2013-08-05

Co.Labs

The One Thing We All Thought Un-Hackable Has Just Been Hacked

That’s right—your house keys. You know, those real-life metal objects that never go out of your sight? Coders can compromise them too, as demonstrated by MIT engineers. But paradoxically, this experiment could help us get our sense of security back. Here’s how.



It's not just digital smart home objects anymore: With a little bit of clever coding, every physical key you own can actually be copied without your knowledge. In fact, one of the world’s most secure keys became little more than a speed bump to a duo of hackers who are barely out of their teens.

At the Def Con hackers conference this past weekend, students at the Massachusetts Institute of Technology previewed code they wrote–-and which they plan to release–-that allows anyone to scan and 3-D print high-security lock keys.

To be sure, this isn’t the first time someone has been able to 3-D print working keys. We previously told you about Outbox’s software that lets the company scan a picture of your mailbox key and reproduce it for their "reverse mailmen" to be able to access your mailbox. But those are just mailbox keys—they’re about as secure as a 13-year-old with braces.

But the MIT kids—David Lawrence, 20, and Eric Van Albert, 21—have successfully duplicated high-tech keys to a Schlage Primus lock, arguably the most secure lock people have invented. As Andy Greenberg writes for Forbes:

Schlage’s Primus models are advertised for use in high-security applications: The company’s marketing materials include references to the locks’ use in government facilities, healthcare settings, and detention centers. That security stems in part from Primus’s unique model, which includes two tracks of teeth–one on the top of the key and another on the side, each of which correspond to a separate set of pins in the lock. Even Marc Weber Tobias, one of the world’s most well-known lockpicking experts, has written that he uses Primus locks in his home and for secure evidence storage in his legal practice.

Think about that for a second. Thanks to simple software and 3-D printing, the most secure physical key in the world can soon be copied without problem by anyone with access to that key. And if the most secure key in the world can be copied by simple code, how easy will it be to copy the keys to your house, office, car, or safe? Very.

But you may say, "Well, I’m not going to be dumb enough to give someone my key to scan," to which I would say: It doesn’t matter. With this software you don’t need the physical key to scan. A picture will do. As one of the hackers, David Lawrence, told Forbes:

All you need is a friend that works there, or to take a picture of their key, or even a picture of the key hanging off their belt. Pirating keys is becoming like pirating movies. Someone still has to get the information in the first place, but then everyone can get a copy...Our message is that you can do this for any high-security key. It didn’t take that much work. In the future there will be models available online for almost any kind of key you’re looking for.

Now, before the world freaks out and we go back to securing our homes with moats and drawbridges, I’d like to point out that the wonderful thing about software is that, though it can cause problems (which, in this case, it very definitely is a problem), it is also often the solution to those problems as well.

We all know software has enabled us to make our once tangible things intangible (DVDs became streaming video, CDs became MP3s, physical books became e-books). And though most of the things I’ve just listed are recreational objects, that doesn’t mean software is limited to just creating digital things of stuff that keeps us entertained.

The time and technology is now ripe for software to make the physical key–and keyhole–obsolete.

"But how would I get in my house without a key?" my friend asked me when I told him I was writing this story.

"Your phone, of course."

Using your phone as the key to your home or office isn’t some fanciful far-in-the-future tech. Two companies–-Lockitron and Kwikset–-offer brilliant solutions to turn your old-fashioned locks from a device that requires physical key access to a device that requires only software key access. These solutions work via near-field communications, such as Bluetooth and Wi-Fi, that are built into your phone and use bank-level security encryption to make door locks levels of magnitude more secure. Throw an added layer of biometrics support–-as the next iPhone is rumored to contain–-into the mix and a software key could offer more security redundancies than even the most advanced physical key, which, as the hackers from MIT have proven, don’t hold up so well in the digital age.

Software and 3-D printing created this problem and only software will solve it. After all, if your door doesn’t have a keyhole, it doesn’t matter how many 3-D-printed keys a thief has-–it’s not opening.

[Image: Flickr user Lindsey Turner]




Add New Comment

0 Comments