Anyone Can Copy Your Building Key! - U2 Feedback

Go Back   U2 Feedback > Lypton Village > Lemonade Stand > Lemonade Stand Archive
Thread Tools Search this Thread Display Modes
Old 01-23-2003, 11:07 AM   #1
love, blood, life
HelloAngel's Avatar
Join Date: Sep 2001
Location: new york city
Posts: 14,534
Local Time: 08:36 PM
Anyone Can Copy Your Building Key!

Master Key Copying Revealed

A security researcher has revealed a little-known vulnerability in many locks that lets a person create a copy of the master key for an entire building by starting with any key from that building.

The researcher, Matt Blaze of AT&T Labs-Research, found the vulnerability by applying his area of expertise — the security flaws that allow hackers to break into computer networks — to the real-world locks and keys that have been used for more than a century in office buildings, college campuses and some residential complexes.

The attack described by Mr. Blaze, which is known by some locksmiths, leaves no evidence of tampering. It can be used without resorting to removing the lock and taking it apart or other suspicious behavior that can give away ordinary lock pickers.

All that is needed, Mr. Blaze wrote, is access to a key and to the lock that it opens, as well as a small number of uncut key blanks and a tool to cut them to the proper shape. No special skills or tools are required; key-cutting machines costing hundreds of dollars apiece make the task easier, but the same results can be achieved with a simple metal file.

After testing the technique repeatedly against the hardware from major lock companies, Mr. Blaze wrote, "it required only a few minutes to carry out, even when using a file to cut the keys."

AT&T decided that the risk of abuse of the information was great, so it has taken the unusual step of posting an alert to law enforcement agencies nationwide. The alert describes the technique and the possible defenses against it, though the company warns that no simple solution exists.

The paper, which Mr. Blaze has submitted for publication in a computer security journal, has troubled security experts who have seen it. Marc Weber Tobias, a locks expert who works as a security consultant to law enforcement agencies, said he was rewriting his police guide to locks and lock-picking because of the paper. He said the technique could open doors worldwide for criminals and terrorists. "I view the problem as pretty serious," he said, adding that the technique was so simple, "an idiot could do it."

The technique is not news to locksmiths, said Lloyd Seliber, the head instructor of master-key classes for Schlage, a lock company that is part of Ingersoll-Rand. He said he even taught the technique, which he calls decoding, in his training program for locksmiths.

"This has been true for 150 years," Mr. Seliber said.

Variations on the decoding technique have also been mentioned in passing in locksmith trade journals, but usually as a way for locksmiths to replace a lost master key and not as a security risk.

When told that Mr. Seliber taught the technique to his students, Mr. Tobias said: "He may teach it, but it's new in the security industry. Security managers don't know about it."

In the paper, Mr. Blaze applies the principles of cryptanalysis, ordinarily used to break secret codes, to the analysis of mechanical lock designs. He describes a logical, deductive approach to learning the shape of a master key by building on clues provided by the key in hand — an approach that cryptanalysts call an oracle attack. The technique narrows the number of tries that would be necessary to discover a master-key configuration to only dozens of attempts, not the thousands of blind tries that would otherwise be necessary.

The research paper might seem an odd choice of topics for a computer scientist, but Mr. Blaze noted that in his role as a security researcher for AT&T Labs, he examined issues that went to the heart of business security wherever they arose, whether in the digital world or the world of steel and brass.

Since publishing Mr. Blaze's technique could lead to an increase in thefts and other crimes, it presented an ethical quandary for him and for AT&T Labs — the kind of quandary that must also be confronted whenever new security holes are discovered in computing.

"There's no way to warn the good guys without also alerting the bad guys," Mr. Blaze said. "If there were, then it would be much simpler — we would just tell the good guys."

Publishing a paper about vulnerable locks, however, presented greater challenges than a paper on computer flaws.

To read the rest of the article, visit:

HelloAngel is offline  
Old 01-24-2003, 11:20 AM   #2
Rock n' Roll Doggie
Join Date: Nov 2001
Posts: 8,800
Local Time: 02:36 AM

FallingStar is offline  
Old 01-24-2003, 11:34 AM   #3
Rock n' Roll Doggie
ghetofabu's Avatar
Join Date: Mar 2002
Location: The Kitchen
Posts: 4,038
Local Time: 06:36 PM
um ok. not like I felt safe before but DAMN!
ghetofabu is offline  
Old 01-24-2003, 11:37 AM   #4
you are what you is
Salome's Avatar
Join Date: Jul 2000
Location: last fm
Posts: 21,854
Local Time: 02:36 AM
Originally posted by HelloAngel
All that is needed, Mr. Blaze wrote, is access to a key and to the lock that it opens
umm, that's why I usually don't hand out my key to every passing stranger
β€œSome scientists claim that hydrogen, because it is so plentiful, is the basic building block of the universe. I dispute that. I say there is more stupidity than hydrogen, and that is the basic building block of the universe.”
~Frank Zappa
Salome is offline  
Old 01-24-2003, 01:52 PM   #5
Rock n' Roll Doggie
MonaVox's Avatar
Join Date: Jun 2002
Location: Brooklyn, NY
Posts: 3,460
Local Time: 07:36 PM
Originally posted by Salome
umm, that's why I usually don't hand out my key to every passing stranger
Yeah, why would anyone get the opportunity to copy it?
MonaVox is offline  
Old 01-24-2003, 02:23 PM   #6
An Angel In Devil's Shoes
ABEL's Avatar
Join Date: Jan 2001
Location: Netherlands
Posts: 18,844
Local Time: 06:36 PM
ABEL is offline  
Old 01-24-2003, 02:59 PM   #7
Blue Crack Addict
nbcrusader's Avatar
Join Date: Aug 2002
Location: Southern California
Posts: 22,070
Local Time: 05:36 PM
Re: Anyone Can Copy Your Building Key!

Originally posted by HelloAngel
All that is needed, Mr. Blaze wrote, is access to a key and to the lock that it opens
A self-fulfilling prophecy

nbcrusader is offline  

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

All times are GMT -5. The time now is 07:36 PM.

Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Design, images and all things inclusive copyright Β©