Forgot your password?
typodupeerror
Security

Robotic Kiosk Stores Digital Copies of Physical Keys 192

Posted by Soulskill
from the what-could-possibly-go-wrong dept.
An anonymous reader writes "The New York Daily News reports that a startup company in Manhattan is putting robotic key copying machines in 7-Eleven stores. The machines can automatically create physical copies of common apartment and office keys. What's more interesting is that they allow users to save digital copies of their keys, which can later be created when the original is lost or the user is locked out of their home."
This discussion has been archived. No new comments can be posted.

Robotic Kiosk Stores Digital Copies of Physical Keys

Comments Filter:
  • by Simulant (528590) on Tuesday June 25, 2013 @05:53PM (#44105991) Journal
    May as well just get rid of physical keys altogether.
    • Re: (Score:2, Funny)

      by Anonymous Coward

      What can go wrong is when you lose the key to the safe that contains the password to access the digital copy of the key to the safe.

    • We soon get to the same damn thing car company's have when you want to replace your electronic car key and they want $600-800.

      Keys only keep out the bad guys for just a bit longer than an open door, so I doubt electronics will work.

      Have you seen how quickly a short crowbar works on a door? A glass cutter in skilled hands is not much slower, but quieter.

      • by Smidge204 (605297) on Tuesday June 25, 2013 @06:21PM (#44106421) Journal

        Crowbar marks, splintered door jams and broken glass are evidence of forced entry.

        Using a key leaves no evidence and may not even raise suspicion should anyone see you do it.
        =Smidge=

        • by mysidia (191772)

          Using a key leaves no evidence and may not even raise suspicion should anyone see you do it.

          Until the burglar alarm goes off.

          This is what insurance for, though. Both ways of a thief getting in are what insurance is for.

          I don't think I would want my neighbors to endanger themselves by approaching the scene; so i'm not necessarily sure if it's better for people's suspicions to be raised, except that the thief might be more likely to get away with no witnesses, if they don't raise suspicion...

      • by icebike (68054)

        And the City Key [allvoices.com] is much faster, but noisy.

      • by Charliemopps (1157495) on Tuesday June 25, 2013 @07:18PM (#44106963)

        I used to think this to. Then, about 10 years ago, an apartment complex I lived in turned on the heat for the winter. It was set to 65. This is when I realized that I had no thermostat in the apartment. They told me there was no way to turn it up, it was a "fixed system" uh huh... after a bit of exploring I found a locked door in the basement. I did a couple of internet searches, watched some videos and an hour later I was standing in the now unlocked utility room looking at a VERY adjustable thermostat which then got set to 75 for the rest of the winter. When it got too hot we'd just open a window.

        And just for clarification, picking a dead-bolt by a complete novice that had never done it before took all of 2min.

      • by hedwards (940851)

        Doubtful, at least for apartment dwellers, there would be some sort of access that the super would have to create a new card key and open the door. The cost of replacing one of these would likely be less than the cost of getting a locksmith to come in and open the door.

        I used to work as a security officer and we loved those keys. It made it easy to change the locks when need be, as most of the time it just required changing the access from the terminal, you could quickly disable access to the super's key if

    • by calzones (890942) on Tuesday June 25, 2013 @06:24PM (#44106447)

      I see a potential problem where if you loan your key to someone, they can duck into the store and quickly save a copy for themselves to retrieve at any time in the future. Or they might "borrow" your keys for this very purpose and give them back before you realize they are missing.

      Yes, they could theoretically do this with physical copies as well, but that it more cumbersome and takes longer (having to go to a dedicated hardware store to do so).

      I also see landlords not liking this technology.

      • by king neckbeard (1801738) on Tuesday June 25, 2013 @06:36PM (#44106581)
        You can have copies of house keys made at Wal-Mart.
        • Yeah, that was my thought as well, but then I had another idea. The only advantage with something like this is to disassociate yourself with your accomplice.

          So you and the victim go on a road trip to City B. Find a excuse to borrow the keys and fill up the gas tank at a 7-11. Transmit the data to City A where your accomplice makes the key and does the crime.

          Now, I am guessing that there are easier ways to do this.

          • by spazdor (902907)

            One or two good digital photos of the key is sufficient to cut a working replacement by hand.

            • by hedwards (940851)

              Depends on the set, in some parts of the world, the keys are quite a bit harder to duplicate. I used to have one that looked kine of like a philip's head screw driver, with 4 key edges rather than the more typical 1 or 2, I'm sure that would take a bit more effort to duplicated by hand.

              • by drinkypoo (153816)

                It would take a little more than four times as much effort and twice as many photographs (two rather than one), you have to align the edges to one another after all. That still doesn't make it much of a stretch.

          • by mysidia (191772)

            So you and the victim go on a road trip to City B. Find a excuse to borrow the keys and fill up the gas tank at a 7-11. Transmit the data to City A where your accomplice makes the key and does the crime.

            Once you have possession of the key, you just take certain pictures with your camera phone, and write down the numbers.

            There are online services that will be more than happy to cut the key and ship it.

            I suppose what happens with the Kiosk is it lowers the bar. Now a 10 year old will be able to pul

      • What? I am sure it takes longer or about the same time to use this.
        I am a landlord, and it is extremely fast, easy, and relatively cheap to copy a key.

        I would love if they kept copies of my keys in their database.

        • by mysidia (191772)

          I would love if they kept copies of my keys in their database.

          Just roll the cost of a lock change in the new-tenant checkin procedure; now you have an excuse.

          Come to think of it... why not bill a lock change cost both at check in, and at check out?

          • by Richy_T (111409)

            You should really do this anyway. It's not like this kiosk really changes things in that respect.

      • by mysidia (191772)

        I also see landlords not liking this technology.

        The commercial apartment owner probably has little to worry about -- these kiosks are most likely not going to be able to duplicate keys to operate Best Lock / SFIC core types; there are also restricted keyway systes they may be using such as Arrow Lock, MUL-T-LOCKs, Schlage Everest, Abloy, Medeco, or BiLock keyways.

        Commercial appartment complexes, schools, and large businesses use key management systems that sometimes leverage high security loc

        • by mhajicek (1582795)
          Why not just scan and 3d print it?
        • by Richy_T (111409)

          If ever there was an abuse of patents, this is it.

          OK, there's some ways you could design key mechanisms that would be worthy of a patent but merely changing the shape of a current implementation is not a valid use of the system.

    • by kheldan (1460303)
      Seriously. Does it ask for your home address and license plate number, store those too, to make it easier for the crook that hacks the machine, makes copies of your keys, and then robs your house and steals your car(s)?
    • Sure, why not? (Score:5, Interesting)

      by Valdrax (32670) on Tuesday June 25, 2013 @06:40PM (#44106627)

      That's what my roommates did at the house I live at. Keyless entry via numeric pad attached to a battery-powered* dead bolt. Simple, convenient, and no less secure than physical keys. It just replaces "something I have" with "something I know," and it isn't vulnerable to bump-keys or lock-picking tools.

      *Lasts for months and gives plenty of warning before it goes out, so no worries there.

      • by swillden (191260)

        Link?

        • by bmk67 (971394)

          Let me goog...

          Oh fuck it, google it yourself.

        • I have one of these [weiserlock.com] on my front door. Handy if you're carrying something and don't want to fish in your pocket for keys.

          I imagine that GP has something similar or perhaps the model with no lever/knob (i.e. just a deadbolt).
      • *Lasts for months and gives plenty of warning before it goes out, so no worries there.

        Can be defeated by applying a high voltage to the face-plate, thus burning up the solid-state equipment and engaging the relay which releases the door.

        • Re:Sure, why not? (Score:4, Interesting)

          by Anonymous Coward on Wednesday June 26, 2013 @12:05AM (#44108905)

          High voltage electricity acts funny. It doesn't really respect things like insulation or air gaps. Normally-insulating materials like concrete become conductive. When indiscriminately applied to electronics, high voltage doesn't generally do what you want.

          Inappropriately high voltage to the contacts on a digital lock keypad -- not the faceplate, which is floating on a wooden jamb or grounded for a metal jamb -- will, at best, burn out the microcontroller which is responsible for engaging the relay which releases the door. At worst it will simply burn out the input pins responsible for the keypad, leaving a perfectly functional digital lock with no input available to unlock it.

          If you're lucky, or the protagonist in a drama, it will fail in exactly the right way to engage the relay while not damaging any of the other circuitry in the device. This is difficult to achieve in practice and rarely occurs outside of high-pressure situations in TV shows or movies.

          If the bolt relay is activated by putting +Vcc on a transistor or the legs of a solid-state relay, you will have to apply just the right voltage and current through the keypad in order to turn the microcontroller into a blob of solder. However, the resulting blob will simply short out the batteries, either sending no current to the relay, or leaving insufficient current available to drive the bolt motor. If the device has a pair of relays (one per motor direction) then both may become energized, resulting in no motion or a dead short.

          If the bolt relay is activated by grounding a pin, you're screwed unless the circuit designer added a failsafe where the bolt will be released if the microcontroller fails to initialize. Since the failsafe circuitry in most keypad locks is a few lines of code inside the microcontroller's interrupt handler, this is not likely to be triggered by the protagonist's magic lightning.

          I've seen a badly designed keypad lock drain its batteries trying to lock itself repeatedly when the batteries got low. The device had a beeper in it to alert users that its batteries were running low. After several days of unattended beeping, the lock suddenly began to beep twice a second while simultaneously engaging its lock motor. The low voltage began playing havoc with the latches on the keypad input pins and it was interpreting the incoming noise as a user pressing the "lock" button on the keypad. The batteries died in seconds once this failure mode took hold. Fortunately, people were on the correct side of the door to replace them.

  • Public keys (Score:5, Funny)

    by ChumpusRex2003 (726306) on Tuesday June 25, 2013 @05:53PM (#44106009)

    Could this be the first case of public key encryption getting broken?

    • by mysidia (191772)

      Could this be the first case of public key encryption getting broken?

      No... public key encryption would be: You leave a key on your front porch, however: that key is only capable of locking the dodor.

      You keep the secret key inside, or in your pocket ---- your secret key can unlock your door when locked with the public key.

      You only lock the door with the secret key, if you need to prove that you are the homeowner -- because when locked with the secret key, only your public key can unlock it.

  • by mlts (1038732) * on Tuesday June 25, 2013 @06:06PM (#44106191)

    Copy of physical key's bitting dimensions + address info from a credit card. A remote intruder could download that, then sell lists of those to local gangs wanting some easy prey for home invasions.

    Of course, there is the fact that if you want to buy a bump-resistant lock [1], it won't be something a key copying kiosk can copy easily.

    [1]: I'm partial to Abloy's Protec2 Cliq line because it has the top tier mechanical pick resistance in addition to an electronic lock. Makes life easier to reprogram the lock to deny access just to the single lost key than have to rekey the lock and hand out new keys.

    • IAALS (Score:3, Informative)

      by Anonymous Coward

      I Am A LockSmith. The fastest and easiest way to get a bump resistant lock is add one or two tried and tested bump resistant pins. The variety Masterlock came up with does not work. T-pins work well. Dramatically different spring strengths or top pin weights will stop bumping. All three of those methods cost pennies.

      As for the Abloy's of the world, well- they have a problem. Great fun for picking enthusiasts. A good way to kill free time. As for opening them- it takes less time than a Schlage with some spoo

      • Personally, if you are willing to put the money into a Protec2, you really should consider putting ballistic film on your windows

        That may cause problems if the fire department wants to get in in a hurry, for example if your house is on fire.

      • You can't just increase the strength of one link on a chain and call it good.

        You can, if it is the weakest link.

  • I really hope they don't make you register with your address. Losing that database would be terrifically bad.

  • by jtownatpunk.net (245670) on Tuesday June 25, 2013 @06:07PM (#44106215)

    There's no technical reason why the kiosk system needs to "know" or store the physical location of the locks that match the keys. Create an account and pay with cash and there's no reason to enter any personally identifying information.

    I think charging $20 for an emergency key is a kick in the nuts, tho. They're only charging $3.50 for a standard copy of a key you have in-hand so why are they being dicks about the price of printing a key you've stored? Well, obviously, the reason is, "Because they can." But it's still a dick move.

    Also, I hope they've got some sort of approval method where a human looks at a picture of the key to see if it's marked "do not duplicate" before a copy is made. That's something I wouldn't trust to OCR.

    • by ChumpusRex2003 (726306) on Tuesday June 25, 2013 @06:21PM (#44106411)

      This type of scanning key cutting machine has been around for ages - the storing of the key bitting is new.

      In general, this type of machine designed for public use, is only loaded with blanks for "unrestricted" keys.

      "Do not duplicate" keys are not protected by just being labelled, they are physically a different shape (often with patented curves and bends), and genuine blanks can only be bought by registered locksmiths who have signed an agreement with the manufacturer not to duplicate keys without proof that the customer is authorised to duplicate that key.

      Manufacturers do cut off supply to locksmiths that engage in unauthorized duplication (if they find out). Similarly, the manufacturers will use patent laws to block sale of 3rd party key blanks.

      You can still get unauthorized copies made, but it's more difficult. The higher end manufacturers part-key the key blanks to a locksmith's unique code (using difficult to copy modifications - e.g. holes drilled to a specific depth along the length of the key, or curves engraved on the side of the key); a locksmith can only obtain blanks to duplicate keys that he himself sold, making it much easier to trace unauthorized duplication.

      • Just an FYI: Walmart has key-making machines. I lost one of the keys to my building's main gate (but I still had my second copy). Even though these keys have "Do Not Duplicate" stamped on it, I went ahead and made myself an extra key. It was no problem at all. Now I have a duplicate key, and the new key doesn't even have "do not duplicate" stamped on it.
      • by adolf (21054)

        "Do not duplicate" keys are not protected by just being labelled, they are physically a different shape (often with patented curves and bends), and genuine blanks can only be bought by registered locksmiths who have signed an agreement with the manufacturer not to duplicate keys without proof that the customer is authorised to duplicate that key.

        Physically different? Because it is physically impossible for an individual to get a key blank and imprint "DO NOT DUPLICATE" on it using a stamp?

        Wait, that was ha

      • "Do not duplicate" keys are not protected by just being labelled, they are physically a different shape (often with patented curves and bends), and genuine blanks can only be bought by registered locksmiths who have signed an agreement with the manufacturer not to duplicate keys without proof that the customer is authorised to duplicate that key.

        SOME "do not duplicate" keys are like that - but they're a minority because they're expensive and a PITA to manage (like most proprietary systems). Many

    • by idji (984038)
      the machines won't have blanks for "do not duplicate" keys.
    • by brit74 (831798)

      Also, I hope they've got some sort of approval method where a human looks at a picture of the key to see if it's marked "do not duplicate" before a copy is made. That's something I wouldn't trust to OCR.

      My local Walmart has a key-making machine. Last year, I made myself a duplicate of a key that had "Do Not Duplicate" stamped on it. The new key works perfectly fine. No, machines don't (and can't) check if they keys are marked "Do Not Duplicate". And, yes, these machines have been around a while.

    • by mysidia (191772)

      where a human looks at a picture of the key to see if it's marked "do not duplicate"

      Even at places where a human dups the key; there is no checking if it's marked "do not duplicate". They want your business, and there is no law against duplicating a key just because it's marked do not dup.

      You don't even have to explain yourself or anything --- as long as they can duplicate it they will. They want your business, and they want you to be a satisfied customer.

      Unless the keyway is restricted; and theref

  • by Mad-Bassist (944409) on Tuesday June 25, 2013 @06:08PM (#44106235) Homepage

    Now we can't even trust the babysitter to grab a Slurpee down the street...

    I can only see this inspiring people with shifty morals to try something new because it's now more convenient. Good thing car keys are more complex these days.

    • by icebike (68054)

      Now we can't even trust the babysitter to grab a Slurpee down the street...

      Well, you never could anyway. A clay impression can be made without even leaving the apartment.

    • They could always do that. It is that just now their is a digital footprint if they do it.

    • by Sir Holo (531007)
      I apologize. I had thought I was on FARK for a moment. What with the "babysitter" and "slurpee" and "grab" and "convenient."

      My bad. This is a key & security thread. The Farkers can make a similar thread, and then take discussion in their own direction, on their own website.
  • They do cheap ass shit like put only 3 of the 5 possible tumblers in them. The key still has 5 cuts for 5 potential tumblers, but they only use 3 of the 5.

    The lock companies only use so many potential combinations anyway.

    I'm betting they won't be able to reproduce a 7 tumbler Best key with the "do not duplicate" stamped on it.
    • by icebike (68054)

      And yet the work just fine for the intended purpose.
      If people want in, no amount of tumblers will prevent it.

      • That is the point I'm trying to make. Anyone serious about using a keyed lock for security will use a key that is controlled. Consumer stuff at Home Depot or Lowes or hardware stores do not have controls on the blank keys. What makes it worse is they don't even utilize the number of potential tumblers they could use. A 5 tumbler lock with only 3 tumblers installed is trivial to pick just by raking. If you don't care about leaving evidence of breaking in, then no lock will help you against forced entry
  • by dalias (1978986) on Tuesday June 25, 2013 @06:40PM (#44106625)
    This is nothing you can't do with a camera phone, a decent-angle shot of the victim's key, some trivial math, and a 3D printer. Of course I just said "3D printer" to be trendy. It works just as well with a 2D printer, cutting out the image, laying it on top of a blank key as a pattern, and taking a Dremel to it.
    • by dalias (1978986)
      Actually I just guessed this would work, but apparently somebody already made a video showing how to do it: http://www.youtube.com/watch?v=qpDJC4vK7O0 [youtube.com]
  • I dont even let my mechanic have my house keys when i take my car in for repair. I always take the car key off and just give them that. No way in hell im going to trust a kiosk.
    • by bonehead (6382)

      Aww.... That's so cute....

      He actually thinks a lock and key can stop someone from getting in...

      • by ledow (319597)

        I don't think he does.

        But bear in mind that "forced entry" is pretty much a requirement of any insurance payout. If someone BREAKS in, no matter how minor the method they use, you get paid from your house insurance.

        If someone uses a key, or a copy of a key, and walks in without breaking anything - then you get precisely zip.

        We all know that cars and houses aren't "secure", nobody wants to live in Fort Knox. The point of a key is to increase the time it would take to enter the premises without forcing entr

  • by Brooklynoid (656617) on Tuesday June 25, 2013 @07:26PM (#44107085)
    Really? TFA describes this as a Manhattan-based initiative, so I'm guessing that he's using the term New York City to refer to Manhattan, not Greater New York (all five boroughs). There are 1.6 million people in Manhattan. I don't believe the average person locks themselves out twice per year. Even if he does mean all five boroughs, that still means that one-third of the city locks themselves out each year. I have a very hard time believing this.

    Also, virtually all Manhattan residents live in apartment buildings, so they need to get though two locked doors; the front door to the building and the door to their actual apartment. Pretty much all buildings use a lock/key that can't be (easily) copied (Mul-T-Lock or similar) for the front door, so unless you're going to break into your own lobby, you're still up the creek. And if you live in a building with a doorman or live-in superintendent, they frequently have access to a copy of your key.

    I don't see this catching on in a big way.
    • by bonehead (6382)

      Maybe not in the scenario you describe.....

      But that just means that NYC is a "special case". This would be a GREAT service in the vast majority of the country.

      (And, yes, NYC is a special case, in the sense that it's filled with idiots who think they're "special". Probably tied with LA for idiocy.)

  • Would you trust 7-Eleven with a copy of your key? I wouldn't. But I might put a copy in my wallet.
  • I wonder - does providing a third party with a digital copy of your key remove the "expectation of privacy" for law enforcement in the same way as using a digital messaging service (ie, email) does?

    That is, I wonder if this will open the doorway to police in the US saying "Oh, well the defendant left their key readout with this company, which as a third party destroys their expectation of privacy to their locks, therefore we had the right to subpoena the key and then search the premises it unlocks".

    • by ledow (319597)

      More importantly - what does it do for your house insurance premium.

      I'm pretty sure that I just "left a copy of my key" with even a key-smith, and the insurance company found out, they wouldn't be happy to pay out in future.

      More important than anything in this article though (in the EU, they probably wouldn't be allowed to store the image, even with your permission, and that just turns it into a more-reliable key-cutting service), is 3D printers.

      Just how hard is it to copy a modern key on a 3D printer nowad

If money can't buy happiness, I guess you'll just have to rent it.

Working...