Shrinky Dinks As a Threat To National Security

InflammatoryHeadlineGuy writes "What do Shrinky Dinks, credit cards and paperclips have in common? They can all be used to duplicate the keys to Medeco 'high-security' locks that protect the White House, the Pentagon, embassies, and many other sensitive locations. The attack was demonstrated at Defcon by Marc Weber Tobias and involves getting a picture of the key, then printing it out and cutting plastic to match — both credit cards and Shrinky Dinks plastic are recommended. The paperclip then pushes aside a slider deep in the keyway, while the plastic cut-out lifts the pins. They were able to open an example lock in about six seconds. The only solution seems to be to ensure that your security systems are layered, so that attackers are stopped by other means even if they manage to duplicate your keys."

3-d printers?

[LM741N]

I bet those new 3-D type printers could perform the same thing without using razor blades and such. In fact, you could probably make a computer program to transfer from images to the final "printout."

Re:There goes

[Rachel Lucid]

Screw your cheap microfludics! ... There goes my etsy store!

Re:Is this surprising? -- No.

[Anonymous Coward]

My granddad was a blacksmith who taught his trade to young crims at a borstal in the 1950s. One of them showed how he could open a Yale lock in about 30 seconds. He needed whatever plastic was equivalent to a credit card way back then, and a cigarette. He could feel the piston movement and burn the height into the plastic. No photos needed. The young crims summary: "Locks is to keep honest people out, boss."

In a sense, a moderately good lock that is all that is needed. I'd agree with the article that the objective is to remove a defense of accidentally straying. The next layer of entrapment is the real one.

Wasn't this done w/ Diebold?

[mikesd81]

Brad Blog has this story [bradblog.com] from when Diebold had a picture of their key on their corporate website back in January 2007. Diebold's since replaced the picture. There's a video of the key in action @ the link I just posted.

Here's what I don't get...

[NeutronCowboy]

20 years ago, my house used to have a 3D-key - in other words, it had teeth all-around its central axis. Why? Because it is much harder to manipulate the tumblers that way. Not to mention that just photocopying the key won't work - or won't work as easily.

I'm surprised a high-security key has its teeth still on a line.

BFD

[Dun Malg]

Shrinky dinks? Paper clips? Gimme a break. I can duplicate a Medeco key blank with a piece of brass stock and a dremel tool, then cut a perfect key from a photocopy using my HPC Blitz [hpcworld.com]. There's nothing amazing about what this guy's done. Given the appropriate information (cut depths and angles) any medeco key can be duplicated without serious difficulty. Heck, that's the case with all mechanical key locks. I once showed the Medeco rep who came to my lock shop how I could duplicate a standard G3 Biaxial key using a slightly modified commonly available Rolls Royce key blank. He was understandably dismayed, but not surprised. There are two kinds of locksmiths in this world: 1) the kind like the guy quoted in the article who said "Your locksmith will tell you this is impossible", and 2) guys like me who will tell you "yeah, someone could make a key to that--- I've done it myself". Point is, you want to use a locksmith more like 2) than 1). The first guy will feed you the standard Medeco marketing bullshit about how "only we can make your keys" and convince you that equals security. The second guy will tell you key control is useful, but it's not relevant beyond its obvious purpose. There are really only two kinds of common break-ins: inside jobs and random burglaries. In the case of inside jobs, all the key control in the world won't matter because the perp has a key already. This key could have been given to them, taken out of a desk drawer, or otherwise acquired via lax internal key management. This makes up 99% of all break ins. The other 1% is burglaries by random opportunist perps taking advantage of a weakness, usually on the spur of the moment. Back doors propped open by people out for a smoke, simply walking in during business hours wearing a suit, etc. All this spy crap people have in their heads about about burglars picking locks and James Bonding into their houses is fantasy bullshit. Real burglars wait till you're not home and throw a brick through the window, or let themselves in with the key you gave the cleaning service. All this hoo-hah over making a medeco key with a credit card is total yawnsville, and if anyone thinks they can get into the white house with a shrinky dink key, they're totally on crack. The whit House has things like SECRET SERVICE AGENTS, and ALARM SYSTEMS because they know keys alone are not enough.

I wish Abloy PROTEC locks made it to the US sooner

[mlts]

I don't know about Medeco 3, but one lock mechanism that was out in other countries for almost four years before making it to the US which is quite pick resistant is Abloy's PROTEC cylinder.

It uses no pins or springs, so bumping is useless. Vibrating the key isn't going to magically move the detainer disks into position. Picking it requires a different technique altogether than pin tumbler locks.

So far, if I recall right, the best picking record for PROTEC cylinders took over 10-11 hours.

Of course, if you want the best in anti pick protection, purchase either an Abloy or Mul-T-Lock Cliq lock. It has a pick resistant mechanical key, as well as a small chip and solenoid with a challenge/response system. If someone does make a key impression, it won't help much. However, for $500 a cylinder, its pricy.

Door security key cards

[Anonymous Coward]

Most All door security keys cards drive a solenoid door strike .
The pro crooks or intruders don't bother with magnetic stripe cards , electronics, , encryption etc,they buy the system and drill a hole in the right place and operate the door strike Directly with a narrow screwdriver or fashioned shorting stripe or wad of tin foil , bypassing all of the electronics and all of the security.
Ironically , The better electronics is more precise making the drill and popping of the door solenoid that much faster and easier .

Normal or hacked card time to door open about 2 seconds
Drill and screwdriver about 10 seconds.

A similar thing was done in casinos to electronics in slot machines the crooks purchased a machine and screwed it over.
  A single metal piece of wire up into the machine at the right place and instant winner.
  Casinos have since changed the way the machines work and one can no longer buy the new machines as easily,and security looks out for anyone putting things up into the machines

Re:Is this surprising?

[Anonymous Coward]

There exist keypads that are clear with LED displays behind... they scramble, and display numbers beneath the keys when activated. No patterns.

Re:BFD

[Dun Malg]

Joe Crook can cut a Medeco bitting key out of an old grocery store coupon card and bypass the sidebar and slider in a few seconds without any need for a key machine or any particular skill. That's what the exploit is all about.

It requires skill, just not much. Did I say dremeling a brass blank and cutting with a Blitz requires much skill? If you don't know the operating principles of a Medeco lock, you can't do it, but that's not saying much. The only difference is that it can be done with an X-acto knife instead of an expensive key machine.

p.s. the sidebar isn't "bypassed", the key is cut to pass it in the normal way. The slider is a silly gimmick to give them something to patent, as the patent on Biaxial blanks has run out and 3rd parties are now cranking out Biaxial blanks for whoever wants them.

Re:Is this surprising? -- No.

[BrokenHalo]

I used to be a blacksmith myself, and I never needed a credit card. My tool of choice was a ground-down .02-inch feeler-gauge (you can get one from any DIY car maintenance shop) and a screwdriver (to do the work of turning the barrel).

Re:3-d printers?

[icegreentea]

The credit card just raises the tumblers. You still need a torsion wrench (a screw driver will do) to turn the lock.

Just typical Slashdot mentality

[Sycraft-fu]

You see it with virtual security all the time: People around here (and other sites) seem to think that perfect security is achievable. They believe you can make a system that is perfectly unbreakable, no matter what. Now maybe in the virtual world that is a theoretical possibility, though a practical impossibility, but those of us who deal with physical security know it is impossible, even in theory. I mean I've never seen a lock, no matter what kind, that will stand up to a sufficiently large shaped charge.

The White House doesn't buy invincible locks because they aren't invincible locks to be bought. Turns out if you do research, it is hard to get much better than Medeco for mechanical locks. However the White House also doesn't rely on just locked doors to keep people out. As you noted, highly trained men with guns would be one of their main security systems, but by far not the only one.

Re:Funny...

[mabhatter654]

it's simpler than that. Each KEY has a unique (not repeated on blanks) number used once (like iButton, etc) and they're paired to the car at the dealership. The tooth pattern opens the mechanical door locks, the car doesn't start without the matching number code whether the key turns or not. Disabling the battery won't work as it happens all the time, so it's written to flash somewhere in the car computer. The various manufacture alarms all trigger off various mismatches of key versus code chip.

Re:Getting the key picture, is the key to success

[jhol13]

In Estonia criminals had "keys" made of titanium. With them and using just force (pins in the lock would break) they could open any car door and start the engine.

The car manufacturers did nothing to improve the locks until there were law requiring an immobiliser.

Re:Is this surprising?

[Z00L00K]

Personally I would say that a purely mechanical key is insufficient in a high-security building.

It would be necessary to also have electronic support in the same way as the immobilizer in cars works so that the lock refuses to open whenever an unaccepted key is used. And even if possible also sound an alarm and keep the forged key in the lock, which will then be considered evidence.

If I have legitimate business and the key is kept by the lock I shouldn't be worried when Secret Service shows up to resolve the problem, but if I'm on illegitimate business then I will lose the key that probably carries some of my DNA and have to make myself scarce.

The idea behind locks are to deter entry from the people that are curious or looking for an opportunity and to delay those that really are planning to entry anyway.

Re:Is this surprising?

[Kijori]

Not only that - the technique seems overly simplistic and rather optimistic.

The M3 has three high security features:
1) Sidebar. This means that the peaks on the key are milled at an angle and rotate the pins as well as lifting them
2) Slider. This is like a long, horizontal pin that must be depressed.
3) Key control.

The third of these - key control - is not relevant to the feasability of duplicating the key.

The slider is the weaker security measure. Its main use is in preventing M3 keys being duplicated on standard key blanks or milled out of sheets of metal. The only problem is that, since the M3 keyway is quite wide, it is possible to insert a separate pick and depress the slider - apparently this is possible with a paperclip. However it must be remembered that the M3 can ship with custom keyways, and as such the fact that a "standard" M3 is vulnerable to this simple attack doesn't mean that it will be possible against the White House.

The side bar is what seems to me to be the biggest obstacle. The authors of this attack claim to be able to make a copy of any key simply by using a photo of the key and some plastic. However, judging angles from a photograph is far from easy, and the M3 is built to very tight tolerances, meaning that the rotations must be accurate. If you get the angles wrong you risk jamming the lock; not a problem with the authors' test locks, where they could simply start again, but a big problem in a break-in.

Finally, the article talks about Medeco locks being "unpickable" and this being the first time locksmiths have ever heard of it being attackable. This is untrue - it is possible (albeit extremely difficult) to pick an M3 with standard picks. Specialist picks also exist for the M3 which make it much easier (although it is still a good lock). And it is worth pointing out that this is not a blanket attack against high-security locks; other brands use techniques such as dimples milled into the side of the key, which would be immune to this technique.

Basically what I'm trying to say is that this seems much less of a big deal than the article author seems to think. Bypassing your own lock is very different that "destroying the security" completely.

Re:Funny...

[drinkypoo]

And to complete the circle, in most cases you have to replace not just the PCM (powertrain control module, which runs the engine and controls things like fuel injection and timing adjustment, or on distributor-free systems, initiates the sparks themselves) but also the sensor-reader. Sometimes this is built into the ignition switch itself, and sometimes it's just wrapped around it - but you have to get into the column to mess with it. This does NOT stop people from stealing these high-dollar cars, it only raises the bar. It more or less means you need a car to practice on before you can steal them, but dealers have to employ someone to service cars... And anyone can go to the dealer service schools, masquerading as a service mechanic.

Re:Is this surprising?

[Dun Malg]

It would be trivial to extend the car key method by...adding a capacitor whose value must be matched, and so on.

Nah, that's a dead end. GM did that already years ago with their VATS keys, only with a resistor (more reliable than a capacitor). Big pain in the ass, for very little additional security. Sealed transponder modules have completely superseded them, as they provide greater variation (unique IDs vs. only 15 resistance values), they can't be read with a $2 multi-meter, and they aren't dependent on flaky physical contacts to be read.

Re:Not news...

[Dun Malg]

>Cutting a key by sight based on a key sitting on the seat of an car is apparently a useful skill for locksmiths...

Sigh. My locksmith can't get a working copy 1 times in 3 even when I give him the original to make copies.

If you're just going in and having the key duplicated, there's a pretty good chance your original is crap. Garbage in, garbage out. A key duplicator is like a xerox machine. It makes a copy, but the copy is never going to be quite as good as the original. I keep my duplicator adjusted to within one thousandth of an inch after 10 generations, but even that is sometimes too much for a crappy key. A few "generations" removed from the factory original key by dodos with badly adjusted duplicators, and you'll have a key that works, but won't duplicate reliably. Instead of having your locksmith make you a $2 copy of a bad key, fork over the cash to have him decode the key and cut a new one by code. If he can't do that, you need to find a new locksmith. If your "locksmith" is the slackjawed guy at Home Depot that runs their badly-calibrated key duplicating machine, you need to find a real locksmith.

Re:Is this surprising? -- No.

[hey!]

My wife grew up in the suburbs and I grew up in the city. One of her pet peeves is that I tend to leave the doors of our car unlocked when I park. The difference is that I grew up in a neighborhood where some people would smash your windows if they saw anything in it they might want.

Nobody in my neighborhood had fancy car stereos; they either had plain old AM/FM radios, or they had a hole in their dashboard with wires hanging out.

Some of the kids had almost a hacker's attitude towards breaking into cars. Things you left out in your car, in plain view (like a car stereo I guess) were pretty much looked on as abandoned property. But it was the drug addicts to smashed windows. The classier kids didn't do more damage than necessary, unless they decided to take your car for a ride.

I was visiting the old neighborhood once and locked my keys in my car. One of the local kids who was sitting on his front porch asked if I needed help, and I said yes. He disappeared into his apartment and came out with a few tools. He had my car open almost as fast as I could do it with a key, literally in about ten seconds. Didn't leave a scratch on the car, either.

Nice kid. Practically a Boy Scout.

Re:Is this surprising? -- No.

[hey!]

My elderly mom was once stuck in her apartment by a jammed deadbolt. She couldn't get the super, and there was no exit, not even a fire escape, only a third floor balcony.

Rather than call the Fire Department, she called me. I came over, and she buzzed me in, then I kicked her front door in (let's say I'm a little bigger than average). It took me two or three tries to break the hinges.

Not a single soul peeked out to see what was going on, or called the cops.