Shrinky Dinks As a Threat To National Security

InflammatoryHeadlineGuy writes "What do Shrinky Dinks, credit cards and paperclips have in common? They can all be used to duplicate the keys to Medeco 'high-security' locks that protect the White House, the Pentagon, embassies, and many other sensitive locations. The attack was demonstrated at Defcon by Marc Weber Tobias and involves getting a picture of the key, then printing it out and cutting plastic to match — both credit cards and Shrinky Dinks plastic are recommended. The paperclip then pushes aside a slider deep in the keyway, while the plastic cut-out lifts the pins. They were able to open an example lock in about six seconds. The only solution seems to be to ensure that your security systems are layered, so that attackers are stopped by other means even if they manage to duplicate your keys."

Re:Is this surprising?

[Darkness404]

Exactly. Just as with a picture of a password I can get into anyone's account no matter if it is encrypted in a scheme that will take 1000000 computers with 1000 core CPUs running at 239243432 Ghz, 100000 years to break.

Not news...

[russotto]

If you have a picture of a key, you can generally duplicate it well enough to work in metal (easier if you have a blank, but not necessary). It's not the shrinky-dink that matters. Cutting a key by sight based on a key sitting on the seat of an car is apparently a useful skill for locksmiths.

Re:Getting the key picture, is the key to success

[Minwee]

And, if you had been sold an $18 billion login system that was absolutely guaranteed to be unbreakable to anyone who wasn't directly issued the original login and password, then you might be a little surprised at how easy that was.

Which brings us back to the FA. We're not talking about a $10 lock from the hardware store here, these are "high security" locks that are supposed to have keys that cannot ever be copied unless you have the original key codes that were used to key the lock.

Re:3-d printers?

[pimpimpim]

3D printers create by default quite brittle objects, as it is lots of little dots of plastic glued together. To get a resistant plastic copy you should make a mold and then compress plastic inside of it. The forces on a key when turning can be quite high, that's why also thin sheet metal doesn't work here. Credit cards however can resist bending forces quite well. I've never seen a shrinky dink but I guess it's the same story.

Re:Getting the key picture, is the key to success

[rfuilrez]

They don't set off the alarm. The computer in the car just decides not to put fuel or spark to the cylinders. Unless it's some aftermarket system. OEM doesn't do that.

Re:Is this surprising?

[closetpsycho]

Most modern keypad locks like what you're thinking of actually randomize the layout of the keypad. So looking for the more worn keys is an exercise in futility.

Re:Is this surprising?

[postbigbang]

Many of the ones I've seen in airports, banks, NOCs, etc., still have the older ones. Much can be learned just by watching the finger movements as no one covers them up, just like few people mind using CC machines that don't hide your hand movements when entering one's PIN.

Those that randomize the layout of the keypad seem onerous. But they're not. Combos, like hand print and keypad are much tougher.

To get around them you need to take the door handle and jar it a bit, smearing it with greasy stuff just before it's used by someone with access. Their fingerprints will be all over the pad. It's easy to lift them, then latex them if you're really into that sort of thing.

Randomizing keypads take more stealth. Leave a short-haul cam nearby focused on the pad. Have an associate verify the focus via bluetooth whilst waiting in your secret van. Or use nice binoculars as most organizations don't think of hiding the keypads very well. A little battery-operated 'sticky' cam works wonders. Create a distraction whilst positioning it. Don't forget your fake hippie beard.

Not a huge threat

[Sniper98G]

This isn't the huge threat to national security that the article would have you believe. The government does not use key based lock systems to secure anything of real high priority. They use digital combination (X-09) locks to secure any information that is classified at secret level or higher. These keys are used in the white house and pentagon, but they are office keys not keys to places where someone could do dire harm to our nation.

Re:This just like how the mythbusters got past oth

[Anonymous Coward]

IIRC, the fluffy bird suit didn't work.

A simple sheet held up in front of her did.

Re:More power to Homeland Security

[morgan_greywolf]

Shrinky Dinks are a kids toy. You cut it out and put it in the oven and it shrinks and gets stiff. See the video [shrinkydinks.com]

Re:Is this surprising?

[Dun Malg]

Most modern keypad locks like what you're thinking of actually randomize the layout of the keypad. So looking for the more worn keys is an exercise in futility.

There are very few manufacturers of those kind of keypads. The vast majority of the keypads installed are fixed and suffer from the "dirty keys" exploit. The "scramble pad" keypads are 4-5 times the price, and very few people outside of defense contractors spec that sort of thing. I've only ever seen one, and I've installed and serviced hundreds of keypad entry systems.

Re:Is this surprising?

[Dun Malg]

It should be noted that one of the major selling points of the Medeco locks is that, through some mixture of technological and legal means, Medeco is quite aggressive about restricting access to key duplication blanks.

Of course, their aggressive protection of their patented key blanks is about marketing more than anything else. They are the sole legal supplier of keys to their locks*, so they therefore reap profit every time someone needs another key. The only selling point of their high priced and inconvenient to procure patented keys is the natural control this restricted access creates. They've managed to sell this access with very slick marketing which conveniently glosses over many important security issues. But then again, their business is only to sell locks, and they do it very well. The mechanical quality of their stuff is high as well, so you at least get a quality product for the price.

* You can buy 3rd party blanks now for the old Sky, Air, and the newer Biaxial keyways. They're always looking for one more mechanical "kink" to add to the system to justify the next patent. Skay and Air were patented on the strength of the rotating pin concept. Biaxial was patented via making the cuts staggered either for or aft on the key. The latest M3 is patented on a step on the blank that pushes a silly little "anti pick" pin near the back. Seems to me they're running out of ideas.

Re:Is this surprising?

[jd]

Medieval thief-proof locks could not have been beaten by simply copying the key, because you needed to know the specifics of how to use the key. (It deadlocked itself if you used the key in a "normal" fashion.) It is easy to imagine that a modern lock could be made vastly superior to a medieval one. (Doctor Who fans may be familiar with the boast that there are 600 ways to use the TARDIS key and 599 ways to cause the lock to fuse solid, a somewhat dramatic reference to the idea that you can make locks that contain multiple lines of defenses, of which the key itself is merely one.)

Modern car keys use a different multi-stage approach, whereby the key contains either an RFID tag or some other form of readable chip. Copying the mere physical layout gets you past the first line, but does nothing for the second.

It would be trivial to extend the car key method by adding encryption to the information (which is probably done already), adding a capacitor whose value must be matched, and so on. Some cars also use thumb-prints, but there have been cases of car-jackers stealing the driver's thumb, making this security measure dubious.

Re:Funny...

[Dun Malg]

On my car, an identical-toothed key with the wrong code (I was having a dealership make a spare, and they screwed up on it) won't even open the door.

What make of car is it? I'm not aware of any car that uses transponder interrogation to secure the doors. It seems more likely that the key is simply mis-cut, just not obviously so. The only way a dealership can actually "screw up" a key is to make the physical cuts in the metal wrong--- they don't do ANYTHING to the transponder module. The transponder is just an RFID chip that responds with a unique serial number, and this number is burned in at the factory, long before the dealer gets the key blank. The car's computer simply has a list of valid serial numbers and wont start if it doesn't see one of them.

Re:3-d printers?

[Dun Malg]

...The patented, integrated design works so that the bitting performs two functions, lifting the pins and rotating them.

If that means what I think it means, it's completely worthless against a pick. A pick doesn't care about how far apart the pins are, only that they're not perfectly in a line, thus allowing them to be set one at a time, turning an exponential process into a linear one.

You've obviously never actually seen the inner workings of a Medeco lock cylinder. They're like standard lock pins, only with a chisel point and a vertical groove down the side. The pins have to be rotated such that the groove faced perpendicular to the key, allowing the "fingers" of the sidebar to drop in. There are also one or more shallower false grooves that trap the sidebar but don't allow it to open. It's not unpickable, of course, but it's not as easy as you seem to think.

Schlage's drum-shaped "high security" pins are a much better solution.

Drum shaped? Don't you mean spool shaped? At any rate, Medeco not only uses those as well, but was using them long before Schlage even got around to developing a "high security" lock cylinder.

Or better yet, not pretending the classic pinned locks are security devices at all.

There's the real kicker. Even a truly unpickable lock is worthless in a wood door if you have a sawzall. One of my favorite "lockout" stories involved a lawyer who lost his keys, and his interior office door had a Medeco deadbolt. His spare keys were inside (dumbass) so all I needed to do was get in the office. I went to the truck and returned with a six foot ladder. I pushed up the suspended ceiling tile, climbed up. I pushed aside the tile over the inside of the door, hopped over, and opened his door from the inside. The guy seriously rethought his security measures in light of that.

Re:Getting the key picture, is the key to success

[Dun Malg]

What's wrong with Abloy locks? Why don't they just use Abloy?

Abloy disc tumbler locks are great, but they have a serious ease-of-use problem. Since the discs have no return springs keeping them in the "ready" position, they can be inadvertently turned or even just vibrate out of alignment. This requires the user to insert the key and twist it back and forth to "capture", one layer at a time, all the discs before being able to turn the key and open the lock. It's not a hard trick to learn, but it is one more trick than is required for a standard pin tumbler lock, and most people are dodos.

Re:Why in the hell do people still use flat keys?

[Dun Malg]

These keys have been around for a long time now:

http://www.assaabloy.com/Global/News/Image bank/Products/High res/Abloy_Key2_2649x841.jpg

.

Abloy disc tumbler locks? The trouble with those is that the discs are not spring loaded and occasionally require repeated twisting of the key to get it to seat all the way before opening. Not a good feature when dealing with large numbers of dodos, which most large installations do.