Shrinky Dinks As a Threat To National Security

InflammatoryHeadlineGuy writes "What do Shrinky Dinks, credit cards and paperclips have in common? They can all be used to duplicate the keys to Medeco 'high-security' locks that protect the White House, the Pentagon, embassies, and many other sensitive locations. The attack was demonstrated at Defcon by Marc Weber Tobias and involves getting a picture of the key, then printing it out and cutting plastic to match — both credit cards and Shrinky Dinks plastic are recommended. The paperclip then pushes aside a slider deep in the keyway, while the plastic cut-out lifts the pins. They were able to open an example lock in about six seconds. The only solution seems to be to ensure that your security systems are layered, so that attackers are stopped by other means even if they manage to duplicate your keys."

More power to Homeland Security

[daveime (1253762)]

So now they'll not just confiscate my laptop when I arrive in the US, they'll also pinch my paperclips and credit cards ?

Re:More power to Homeland Security

[david@ecsd.com (45841)]

Just hope that they don't confiscate your "shrinky dink."

Thank you, I'll be here all week.

Re:More power to Homeland Security

[morgan_greywolf (835522)]

Shrinky Dinks are a kids toy. You cut it out and put it in the oven and it shrinks and gets stiff. See the video [shrinkydinks.com]

Re:More power to Homeland Security

[kcbanner (929309)]

A kids toy, eh. Shrink Dinks, eh. Gets 'stiff', eh. God, don't let this hit Usenet.

Re:More power to Homeland Security

[PMuse (320639)]

Good call leaving out "You put it in the oven."

After all, this is /. -- people with ovens don't let the kids here play.

Re:More power to Homeland Security

[smitty_one_each (243267)]

Department of Hurdling Sharks [wikipedia.org]

Re:More power to Homeland Security

[profplump (309017)]

And if don't use a credit card to buy your tickets, you were already considered a potential terrorist.

On the bright side, now that everyone is a potential terrorist, we can at least stop maintaining the list.

Is this surprising?

[MagdJTK (1275470)]

While using credit cards and shrinky dink plastic is clever, is this story particularly surprising? The article states that a photo of the key in question is required. If I asked the average man on the street if it was possible to replicate a key from a photo of it if you were sufficiently determined, I'd imagine they would say yes.

Re:Is this surprising? -- No.

[by Anonymous Coward]

My granddad was a blacksmith who taught his trade to young crims at a borstal in the 1950s. One of them showed how he could open a Yale lock in about 30 seconds. He needed whatever plastic was equivalent to a credit card way back then, and a cigarette. He could feel the piston movement and burn the height into the plastic. No photos needed. The young crims summary: "Locks is to keep honest people out, boss."

In a sense, a moderately good lock that is all that is needed. I'd agree with the article that the objective is to remove a defense of accidentally straying. The next layer of entrapment is the real one.

Re:

[BrokenHalo (565198)]

I used to be a blacksmith myself, and I never needed a credit card. My tool of choice was a ground-down .02-inch feeler-gauge (you can get one from any DIY car maintenance shop) and a screwdriver (to do the work of turning the barrel).

Re:Is this surprising?

[antirelic (1030688)]

Any single defensive measure on its own is irrelevant. This was proven very clearly during the early days of WWII when the Volkesgrenadiers over ran the impressive, but unmanned defensive positions in Belgium. The same principles of security hold true today as they did 50 years ago. Any defensive mechanism that is not reinforced via a secondary defensive measure is easily defeated.

The real story is this is story worth discussing.

Re:

[Lemming Mark (849014)]

Yes, it's not entirely surprising. However, it is a little surprising since this is a rather expensive high security lock with a more complicated key. I guess you could reasonably hope you'd at least need physical access to a key to a high security lock in order to copy it successfully, rather than just seeing it long enough to snap a picture. I understood that for at least some of the locks there was a key control system that meant that simply copying the strangely-shaped teeth of the key was not enough

Re:Is this surprising?

[postbigbang (761081)]

Fool.

Look at the keypad. The numbers will be worn down. Look to see if it's an even wear, that means there are more than a few combos that work, but usually it's only one or two that are commonly shared.

Then look for the most worn, with the most dirt-- it's the first number. Elminate the clean bright keys from the pool. Eliminate zero and one; the remaining pool has the combination. It's probably just four numbers, could be five.

Now take your Timex/Sinclair and do the math.

Re:Is this surprising?

[by Anonymous Coward]

There exist keypads that are clear with LED displays behind... they scramble, and display numbers beneath the keys when activated. No patterns.

Re:Is this surprising?

[closetpsycho (1175221)]

Most modern keypad locks like what you're thinking of actually randomize the layout of the keypad. So looking for the more worn keys is an exercise in futility.

Re:

[postbigbang (761081)]

Many of the ones I've seen in airports, banks, NOCs, etc., still have the older ones. Much can be learned just by watching the finger movements as no one covers them up, just like few people mind using CC machines that don't hide your hand movements when entering one's PIN.

Those that randomize the layout of the keypad seem onerous. But they're not. Combos, like hand print and keypad are much tougher.

To get around them you need to take the door handle and jar it a bit, smearing it with greasy stuff just befo

Re:Is this surprising?

[Dun Malg (230075)]

Most modern keypad locks like what you're thinking of actually randomize the layout of the keypad. So looking for the more worn keys is an exercise in futility.

There are very few manufacturers of those kind of keypads. The vast majority of the keypads installed are fixed and suffer from the "dirty keys" exploit. The "scramble pad" keypads are 4-5 times the price, and very few people outside of defense contractors spec that sort of thing. I've only ever seen one, and I've installed and serviced hundreds of keypad entry systems.

Re:Is this surprising?

[Spy der Mann (805235)]

Elminate the clean bright keys from the pool. Eliminate zero and one; the remaining pool has the combination. It's probably just four numbers, could be five.

Now take your Timex/Sinclair and do the math.

Let' see... *taps madly into his Timex/Sinclair*

And the result is...

12345

Dammit

[Moryath (553296)]

That's the code on my luggage!

Re:Is this surprising?

[marcansoft (727665)]

You, sir, just reduced the security of your PINs to 34.93% of the original value.

Have a nice day.

Re:Is this surprising?

[Dun Malg (230075)]

It should be noted that one of the major selling points of the Medeco locks is that, through some mixture of technological and legal means, Medeco is quite aggressive about restricting access to key duplication blanks.

Of course, their aggressive protection of their patented key blanks is about marketing more than anything else. They are the sole legal supplier of keys to their locks*, so they therefore reap profit every time someone needs another key. The only selling point of their high priced and inconvenient to procure patented keys is the natural control this restricted access creates. They've managed to sell this access with very slick marketing which conveniently glosses over many important security issues. But then again, their business is only to sell locks, and they do it very well. The mechanical quality of their stuff is high as well, so you at least get a quality product for the price.

* You can buy 3rd party blanks now for the old Sky, Air, and the newer Biaxial keyways. They're always looking for one more mechanical "kink" to add to the system to justify the next patent. Skay and Air were patented on the strength of the rotating pin concept. Biaxial was patented via making the cuts staggered either for or aft on the key. The latest M3 is patented on a step on the blank that pushes a silly little "anti pick" pin near the back. Seems to me they're running out of ideas.

Re:Funny...

[mabhatter654 (561290)]

it's simpler than that. Each KEY has a unique (not repeated on blanks) number used once (like iButton, etc) and they're paired to the car at the dealership. The tooth pattern opens the mechanical door locks, the car doesn't start without the matching number code whether the key turns or not. Disabling the battery won't work as it happens all the time, so it's written to flash somewhere in the car computer. The various manufacture alarms all trigger off various mismatches of key versus code chip.

Re:Funny...

[drinkypoo (153816)]

And to complete the circle, in most cases you have to replace not just the PCM (powertrain control module, which runs the engine and controls things like fuel injection and timing adjustment, or on distributor-free systems, initiates the sparks themselves) but also the sensor-reader. Sometimes this is built into the ignition switch itself, and sometimes it's just wrapped around it - but you have to get into the column to mess with it. This does NOT stop people from stealing these high-dollar cars, it only raises the bar. It more or less means you need a car to practice on before you can steal them, but dealers have to employ someone to service cars... And anyone can go to the dealer service schools, masquerading as a service mechanic.

You can copy keys?

[narcberry (1328009)]

OMFG!

the actual threath

[fractic (1178341)]

Now what is the actual threath? Shrinky dink or easily duplicated keys?

Re:the actual threath

[cheater512 (783349)]

Shrinky dink of course!
It must be banned to protect national security!
Visa cards as well.

Hmm a idea.

I am a Visa card confiscator from the NSA. Can I please have your card?

3-d printers?

[LM741N (258038)]

I bet those new 3-D type printers could perform the same thing without using razor blades and such. In fact, you could probably make a computer program to transfer from images to the final "printout."

Re:3-d printers?

[pimpimpim (811140)]

3D printers create by default quite brittle objects, as it is lots of little dots of plastic glued together. To get a resistant plastic copy you should make a mold and then compress plastic inside of it. The forces on a key when turning can be quite high, that's why also thin sheet metal doesn't work here. Credit cards however can resist bending forces quite well. I've never seen a shrinky dink but I guess it's the same story.

Getting the key picture, is the key to success

[Nymz (905908)]

I suppose if I had a picture of someone's login and password, I might be able to deftly hack into their computer.

Re:Getting the key picture, is the key to success

[by Anonymous Coward]

Sure, if their password is *******.

Re:

[Minwee (522556)]

And, if you had been sold an $18 billion login system that was absolutely guaranteed to be unbreakable to anyone who wasn't directly issued the original login and password, then you might be a little surprised at how easy that was.

Which brings us back to the FA. We're not talking about a $10 lock from the hardware store here, these are "high security" locks that are supposed to have keys that cannot ever be copied unless you have the original key codes that were used to key the lock.

Re:

[rcw-home (122017)]

And, if you had been sold an $18 billion login system that was absolutely guaranteed to be unbreakable to anyone who wasn't directly issued the original login and password, then...

I'd eventually be asking for my $18 billion back.

Security professionals (and Slashdot readers) should be very familiar with two truisms: it can always be broken and it can always be copied. If you claim otherwise, you are selling something.

I know locksmith friends who can stare at a key and read the pinning combination off of i

Re:Getting the key picture, is the key to success

[cheater512 (783349)]

Yep. Those little RFID tags are really good since you cant copy them. .....SHIT!!!!

Not news...

[russotto (537200)]

If you have a picture of a key, you can generally duplicate it well enough to work in metal (easier if you have a blank, but not necessary). It's not the shrinky-dink that matters. Cutting a key by sight based on a key sitting on the seat of an car is apparently a useful skill for locksmiths.

Here's what I don't get...

[NeutronCowboy (896098)]

20 years ago, my house used to have a 3D-key - in other words, it had teeth all-around its central axis. Why? Because it is much harder to manipulate the tumblers that way. Not to mention that just photocopying the key won't work - or won't work as easily.

I'm surprised a high-security key has its teeth still on a line.

Re:Not news...

[russotto (537200)]

Of course you can duplicate a Medeco key in metal; Medeco keys are made of metal in the first place. Key control means you can't get the proper blanks from any legitimate source, but it's still a fairly simple hunk of metal.

Medeco locks were never considered "uncrackable". Medeco has claimed they're unpickable, but I think only the Biaxial remains unpicked. But picking is an attack that doesn't require knowledge of the key.

Wasn't this done w/ Diebold?

[mikesd81 (518581)]

Brad Blog has this story [bradblog.com] from when Diebold had a picture of their key on their corporate website back in January 2007. Diebold's since replaced the picture. There's a video of the key in action @ the link I just posted.

BFD

[Dun Malg (230075)]

Shrinky dinks? Paper clips? Gimme a break. I can duplicate a Medeco key blank with a piece of brass stock and a dremel tool, then cut a perfect key from a photocopy using my HPC Blitz [hpcworld.com]. There's nothing amazing about what this guy's done. Given the appropriate information (cut depths and angles) any medeco key can be duplicated without serious difficulty. Heck, that's the case with all mechanical key locks. I once showed the Medeco rep who came to my lock shop how I could duplicate a standard G3 Biaxial key using a slightly modified commonly available Rolls Royce key blank. He was understandably dismayed, but not surprised. There are two kinds of locksmiths in this world: 1) the kind like the guy quoted in the article who said "Your locksmith will tell you this is impossible", and 2) guys like me who will tell you "yeah, someone could make a key to that--- I've done it myself". Point is, you want to use a locksmith more like 2) than 1). The first guy will feed you the standard Medeco marketing bullshit about how "only we can make your keys" and convince you that equals security. The second guy will tell you key control is useful, but it's not relevant beyond its obvious purpose. There are really only two kinds of common break-ins: inside jobs and random burglaries. In the case of inside jobs, all the key control in the world won't matter because the perp has a key already. This key could have been given to them, taken out of a desk drawer, or otherwise acquired via lax internal key management. This makes up 99% of all break ins. The other 1% is burglaries by random opportunist perps taking advantage of a weakness, usually on the spur of the moment. Back doors propped open by people out for a smoke, simply walking in during business hours wearing a suit, etc. All this spy crap people have in their heads about about burglars picking locks and James Bonding into their houses is fantasy bullshit. Real burglars wait till you're not home and throw a brick through the window, or let themselves in with the key you gave the cleaning service. All this hoo-hah over making a medeco key with a credit card is total yawnsville, and if anyone thinks they can get into the white house with a shrinky dink key, they're totally on crack. The whit House has things like SECRET SERVICE AGENTS, and ALARM SYSTEMS because they know keys alone are not enough.

Re:BFD

[Jeffrey Baker (6191)]

Yeah I found it funny that the lamers in the write-up think the Pentagon is protected by Medeco locks. Sorry, no. The Pentagon is protected by men with rifles and grenades.

Re:

[Dun Malg (230075)]

Joe Crook can cut a Medeco bitting key out of an old grocery store coupon card and bypass the sidebar and slider in a few seconds without any need for a key machine or any particular skill. That's what the exploit is all about.

It requires skill, just not much. Did I say dremeling a brass blank and cutting with a Blitz requires much skill? If you don't know the operating principles of a Medeco lock, you can't do it, but that's not saying much. The only difference is that it can be done with an X-acto knife instead of an expensive key machine.

p.s. the sidebar isn't "bypassed", the key is cut to pass it in the normal way. The slider is a silly gimmick to give them something to patent, as the patent on Biaxial blanks has run out an

I wish Abloy PROTEC locks made it to the US sooner

[mlts (1038732)]

I don't know about Medeco 3, but one lock mechanism that was out in other countries for almost four years before making it to the US which is quite pick resistant is Abloy's PROTEC cylinder.

It uses no pins or springs, so bumping is useless. Vibrating the key isn't going to magically move the detainer disks into position. Picking it requires a different technique altogether than pin tumbler locks.

So far, if I recall right, the best picking record for PROTEC cylinders took over 10-11 hours.

Of course, if you want the best in anti pick protection, purchase either an Abloy or Mul-T-Lock Cliq lock. It has a pick resistant mechanical key, as well as a small chip and solenoid with a challenge/response system. If someone does make a key impression, it won't help much. However, for $500 a cylinder, its pricy.

Re:I wish Abloy PROTEC locks made it to the US soo

[Dun Malg (230075)]

I don't know about Medeco 3, but one lock mechanism that was out in other countries for almost four years before making it to the US which is quite pick resistant is Abloy's PROTEC cylinder.

Trouble with those is that they're ONLY pick resistant. I can drill the face of an Abloy disc-tumbler lock, remove the sidebar, and fill the drilled hole such that no one will notice--- all in a matter of minutes. After that, the old key will still work... and so will a screwdriver. The laundry machines at the apartment I lived in years ago had Abloy PROTEC locks. I never paid for laundry, and no one ever knew the difference.

Of course, if you want the best in anti pick protection, purchase either an Abloy or Mul-T-Lock Cliq lock. It has a pick resistant mechanical key, as well as a small chip and solenoid with a challenge/response system. If someone does make a key impression, it won't help much. However, for $500 a cylinder, its pricy.

That's just electronic access control shrunk down to fit the size of standard key access components and hybridized with mechanical keys. Great if you want to retrofit existing mortise and rim lock installations, but then you're just trading labor cost for material cost. I'd personally go for a keyless prox card system before I'd field a system powered by batteries in the key. It's bad enough dealing with your average dodo trying to use normal locks. Can you imagine the service calls from those dodos who break their keys off because the battery in the key head is dead? Locksmith's dream (service call = money in your pocket), businessman's nightmare (service call = money down the rathole).

I don't understand why people fixate on "pickability". Criminals just don't pick locks. I've been a locksmith since 1995 (minus a couple years when the Army decided I should be in Afghanistan), and I have never seen a case of intrusion that wasn't either a) forced entry, or b) an inside job.

Picking locks with Shrinky Dinks?

[lena_10326 (1100441)]

Errrm...

The places guys insert their shrinky dinks... crazy stuff.

Secret Service...

[db32 (862117)]

I would hate to be the Secret Service guy that has to tell the President he can't have his Shrinky Dinks anymore.

Am I the only one?

[Toe, The (545098)]

The real news I got out of this is: they still make shrinkydinks!?!

Who knew?

I woulda thought they woulda been classified as toxic by now...

I love this stuff

[smchris (464899)]

Kids didn't have credit cards when I was in high school but every lock in our school except the outside doors (which we could sometimes tape or the like) and the principal's office were simple spring locks. Take seconds to open any of them with a piece of plastic. We got so fluid at it we were observed once from a distance and just lied, "Hey, what do you mean? It was unlocked. We were just snooping around." and he didn't push it. Did stupid stuff like swapping teachers' home room desks on different floors or laying out chairs in the auditorium to spell out expletives. A separate group we taught unfortunately got into more hardcore vandalism.

Re:

[Rachel Lucid (964267)]

Screw your cheap microfludics! ... There goes my etsy store!

Re:Is it just me

[Dachannien (617929)]

Layered security indeed!

Maybe these locks aren't all that, but it's the Secret Service agents capping you in the head that you really have to worry about.

Re:They protect the White House?

[ColdWetDog (752185)]

Silly me, I thought that men with guns protect the White House.

Wrong again, Dave. It's sharks with lasers. Everyone knows that.

Re:This just like how the mythbusters got past oth

[Firehed (942385)]

They also had Kari wander around in a giant fluffy bird suit to get past those ultrasonic sensors, IIRC. It's not exactly practical, but it makes for great TV. I'm sure the trial of whoever tries that in DC will be equally amusing.