Robotic Kiosk Stores Digital Copies of Physical Keys 192
An anonymous reader writes "The New York Daily News reports that a startup company in Manhattan is putting robotic key copying machines in 7-Eleven stores. The machines can automatically create physical copies of common apartment and office keys. What's more interesting is that they allow users to save digital copies of their keys, which can later be created when the original is lost or the user is locked out of their home."
What could possibly go wrong? (Score:5, Insightful)
Re: (Score:2, Funny)
What can go wrong is when you lose the key to the safe that contains the password to access the digital copy of the key to the safe.
Re: (Score:3)
We soon get to the same damn thing car company's have when you want to replace your electronic car key and they want $600-800.
Keys only keep out the bad guys for just a bit longer than an open door, so I doubt electronics will work.
Have you seen how quickly a short crowbar works on a door? A glass cutter in skilled hands is not much slower, but quieter.
Re:What could possibly go wrong? (Score:5, Insightful)
Crowbar marks, splintered door jams and broken glass are evidence of forced entry.
Using a key leaves no evidence and may not even raise suspicion should anyone see you do it.
=Smidge=
Re: (Score:2)
Using a key leaves no evidence and may not even raise suspicion should anyone see you do it.
Until the burglar alarm goes off.
This is what insurance for, though. Both ways of a thief getting in are what insurance is for.
I don't think I would want my neighbors to endanger themselves by approaching the scene; so i'm not necessarily sure if it's better for people's suspicions to be raised, except that the thief might be more likely to get away with no witnesses, if they don't raise suspicion...
Re:What could possibly go wrong? (Score:4, Insightful)
This is what insurance for, though. Both ways of a thief getting in are what insurance is for.
Your insurance policy probably doesn't cover shit if there's no evidence of forced entry, but YMMV.
The police might not even take a report.
Re: (Score:2)
yeah in theory..
you think cops are going to scourge through 7/11 logs about if a certain key was copied and if it was who paid it.. and that wouldn't really work as evidence that the copier did the theft either.
digital keys would be the way to go, really.
around here we have some keys that the locksmiths will not copy without permit slips. that's the newest generation. of course one could copy them given enough time and metalworking tools if he had 4 pictures of the key.
Re: (Score:3)
And the City Key [allvoices.com] is much faster, but noisy.
Re:What could possibly go wrong? (Score:5, Interesting)
I used to think this to. Then, about 10 years ago, an apartment complex I lived in turned on the heat for the winter. It was set to 65. This is when I realized that I had no thermostat in the apartment. They told me there was no way to turn it up, it was a "fixed system" uh huh... after a bit of exploring I found a locked door in the basement. I did a couple of internet searches, watched some videos and an hour later I was standing in the now unlocked utility room looking at a VERY adjustable thermostat which then got set to 75 for the rest of the winter. When it got too hot we'd just open a window.
And just for clarification, picking a dead-bolt by a complete novice that had never done it before took all of 2min.
Re: (Score:3)
Re:What could possibly go wrong? (Score:4, Funny)
Locks also keep homeless people from shitting in my car.
Re: (Score:3)
Re: (Score:3)
Doubtful, at least for apartment dwellers, there would be some sort of access that the super would have to create a new card key and open the door. The cost of replacing one of these would likely be less than the cost of getting a locksmith to come in and open the door.
I used to work as a security officer and we loved those keys. It made it easy to change the locks when need be, as most of the time it just required changing the access from the terminal, you could quickly disable access to the super's key if
Re:What could possibly go wrong? (Score:4, Insightful)
I see a potential problem where if you loan your key to someone, they can duck into the store and quickly save a copy for themselves to retrieve at any time in the future. Or they might "borrow" your keys for this very purpose and give them back before you realize they are missing.
Yes, they could theoretically do this with physical copies as well, but that it more cumbersome and takes longer (having to go to a dedicated hardware store to do so).
I also see landlords not liking this technology.
Re:What could possibly go wrong? (Score:4, Insightful)
Re: (Score:3)
Yeah, that was my thought as well, but then I had another idea. The only advantage with something like this is to disassociate yourself with your accomplice.
So you and the victim go on a road trip to City B. Find a excuse to borrow the keys and fill up the gas tank at a 7-11. Transmit the data to City A where your accomplice makes the key and does the crime.
Now, I am guessing that there are easier ways to do this.
Re: (Score:2)
One or two good digital photos of the key is sufficient to cut a working replacement by hand.
Re: (Score:2)
Depends on the set, in some parts of the world, the keys are quite a bit harder to duplicate. I used to have one that looked kine of like a philip's head screw driver, with 4 key edges rather than the more typical 1 or 2, I'm sure that would take a bit more effort to duplicated by hand.
Re: (Score:2)
It would take a little more than four times as much effort and twice as many photographs (two rather than one), you have to align the edges to one another after all. That still doesn't make it much of a stretch.
Re: (Score:2)
So you and the victim go on a road trip to City B. Find a excuse to borrow the keys and fill up the gas tank at a 7-11. Transmit the data to City A where your accomplice makes the key and does the crime.
Once you have possession of the key, you just take certain pictures with your camera phone, and write down the numbers.
There are online services that will be more than happy to cut the key and ship it.
I suppose what happens with the Kiosk is it lowers the bar. Now a 10 year old will be able to pul
Re: (Score:2)
What? I am sure it takes longer or about the same time to use this.
I am a landlord, and it is extremely fast, easy, and relatively cheap to copy a key.
I would love if they kept copies of my keys in their database.
Re: (Score:2)
I would love if they kept copies of my keys in their database.
Just roll the cost of a lock change in the new-tenant checkin procedure; now you have an excuse.
Come to think of it... why not bill a lock change cost both at check in, and at check out?
Re: (Score:2)
You should really do this anyway. It's not like this kiosk really changes things in that respect.
Re: (Score:3)
I also see landlords not liking this technology.
The commercial apartment owner probably has little to worry about -- these kiosks are most likely not going to be able to duplicate keys to operate Best Lock / SFIC core types; there are also restricted keyway systes they may be using such as Arrow Lock, MUL-T-LOCKs, Schlage Everest, Abloy, Medeco, or BiLock keyways.
Commercial appartment complexes, schools, and large businesses use key management systems that sometimes leverage high security loc
Re: (Score:2)
Re: (Score:2)
If ever there was an abuse of patents, this is it.
OK, there's some ways you could design key mechanisms that would be worthy of a patent but merely changing the shape of a current implementation is not a valid use of the system.
Re: (Score:2)
Perhaps not if you require a 7-eleven, but there's almost always going to be something closer than a Wal-Mart, those are usually out in the sticks compared to the local hardware store.
Re: (Score:2)
Careful of generalizations. That's not the case around here and often the Walmarts have driven the local hardware stores out of business
Re: (Score:2)
Sure, why not? (Score:5, Interesting)
That's what my roommates did at the house I live at. Keyless entry via numeric pad attached to a battery-powered* dead bolt. Simple, convenient, and no less secure than physical keys. It just replaces "something I have" with "something I know," and it isn't vulnerable to bump-keys or lock-picking tools.
*Lasts for months and gives plenty of warning before it goes out, so no worries there.
Re: (Score:2)
Link?
Re: (Score:2)
Let me goog...
Oh fuck it, google it yourself.
Re: (Score:3)
Re: (Score:3)
I imagine that GP has something similar or perhaps the model with no lever/knob (i.e. just a deadbolt).
Re: (Score:2)
*Lasts for months and gives plenty of warning before it goes out, so no worries there.
Can be defeated by applying a high voltage to the face-plate, thus burning up the solid-state equipment and engaging the relay which releases the door.
Re:Sure, why not? (Score:4, Interesting)
High voltage electricity acts funny. It doesn't really respect things like insulation or air gaps. Normally-insulating materials like concrete become conductive. When indiscriminately applied to electronics, high voltage doesn't generally do what you want.
Inappropriately high voltage to the contacts on a digital lock keypad -- not the faceplate, which is floating on a wooden jamb or grounded for a metal jamb -- will, at best, burn out the microcontroller which is responsible for engaging the relay which releases the door. At worst it will simply burn out the input pins responsible for the keypad, leaving a perfectly functional digital lock with no input available to unlock it.
If you're lucky, or the protagonist in a drama, it will fail in exactly the right way to engage the relay while not damaging any of the other circuitry in the device. This is difficult to achieve in practice and rarely occurs outside of high-pressure situations in TV shows or movies.
If the bolt relay is activated by putting +Vcc on a transistor or the legs of a solid-state relay, you will have to apply just the right voltage and current through the keypad in order to turn the microcontroller into a blob of solder. However, the resulting blob will simply short out the batteries, either sending no current to the relay, or leaving insufficient current available to drive the bolt motor. If the device has a pair of relays (one per motor direction) then both may become energized, resulting in no motion or a dead short.
If the bolt relay is activated by grounding a pin, you're screwed unless the circuit designer added a failsafe where the bolt will be released if the microcontroller fails to initialize. Since the failsafe circuitry in most keypad locks is a few lines of code inside the microcontroller's interrupt handler, this is not likely to be triggered by the protagonist's magic lightning.
I've seen a badly designed keypad lock drain its batteries trying to lock itself repeatedly when the batteries got low. The device had a beeper in it to alert users that its batteries were running low. After several days of unattended beeping, the lock suddenly began to beep twice a second while simultaneously engaging its lock motor. The low voltage began playing havoc with the latches on the keypad input pins and it was interpreting the incoming noise as a user pressing the "lock" button on the keypad. The batteries died in seconds once this failure mode took hold. Fortunately, people were on the correct side of the door to replace them.
Re: (Score:3)
Just to help out...
KeyMe employs high-level encryption and doesn’t store addresses or any other data that can match the key information with a location. Logging into your account requires fingerprint authentication.
Wait, What? Fingerprint?
Well how long before that database draws a subpoena?
And do we know there isn't a camera in the KeyMe kiosks?
Re: (Score:2, Funny)
Well how long before that database draws a subpoena?
A subpoena? How quaint.
Re: (Score:2)
Wait, What? Fingerprint?
So then all that is needed is a warmed up Gummi bear.
Re: (Score:2)
Fingerprint with no name, address, phone number, etc., attached = no useful information to be gained via subpoena.
If I store the key blueprint against my fingerprint, all the subpoena will be able to determine is that this key will open something (presumably a house or vehicle) associated with that fingerprint. The only actually useful information here is likely to be proximity - most likely, this is the most conveniently available KeyMe kiosk for the person with that fingerprint.
That's an awfully big net
Re: (Score:2)
Police would only need a suspicion that some authorized duplicate keys were being used in a crime or series of crimes.
They look around for one of these key Kiosks, and notice that the store has surveillance cams, as all 7/11 stores do.
They notice that Store surveillance cams can see people come in and get a key.
Kiosk stores your fingerprint.
Police, on fishing expedition, get a warrant for all fingerprints recorded by the machine within X time period.
They fingerprint match the sequence to the surveillance.
No
Re: (Score:2)
"Police, on fishing expedition, get a warrant for all fingerprints recorded by the machine within X time period."
Fishing expeditions are explicitly prohibited by law. Not that it hasn't stopped them sometimes.
"So even if you aren't the thief, just another customer, your data gets handed over along with the data from the burger."
Considering the state-of-the-art of fingerprint identification hardware and software, it probably WOULD be the burger's fingerprint found there. Or one of those greasy sausages.
Re: (Score:2)
"Fingerprint with no name, address, phone number, etc., attached = no useful information to be gained via subpoena."
It also means that without 2- or 3-part authentication, there are going to be some pretty spectacular failures. Fingerprints just don't work worth a shit. Yet.
Re: (Score:2)
Why a subpoena? They would likely do what they do now, get a warrant and just bust in directly.
Re: (Score:3)
Re: (Score:3)
Carrying a few keys is far preferable than having to memorize a bunch of passwords, pass-number codes, etc. Or alternatively to carrying several gigantic, plastic "electronic key fobs" that replace what used to fit easily in your pocket.
You need to use one to open the pool gate, of course, but don't take it into the water (meaning you must leave your housekey/fob on your blanket while you swim. Increased security my ass.)!
At the end of the day, you and I are sti
Re: (Score:2)
Well if you give your key to a company to print out as many copies as they like.. you might as well not lock your doors.
Re: (Score:3)
I think a specific problem goes like this. I print and store a key. I sell an item such as a home or vehicle and hand over the keys. I then go to the store and reprint the key, now I have an unauthorized key. Yes, if someone wanted to be sneaky they could have just printed an extra key to begin with, but now we have a mechanism where someone could change their mind (like a breakup) and then make a new key.
Re: (Score:3)
Re: (Score:3)
Public keys (Score:5, Funny)
Could this be the first case of public key encryption getting broken?
Re: (Score:2)
Could this be the first case of public key encryption getting broken?
No... public key encryption would be: You leave a key on your front porch, however: that key is only capable of locking the dodor.
You keep the secret key inside, or in your pocket ---- your secret key can unlock your door when locked with the public key.
You only lock the door with the secret key, if you need to prove that you are the homeowner -- because when locked with the secret key, only your public key can unlock it.
Re: (Score:2)
You're assuming the machine encrypts its data
He might be assuming.
Or he might have, you know, read the article.
Double edged sword... (Score:5, Interesting)
Copy of physical key's bitting dimensions + address info from a credit card. A remote intruder could download that, then sell lists of those to local gangs wanting some easy prey for home invasions.
Of course, there is the fact that if you want to buy a bump-resistant lock [1], it won't be something a key copying kiosk can copy easily.
[1]: I'm partial to Abloy's Protec2 Cliq line because it has the top tier mechanical pick resistance in addition to an electronic lock. Makes life easier to reprogram the lock to deny access just to the single lost key than have to rekey the lock and hand out new keys.
IAALS (Score:3, Informative)
I Am A LockSmith. The fastest and easiest way to get a bump resistant lock is add one or two tried and tested bump resistant pins. The variety Masterlock came up with does not work. T-pins work well. Dramatically different spring strengths or top pin weights will stop bumping. All three of those methods cost pennies.
As for the Abloy's of the world, well- they have a problem. Great fun for picking enthusiasts. A good way to kill free time. As for opening them- it takes less time than a Schlage with some spoo
Re: (Score:2)
Personally, if you are willing to put the money into a Protec2, you really should consider putting ballistic film on your windows
That may cause problems if the fire department wants to get in in a hurry, for example if your house is on fire.
Re:IAALS (Score:5, Insightful)
If the maximum level of security for a home is governed by a fireman's ability to break in, then we're done here. There's nothing left to discuss.
Re: (Score:2)
You can't just increase the strength of one link on a chain and call it good.
You can, if it is the weakest link.
Re: (Score:2)
Breaking into most physical locations is trivial for a motivated intruder, no matter how sophisticated your lock is. Anyone who would bother hacking or paying for this info, and then using it to create a duplicate key is sufficiently motivated to break in via less arcane methods. "Local gangs" will simply force open the door or gain access by some other entry.
And here's the gentleman who understands physical security. Locks on your house are as much an illusion of security as the TSA.
If someone wants to get into your house, all you have to do is, as the old Sierra games used to say, use brick on window
Re: (Score:3)
The brick through a window leaves an obvious signature, which makes life a lot easier when filing a police report and making an insurance claim on stolen goods.
A picked lock means (unless there is something obvious like major damage to the lock) that it is just my word with no evidence to back it up. Similar if the burglar is caught. A broken window will almost be a certain conviction. A picked lock can be explained away as the door was already unlocked, so a B&E charge would end up not being able to
Re:Don't kid yourself. (Score:4, Insightful)
Heh.
Whenever someone I've known has had their house robbed by a stranger, there's tons of evidence: The place gets trashed.
It is a different story when you're being robbed by someone you know: They're neat and clean and precise. All you notice is that you go looking for your diamond-studded Rolex, and it isn't there anymore. But chances are good that you've already invited them in, anyway, so a lock doesn't help that situation at all either.
Re: (Score:2)
A bit of looking around at before and after photos and a some reading leaves me with the impression that a picked lock will almost always be readily discerned by close observation. Generally, there are scratches where there shouldn't be any. Whether local LEO will find that evidence will depend much on who you are, where you live, and the value of items taken.
Re: (Score:2)
Heck, you might be better off with no lock so that your nemesis might be enticed to expose themselves to your motion-detection/surveillance systems.
I hear the unlocked front door; with false floor behind and an alligator pit directly below work wonders.
Address? (Score:2)
I really hope they don't make you register with your address. Losing that database would be terrifically bad.
It could work securely (Score:4, Insightful)
There's no technical reason why the kiosk system needs to "know" or store the physical location of the locks that match the keys. Create an account and pay with cash and there's no reason to enter any personally identifying information.
I think charging $20 for an emergency key is a kick in the nuts, tho. They're only charging $3.50 for a standard copy of a key you have in-hand so why are they being dicks about the price of printing a key you've stored? Well, obviously, the reason is, "Because they can." But it's still a dick move.
Also, I hope they've got some sort of approval method where a human looks at a picture of the key to see if it's marked "do not duplicate" before a copy is made. That's something I wouldn't trust to OCR.
Re:It could work securely (Score:5, Informative)
This type of scanning key cutting machine has been around for ages - the storing of the key bitting is new.
In general, this type of machine designed for public use, is only loaded with blanks for "unrestricted" keys.
"Do not duplicate" keys are not protected by just being labelled, they are physically a different shape (often with patented curves and bends), and genuine blanks can only be bought by registered locksmiths who have signed an agreement with the manufacturer not to duplicate keys without proof that the customer is authorised to duplicate that key.
Manufacturers do cut off supply to locksmiths that engage in unauthorized duplication (if they find out). Similarly, the manufacturers will use patent laws to block sale of 3rd party key blanks.
You can still get unauthorized copies made, but it's more difficult. The higher end manufacturers part-key the key blanks to a locksmith's unique code (using difficult to copy modifications - e.g. holes drilled to a specific depth along the length of the key, or curves engraved on the side of the key); a locksmith can only obtain blanks to duplicate keys that he himself sold, making it much easier to trace unauthorized duplication.
Actually, you can copy "do not duplicate" keys (Score:2)
Re: (Score:2)
Physically different? Because it is physically impossible for an individual to get a key blank and imprint "DO NOT DUPLICATE" on it using a stamp?
Wait, that was ha
Re: (Score:3)
SOME "do not duplicate" keys are like that - but they're a minority because they're expensive and a PITA to manage (like most proprietary systems). Many
Re: (Score:2)
Re: (Score:2)
My local Walmart has a key-making machine. Last year, I made myself a duplicate of a key that had "Do Not Duplicate" stamped on it. The new key works perfectly fine. No, machines don't (and can't) check if they keys are marked "Do Not Duplicate". And, yes, these machines have been around a while.
Re: (Score:2)
where a human looks at a picture of the key to see if it's marked "do not duplicate"
Even at places where a human dups the key; there is no checking if it's marked "do not duplicate". They want your business, and there is no law against duplicating a key just because it's marked do not dup.
You don't even have to explain yourself or anything --- as long as they can duplicate it they will. They want your business, and they want you to be a satisfied customer.
Unless the keyway is restricted; and theref
Re: (Score:3)
The reason is because if it doesn't use your name or physical location or similar then you have to remember some kind of login that you'll probably never use again,
Or, you could actually RTFA: (You had time to type all that you could have read the article in less time)
KeyMe employs high-level encryption and doesn’t store addresses or any other data that can match the key information with a location. Logging into your account requires fingerprint authentication.
Re: (Score:2)
I have gotten copies of "Do Not Duplicate" keys made many times at places ranging from Walmart, to hardware stores, to a professional locksmith shop.
NEVER ONCE did anybody even ask about it.
Re: (Score:2)
If you happen to have a normal house key marked "Do Not Duplicate", and you really want to duplicate it anyway, ten minutes with some sandpaper will take care of that problem, and then any random locksmith will do.
You can stamp any key with "Do not DUP"; there's actually an inexpensive tool for stamping a key with that. And "Do not dup" is frequently used by businesses, even with many off-the-shelf key blanks.
Furthermore. The message is advisory to the holder of the key. The hardware store, wa
Burglary Convenience? (Score:4, Interesting)
Now we can't even trust the babysitter to grab a Slurpee down the street...
I can only see this inspiring people with shifty morals to try something new because it's now more convenient. Good thing car keys are more complex these days.
Re: (Score:2)
Now we can't even trust the babysitter to grab a Slurpee down the street...
Well, you never could anyway. A clay impression can be made without even leaving the apartment.
Re: (Score:2)
They could always do that. It is that just now their is a digital footprint if they do it.
Re: (Score:2)
My bad. This is a key & security thread. The Farkers can make a similar thread, and then take discussion in their own direction, on their own website.
Re: (Score:2)
There are non-destructive techniques which open almost any ordinary door in seconds without a matching key.
It took me one evening with a Dremel and some scrap metal to make my own set of lock picks AND learn how to use them. That includes the time I spent on Google.
Re: (Score:3)
Consumer locks are shitty anyway (Score:2)
The lock companies only use so many potential combinations anyway.
I'm betting they won't be able to reproduce a 7 tumbler Best key with the "do not duplicate" stamped on it.
Re: (Score:3)
And yet the work just fine for the intended purpose.
If people want in, no amount of tumblers will prevent it.
Re: (Score:2)
Already easy to steal keys this way (Score:3)
Re: (Score:3)
Re: (Score:2)
I've done it using a triangular file. It's not a perfect copy but it opens the lock.
I don't really understand why you'd want to replace a lost key though. If the key is lost anybody could have it and open your lock in your absence. The sane and safe solution is to replace the lock.
Car repair (Score:2)
Re: (Score:3)
Aww.... That's so cute....
He actually thinks a lock and key can stop someone from getting in...
Re: (Score:2)
I don't think he does.
But bear in mind that "forced entry" is pretty much a requirement of any insurance payout. If someone BREAKS in, no matter how minor the method they use, you get paid from your house insurance.
If someone uses a key, or a copy of a key, and walks in without breaking anything - then you get precisely zip.
We all know that cars and houses aren't "secure", nobody wants to live in Fort Knox. The point of a key is to increase the time it would take to enter the premises without forcing entr
Three million lockouts/year in NYC? (Score:3)
Also, virtually all Manhattan residents live in apartment buildings, so they need to get though two locked doors; the front door to the building and the door to their actual apartment. Pretty much all buildings use a lock/key that can't be (easily) copied (Mul-T-Lock or similar) for the front door, so unless you're going to break into your own lobby, you're still up the creek. And if you live in a building with a doorman or live-in superintendent, they frequently have access to a copy of your key.
I don't see this catching on in a big way.
Re: (Score:2)
Maybe not in the scenario you describe.....
But that just means that NYC is a "special case". This would be a GREAT service in the vast majority of the country.
(And, yes, NYC is a special case, in the sense that it's filled with idiots who think they're "special". Probably tied with LA for idiocy.)
Re: (Score:2)
Most of us would learn after the first time to put on the overwear so as to cover the underweear.
I left the digital copy in my house. (Score:2)
"Expectation of Privacy" (Score:2)
I wonder - does providing a third party with a digital copy of your key remove the "expectation of privacy" for law enforcement in the same way as using a digital messaging service (ie, email) does?
That is, I wonder if this will open the doorway to police in the US saying "Oh, well the defendant left their key readout with this company, which as a third party destroys their expectation of privacy to their locks, therefore we had the right to subpoena the key and then search the premises it unlocks".
Re: (Score:2)
More importantly - what does it do for your house insurance premium.
I'm pretty sure that I just "left a copy of my key" with even a key-smith, and the insurance company found out, they wouldn't be happy to pay out in future.
More important than anything in this article though (in the EU, they probably wouldn't be allowed to store the image, even with your permission, and that just turns it into a more-reliable key-cutting service), is 3D printers.
Just how hard is it to copy a modern key on a 3D printer nowad
Re: (Score:2)
But If you know where someone lives and that they have used the system, all it takes is a fingerprint.
I'm sure you could find a dozens sites on the web describing how to make a slip-on fingerprint from
finger print image.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Honestly, that's the absolute least concerning thing here.
If the Government wants into your house, they have people specifically trained to do that who will probably have your lock picked faster than you can open it yourself with the key.