AT&T Identifies Widespread Security Hole - In Locks 498
__roo writes "The New York Times has an article [free registration required] about a researcher at AT&T Labs Research who has discovered a little-known vulnerability in many locks that lets a person create a copy of the master key for an entire building by starting with any key from that building, and it requires little more than a file and a few key blanks."
i suppose that (Score:5, Funny)
"Hey steve, check out my new lock!"
"pffft, is it v.3.21.7?"
"no"
"that's like an invite for key kiddies and 1337 crackers"
Re:I'm locked out of the article.. (Score:2, Funny)
Of course.. (Score:0, Funny)
Tom.
d00d I have your brass k0d3z (Score:0, Funny)
Upgrade quickly (Score:4, Funny)
In the cert advisory, The Microsoft Corporation are quoted "Those who upgrade to Windows XP Service Pack One should be unaffected by this exploit"
better get your copy of the paper while you can (Score:1, Funny)
Re:Locks and Registration (Score:1, Funny)
Re:PDF Download (Score:5, Funny)
Well, I think we've fixed that little problem...
little known? (Score:5, Funny)
Yeah, until now.
Talisman
Re:i suppose that (Score:4, Funny)
security (Score:5, Funny)
I mean, anyone can break a window and jump right in!!
We can call that a "backdoor", and the plywood to cover them "patches".
In other news... (Score:5, Funny)
Xerox PARC have issued an advisory stating that any combination lock can be "cracked" by a malicious terrorist with a finger. Due to the digital [sigh...] nature of this crime, it is now illegal to own a finger under the terms of the DMCA and patriotic Americans are being asked to remove all their fingers in a show of solidarity. U.S. President, George W. Bush, is said to be having some difficulty removing his finger from his arse. £:-)
BTW did the original story remind anyone else of the safe-cracking chapter in "Surely you're joking, Mr. Feynman"?
Re:little known? (Score:5, Funny)
This is clearly illegal! (Score:5, Funny)
Comment removed (Score:5, Funny)
Schlage to Invoke DMCA (Score:4, Funny)
Re:Great Satire! (Score:1, Funny)
Re:i suppose that (Score:5, Funny)
It didn't come to attention till a spate of Office buildings found the safe hidden and the words "Ownzed by l337 b3rgl@rz!!!" spraypainted in foyers.
I believe Scotland yard are preparing a deb update.
Re:MIT Guide to Lockpicking (Score:3, Funny)
The MIT guide mentions the file down master key trick, that was 1991.
With this new article I may have to try again, the last time I tried to do something with the a master key at my university I ended up matching the right pattern for the key that pulled the cylinder (used to change the lock). It was not fun to explain why my dorm lock had 'magically' come out of my door to the Office of the Physical Plant.
Lesson learned don't pick your own nose if it is exposed, err locks I mean locks.
Kevin Again? (Score:3, Funny)
No need to "Free Kevin" anymore... he's got the master key!
"No, Officer, I didn't steal the key to the prison, I didn't take any hostages, all I had to do to get out was use this file here that Randall sent me in a Perl 6.0 Birthday Cake..."
Re:HOW TO DO IT (Score:2, Funny)
So all we have to do is be on the lookout for suspicious looking characters with soapsuds still in their hair?
*duck* - the rest of your points well taken.
Re:I have been doing it all wrong!!! (Score:3, Funny)
Well as en evil overlord you should know that it's always preferable to get the key to the restroom, make a master key, and then copy the plans of the good guys without them ever knowing
You break down the door and steal the plans: they change the plans and install stronger door. That's a vicious circle
You make a master key and steal their plan, they know nothing, plan stays the same, locks stays the same. You screw their plan over without letting on you know it, then next week when they have a new plan you go get that too.
pff evil overlords these days, no respect for finesse. You should be EvlUndrLrd instead
And no Occams razor doesn't apply, "Out of two possible explanations the simplest one is most likely to be true". You seem to be thinking along the lines of "Out of two methods of breaking and entering, the simplest one has to be better" which may not be true depending on the situation
Compare the time it takes to make a master key and enter 100 rooms to the time to break down 100 doors
In fact ... (Score:3, Funny)
Re:Social Engineering (Score:1, Funny)
So did you sleep with the principal, or the janitor?
As long as you can get the blank keys, yes .. (Score:3, Funny)
The method as described on other comments, is just brilliant.. But there is one problem that nobody has mentioned..
How do you get the blanks ?
You see, with master-key systems the keys have other shapes than ordinary keys (often a mirror pattern if you look at the end of the key, so ordinary keys won't fit in master locks) Keys in master-key systems are often also a little longer than ordinary keys.
And Joe sixpack just can't walk into any hardware store and ask for the blanks.. The hardware store has limited numbers (if any at all) and has to get the paper-certificate that was delivered with the key-system, before they will cut you a new copy.
And, no, just bringing the master key to them and asking for a copy doesn't work (I already tried that ;-)
Nope, (D)MCA doesn't apply... (Score:1, Funny)
Re:Nope, (D)MCA doesn't apply... (Score:3, Funny)
Re:Oh, one more thing... (Score:3, Funny)
This is still too dangerous, since they can see that you cut off the hilt and they can just compare your key to theirs (if they have a master of their own.)
Much better to cut the key backwards -- that is, the cut normally at the end appears next to the hilt, etc. Unless the master is symmetrical, they won't be able to compare it to theirs, and it won't work when they try it.
Of course, you'll have to insert it from the back of the lock to use it, but that's a minor inconvenience compared to prison time.
Re:I brute force guessed a medico in college. (Score:3, Funny)