Shrinky Dinks As a Threat To National Security

InflammatoryHeadlineGuy writes "What do Shrinky Dinks, credit cards and paperclips have in common? They can all be used to duplicate the keys to Medeco 'high-security' locks that protect the White House, the Pentagon, embassies, and many other sensitive locations. The attack was demonstrated at Defcon by Marc Weber Tobias and involves getting a picture of the key, then printing it out and cutting plastic to match — both credit cards and Shrinky Dinks plastic are recommended. The paperclip then pushes aside a slider deep in the keyway, while the plastic cut-out lifts the pins. They were able to open an example lock in about six seconds. The only solution seems to be to ensure that your security systems are layered, so that attackers are stopped by other means even if they manage to duplicate your keys."

Is this surprising?

[MagdJTK]

While using credit cards and shrinky dink plastic is clever, is this story particularly surprising? The article states that a photo of the key in question is required. If I asked the average man on the street if it was possible to replicate a key from a photo of it if you were sufficiently determined, I'd imagine they would say yes.

the actual threath

[fractic]

Now what is the actual threath? Shrinky dink or easily duplicated keys?

Re:Is it just me

[Dachannien]

Layered security indeed!

Maybe these locks aren't all that, but it's the Secret Service agents capping you in the head that you really have to worry about.

They protect the White House?

[david@ecsd.com]

Silly me, I thought that men with guns protect the White House.

Re:3-d printers?

[tshetter]

The interesting part is that you dont need very high quality scans or multiple images of an object to replicate the object in 3D.

You only need a fairly good image of a Medeco key and you can then cut a blank easily.

These Medeco keys are just like normal house/car keys, except they have variable slopes and spacing between peaks and troughs. Trying to cut those with normal tools would be very hard...but having a scale image to cut with an exacto knife is simple as pie.

The hardest thing about coping those Medeco keys was the difficulty in cutting the angles and the proper spacing. Now that is easy.

Open Source Intel/Security wins again.

Re:Is this surprising?

[postbigbang]

Fool.

Look at the keypad. The numbers will be worn down. Look to see if it's an even wear, that means there are more than a few combos that work, but usually it's only one or two that are commonly shared.

Then look for the most worn, with the most dirt-- it's the first number. Elminate the clean bright keys from the pool. Eliminate zero and one; the remaining pool has the combination. It's probably just four numbers, could be five.

Now take your Timex/Sinclair and do the math.

Put the threat where really is

[gmuslera]

if they are so easy to break, then the threat is the security people that choose it for so critical places.

Re:This just like how the mythbusters got past oth

[Firehed]

They also had Kari wander around in a giant fluffy bird suit to get past those ultrasonic sensors, IIRC. It's not exactly practical, but it makes for great TV. I'm sure the trial of whoever tries that in DC will be equally amusing.

Re:Not news...

[iceyone]

It *is* the shrinky dink that matters. You can't cut a duplicate Medeco key in metal. Medeco key teeth have an angular component. They are 3 dimensional keys, whereas your usual kwikset or schlage lock are 2 dimensional.

The tumblers in a Medeco lock require some rotation to unlock, as well as vertical lift. That's why this hack is so clever - the shrinky dink or plastic can twist as you jam them into the lock and push up with the backing spline.

Until this, Medeco locks were considered to be uncrackable.

Re:Not news...

[russotto]

Of course you can duplicate a Medeco key in metal; Medeco keys are made of metal in the first place. Key control means you can't get the proper blanks from any legitimate source, but it's still a fairly simple hunk of metal.

Medeco locks were never considered "uncrackable". Medeco has claimed they're unpickable, but I think only the Biaxial remains unpicked. But picking is an attack that doesn't require knowledge of the key.

Re:Is this surprising?

[antirelic]

Any single defensive measure on its own is irrelevant. This was proven very clearly during the early days of WWII when the Volkesgrenadiers over ran the impressive, but unmanned defensive positions in Belgium. The same principles of security hold true today as they did 50 years ago. Any defensive mechanism that is not reinforced via a secondary defensive measure is easily defeated.

The real story is this is story worth discussing.

Re:BFD

[Legion303]

"I can duplicate a Medeco key blank with a piece of brass stock and a dremel tool, then cut a perfect key from a photocopy using my HPC Blitz."

So?

Joe Crook can cut a Medeco bitting key out of an old grocery store coupon card and bypass the sidebar and slider in a few seconds without any need for a key machine or any particular skill. That's what the exploit is all about.

Re:Is this surprising?

[Lemming Mark]

Yes, it's not entirely surprising. However, it is a little surprising since this is a rather expensive high security lock with a more complicated key. I guess you could reasonably hope you'd at least need physical access to a key to a high security lock in order to copy it successfully, rather than just seeing it long enough to snap a picture. I understood that for at least some of the locks there was a key control system that meant that simply copying the strangely-shaped teeth of the key was not enough. However, the addition of a paperclip down one side of the lock was enough to solve that problem :-(

Re:BFD

[Jeffrey Baker]

Yeah I found it funny that the lamers in the write-up think the Pentagon is protected by Medeco locks. Sorry, no. The Pentagon is protected by men with rifles and grenades.

Re:Getting the key picture, is the key to success

[rcw-home]

And, if you had been sold an $18 billion login system that was absolutely guaranteed to be unbreakable to anyone who wasn't directly issued the original login and password, then...

I'd eventually be asking for my $18 billion back.

Security professionals (and Slashdot readers) should be very familiar with two truisms: it can always be broken and it can always be copied. If you claim otherwise, you are selling something.

I know locksmith friends who can stare at a key and read the pinning combination off of it (and if they read enough of them, can deduce the master combination). For the rest of us, a key will make a great imprint on a wet bar of soap. And a locked door (just like a safe) can only ever be counted on to delay someone for a certain amount of time, never to keep them out entirely - whether they can turn the lock or not.

Re:I wish Abloy PROTEC locks made it to the US soo

[Dun Malg]

I don't know about Medeco 3, but one lock mechanism that was out in other countries for almost four years before making it to the US which is quite pick resistant is Abloy's PROTEC cylinder.

Trouble with those is that they're ONLY pick resistant. I can drill the face of an Abloy disc-tumbler lock, remove the sidebar, and fill the drilled hole such that no one will notice--- all in a matter of minutes. After that, the old key will still work... and so will a screwdriver. The laundry machines at the apartment I lived in years ago had Abloy PROTEC locks. I never paid for laundry, and no one ever knew the difference.

Of course, if you want the best in anti pick protection, purchase either an Abloy or Mul-T-Lock Cliq lock. It has a pick resistant mechanical key, as well as a small chip and solenoid with a challenge/response system. If someone does make a key impression, it won't help much. However, for $500 a cylinder, its pricy.

That's just electronic access control shrunk down to fit the size of standard key access components and hybridized with mechanical keys. Great if you want to retrofit existing mortise and rim lock installations, but then you're just trading labor cost for material cost. I'd personally go for a keyless prox card system before I'd field a system powered by batteries in the key. It's bad enough dealing with your average dodo trying to use normal locks. Can you imagine the service calls from those dodos who break their keys off because the battery in the key head is dead? Locksmith's dream (service call = money in your pocket), businessman's nightmare (service call = money down the rathole).

I don't understand why people fixate on "pickability". Criminals just don't pick locks. I've been a locksmith since 1995 (minus a couple years when the Army decided I should be in Afghanistan), and I have never seen a case of intrusion that wasn't either a) forced entry, or b) an inside job.

Re:I wish Abloy PROTEC locks made it to the US soo

[mlts]

The reason why pickability (or lack therof) is important is because insurance companies will, in general, cover theft if windows are broken, doors are crowbared, or there is obvious signs of forced entry. Of course, if the person breaking in is caught, its easy to tag them with breaking and entering charges.

If a lock is picked, other than maybe some scratches, there is no evidence, so its harder to get insurance companies to cover losses if someone picks a door or padlock. Its also a lot harder to charge someone with burglary or breaking an entering if they bumped or picked a door open, then hid the tools.

Re:Is this surprising?

[CityZen]

You are missing the point a little bit. The locks in question are not ordinary locks. They are very expensive, high-security locks, like you might find in a secure government installation. The keys are not cut in an ordinary way; the ridges have different angles on them in order to turn the pins to the left or right as they are raised to the correct height. The company in question is saying that this kind of bypass is not possible. And guess what? It is.

It just goes to show: you should never completely trust a security system that has only been "designed" to be secure. You should only trust it after lots of intelligent hackers have failed to crack it over time.

Re:3-d printers?

[profplump]

Classic pinned locks are perfectly valid security devices. How about you stop pretending that a "security device" must be impenetrable to be so named? Seriously, that's like suggesting that passwords are equivalent to no security mechanism, just because some people choose bad passwords.

Even if the lock could be bypassed in 14 seconds by someone with no experience, training, or tools, it's still a valid security device. For one thing, it clearly communicates the desire to keep people out -- that alone is sufficient to turn "standing in my kitchen, uninvited" into "trespassing", not to mention the deterrence effect.

Moreover even 14 seconds spent bypassing a lock is a suspicious activity that gives my other security mechanisms time to respond -- time they would not have if there was no lock.

Finally, if I have to do any prep work like "see a copy of the key" or even "determine what type of lock is in use" that requisite preparation step adds complexity to the attack, which again, gives my other security measures time to react, and which has a deterrence effect.

Sensationalist...

[FredThompson]

OK, so the locks have a weakness. What was the point of the statement that they're used in the White House, Pentagon, etc.? You would need access to the lock and Joe Blow ain't gettin' there. Ergo, the statement attempts to create importance where there is none.

Try just walking up to any of the places mentioned in the OP. Can't be done. Layered security? T'ain't kiddin.!