• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Master Key Copying Revealed!?!

Analog

Analog

Lifer
link

Master Key Copying Revealed
By JOHN SCHWARTZ


security researcher has revealed a little-known vulnerability in many locks that lets a person create a copy of the master key for an entire building by starting with any key from that building.

The researcher, Matt Blaze of AT&T Labs-Research, found the vulnerability by applying his area of expertise ? the security flaws that allow hackers to break into computer networks ? to the real-world locks and keys that have been used for more than a century in office buildings, college campuses and some residential complexes.

The attack described by Mr. Blaze, which is known by some locksmiths, leaves no evidence of tampering. It can be used without resorting to removing the lock and taking it apart or other suspicious behavior that can give away ordinary lock pickers.

All that is needed, Mr. Blaze wrote, is access to a key and to the lock that it opens, as well as a small number of uncut key blanks and a tool to cut them to the proper shape. No special skills or tools are required; key-cutting machines costing hundreds of dollars apiece make the task easier, but the same results can be achieved with a simple metal file.

After testing the technique repeatedly against the hardware from major lock companies, Mr. Blaze wrote, "it required only a few minutes to carry out, even when using a file to cut the keys."

AT&T decided that the risk of abuse of the information was great, so it has taken the unusual step of posting an alert to law enforcement agencies nationwide. The alert describes the technique and the possible defenses against it, though the company warns that no simple solution exists.

The paper, which Mr. Blaze has submitted for publication in a computer security journal, has troubled security experts who have seen it. Marc Weber Tobias, a locks expert who works as a security consultant to law enforcement agencies, said he was rewriting his police guide to locks and lock-picking because of the paper. He said the technique could open doors worldwide for criminals and terrorists. "I view the problem as pretty serious," he said, adding that the technique was so simple, "an idiot could do it."
 
Locks aren't that hard to get through anyway and never have been. If you want home security you get a security system combined with home insurance.
 
they can only unlock what they can get to, which is why i stay shuttered inside all day
 
Originally posted by: ElFenix
they can only unlock what they can get to, which is why i stay shuttered inside all day
Click to expand...

rolleye.gif
 
I guess the guy who wrote the article has never been to a wal-mart to get a copy of a key made. Uh..yeah it's easy..and cheap... all you need is a key to the lock and the lock and you can make a copy...that's exactly what the article says. I think the idea is not to let people get a key. If they had a key long enough to make a copy they might as well just use it to open the door.

All that is needed, Mr. Blaze wrote, is access to a key and to the lock that it opens, as well as a small number of uncut key blanks and a tool to cut them to the proper shape
Click to expand...

When was this article written, 1850?
 
Originally posted by: tkdkid
I guess the guy who wrote the article has never been to a wal-mart to get a copy of a key made. Uh..yeah it's easy..and cheap... all you need is a key to the lock and the lock and you can make a copy...that's exactly what the article says. I think the idea is not to let people get a key. If they had a key long enough to make a copy they might as well just use it to open the door.

All that is needed, Mr. Blaze wrote, is access to a key and to the lock that it opens, as well as a small number of uncut key blanks and a tool to cut them to the proper shape
Click to expand...

When was this article written, 1850?
Click to expand...


Didn't you read this article? He's talking about making a master key for entire building out of one key and one lock. 😕
rolleye.gif
😕

Think of it this way, you could have taken your dorm key in college, used this technique, and been able to open anyone's door in the whole dorm. :Q

 
who/what/when/where. As well as yellowfiero's link to the Jan 23 article, just one of many references putting this in a relatively "current" time frame.

Subject: Matt Blaze talk 10/15 at noon
To: coms6998-002-023@columbia.edu
From: ji6@columbia.edu
Date: Mon, 14 Oct 2002 18:32:03 -0400 (EDT)

--------------------------------------------------------------------------------

For those of you who don't read cs.bboard:


Matt Blaze (AT&T Labs -- Research) will be giving an
informal talk at noon on October 15, at the CS conference
room. Abstract follows:

Title: Cryptology and Physical Security

This talk will discuss the analysis of physical security
systems (locks) from the perspective of computer science
and cryptology. We focus on attacks against "master key"
systems in which special keys can open some or all locks in
a system. We will introduce new techniques for amplifying
rights in such systems. Given access to a single master-
keyed lock and its associated key, our attack discovers and
creates a working master key that opens the other locks. No
special skill or equipment, beyond a small number of blank
keys and a metal file, is required, and the attacker need
engage in no suspicious behavior at the lock's location.
Countermeasures are also described that may provide limited
protection under certain circumstances. We conclude with
lessons on the design of locks, and suggestions for
applying the methodologies of cryptology and computer
science to improve other kinds of security systems.

 
Originally posted by: tkdkid
I guess the guy who wrote the article has never been to a wal-mart to get a copy of a key made. Uh..yeah it's easy..and cheap... all you need is a key to the lock and the lock and you can make a copy...that's exactly what the article says. I think the idea is not to let people get a key. If they had a key long enough to make a copy they might as well just use it to open the door.

All that is needed, Mr. Blaze wrote, is access to a key and to the lock that it opens, as well as a small number of uncut key blanks and a tool to cut them to the proper shape
Click to expand...

When was this article written, 1850?
Click to expand...

The article didn't go into much of details, but my impression is that Mr. Blaze wrote of a method of cloning the "master key" which opens all the doors in a department / floor / building, with access of only one set of lock and key. That is pretty amazing actually. In Geek term, it means that if you have your password you can somehow figure out everyone else's password, including root.

Newer keys are laser-cut nowadays. You can't just make a key with file and saw / key machine. That would probably make the hacking job a whole lot harder, but not impossible.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top