM , Rating: 1
quote:
He was making a joke.


Doubt it. There's already an anti-3D printer movement festering among the ranks of anti-gun liberals who heard that you can print functional firearms with a maker bot.

quote:
warns Eric Van Albert, a 21-year-old engineering student


FYI if he was joking then the bolded word should be replaced with "jokes" or "jokingly warns".


Mechanical key-combination
By ranran on 8/6/2013 11:21:07 AM , Rating: 2
Been looking into getting new locks, and given my propensity for losing/forgetting keys, have wanted some type of key combination.

First looked into electronic, but there seem to be a host of issues with those (many have too short access codes (4-5), battery problems or require electricity, etc...).

So, I have been looking at mechanical numerical locks. The advantage here is no electricity/battery required and from my admittedly limited searching, I seem to be able to find locks with longer key combinations (>6).

I'd be curious if anyone has found anything better that also doesn't require electricity....




RE: Mechanical key-combination
By jimbojimbo on 8/6/2013 1:01:12 PM , Rating: 2
The Kwikset electronic deadbolt takes codes up to 8 digits long although it does have half the keys. However if there are too many failed attempts it'll disable itself for a set time so nobody can just sit there trying codes.

I have them on my front and back doors and use Eneloop rechargeable batteries (4xAA) and they last about two months and have never had problems. If you use regular batteries they will last a lot longer. I would suggest always carrying keys if you have just one electric lock but if you have two just stagger out changing batteries so one is always mostly full.


What what in da...
By Fidget on 8/6/2013 12:26:56 PM , Rating: 2
"The presenter suggested would-be criminals could smuggle a set on their person"

EWWWWWWWWWWWWWW!




RE: What what in da...
By ClownPuncher on 8/6/2013 2:24:03 PM , Rating: 2
Keester it.


the solution is of course
By TheEinstein on 8/6/2013 7:46:32 AM , Rating: 2
A key cover that retracts as you push the key in. problem solved, now can we solve liberals needing to tax everything and spend more than they get?




Just a thought...
By cmart on 8/6/2013 10:06:24 AM , Rating: 2
Why not make a key with a tubular sleeve around the teeth, so that the teeth can't be casually seen or copied?




"You can bet that Sony built a long-term business plan about being successful in Japan and that business plan is crumbling." -- Peter Moore, 24 hours before his Microsoft resignation














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki