×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Shrinky Dinks As a Threat To National Security

timothy posted more than 5 years ago | from the silly-putty-now-public-enemy-No.-2 dept.

Security 257

InflammatoryHeadlineGuy writes "What do Shrinky Dinks, credit cards and paperclips have in common? They can all be used to duplicate the keys to Medeco 'high-security' locks that protect the White House, the Pentagon, embassies, and many other sensitive locations. The attack was demonstrated at Defcon by Marc Weber Tobias and involves getting a picture of the key, then printing it out and cutting plastic to match — both credit cards and Shrinky Dinks plastic are recommended. The paperclip then pushes aside a slider deep in the keyway, while the plastic cut-out lifts the pins. They were able to open an example lock in about six seconds. The only solution seems to be to ensure that your security systems are layered, so that attackers are stopped by other means even if they manage to duplicate your keys."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

257 comments

Then I am not a threat to national security (0)

Anonymous Coward | more than 5 years ago | (#24541457)

Awesome.

More power to Homeland Security (5, Funny)

daveime (1253762) | more than 5 years ago | (#24541487)

So now they'll not just confiscate my laptop when I arrive in the US, they'll also pinch my paperclips and credit cards ?

Re:More power to Homeland Security (5, Funny)

david@ecsd.com (45841) | more than 5 years ago | (#24541701)

Just hope that they don't confiscate your "shrinky dink."

Thank you, I'll be here all week.

Re:More power to Homeland Security (2, Funny)

Anonymous Coward | more than 5 years ago | (#24541929)

So now they'll not just confiscate my laptop when I arrive in the US, they'll also pinch my paperclips and credit cards ?

Everyone with a credit card is now considered a potential terrorist and will be added to the "do not fly" list.

Is this surprising? (5, Insightful)

MagdJTK (1275470) | more than 5 years ago | (#24541493)

While using credit cards and shrinky dink plastic is clever, is this story particularly surprising? The article states that a photo of the key in question is required. If I asked the average man on the street if it was possible to replicate a key from a photo of it if you were sufficiently determined, I'd imagine they would say yes.

Re:Is this surprising? (1, Informative)

Darkness404 (1287218) | more than 5 years ago | (#24541607)

Exactly. Just as with a picture of a password I can get into anyone's account no matter if it is encrypted in a scheme that will take 1000000 computers with 1000 core CPUs running at 239243432 Ghz, 100000 years to break.

Re:Is this surprising? (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#24541757)

Exactly. Just as with a picture of a password I can get into anyone's account no matter if it is encrypted in a scheme that will take 1000000 computers with 1000 core CPUs running at .239 exahertz, 100000 years to break.

There, fixed that for you.

Re:Is this surprising? (5, Insightful)

postbigbang (761081) | more than 5 years ago | (#24541787)

Fool.

Look at the keypad. The numbers will be worn down. Look to see if it's an even wear, that means there are more than a few combos that work, but usually it's only one or two that are commonly shared.

Then look for the most worn, with the most dirt-- it's the first number. Elminate the clean bright keys from the pool. Eliminate zero and one; the remaining pool has the combination. It's probably just four numbers, could be five.

Now take your Timex/Sinclair and do the math.

Re:Is this surprising? (4, Interesting)

Anonymous Coward | more than 5 years ago | (#24542045)

There exist keypads that are clear with LED displays behind... they scramble, and display numbers beneath the keys when activated. No patterns.

Re:Is this surprising? (5, Informative)

closetpsycho (1175221) | more than 5 years ago | (#24542055)

Most modern keypad locks like what you're thinking of actually randomize the layout of the keypad. So looking for the more worn keys is an exercise in futility.

Re:Is this surprising? (2, Informative)

postbigbang (761081) | more than 5 years ago | (#24542227)

Many of the ones I've seen in airports, banks, NOCs, etc., still have the older ones. Much can be learned just by watching the finger movements as no one covers them up, just like few people mind using CC machines that don't hide your hand movements when entering one's PIN.

Those that randomize the layout of the keypad seem onerous. But they're not. Combos, like hand print and keypad are much tougher.

To get around them you need to take the door handle and jar it a bit, smearing it with greasy stuff just before it's used by someone with access. Their fingerprints will be all over the pad. It's easy to lift them, then latex them if you're really into that sort of thing.

Randomizing keypads take more stealth. Leave a short-haul cam nearby focused on the pad. Have an associate verify the focus via bluetooth whilst waiting in your secret van. Or use nice binoculars as most organizations don't think of hiding the keypads very well. A little battery-operated 'sticky' cam works wonders. Create a distraction whilst positioning it. Don't forget your fake hippie beard.

Re:Is this surprising? (0)

Anonymous Coward | more than 5 years ago | (#24542289)

Eliminate zero and one

Well, then you won't get my pass code.

Re:Is this surprising? (1)

postbigbang (761081) | more than 5 years ago | (#24542325)

In retrospect, I meant to say 0 or 1 as starting numbers. Rare to do that. 456 are the most frequent starters, but not always so.

Re:Is this surprising? (4, Funny)

Spy der Mann (805235) | more than 5 years ago | (#24542353)

Elminate the clean bright keys from the pool. Eliminate zero and one; the remaining pool has the combination. It's probably just four numbers, could be five.

Now take your Timex/Sinclair and do the math.

Let' see... *taps madly into his Timex/Sinclair*

And the result is...

12345

Re:Is this surprising? (1)

jcr (53032) | more than 5 years ago | (#24542359)

Look at the keypad. The numbers will be worn down.

That works if there's only one code for entry. Every place I've worked that used keypads for entry has assigned a different code to each authorized person.

-jcr

Re:Is this surprising? -- No. (5, Interesting)

Anonymous Coward | more than 5 years ago | (#24541707)

My granddad was a blacksmith who taught his trade to young crims at a borstal in the 1950s. One of them showed how he could open a Yale lock in about 30 seconds. He needed whatever plastic was equivalent to a credit card way back then, and a cigarette. He could feel the piston movement and burn the height into the plastic. No photos needed. The young crims summary: "Locks is to keep honest people out, boss."

In a sense, a moderately good lock that is all that is needed. I'd agree with the article that the objective is to remove a defense of accidentally straying. The next layer of entrapment is the real one.

Re:Is this surprising? (3, Insightful)

antirelic (1030688) | more than 5 years ago | (#24541995)

Any single defensive measure on its own is irrelevant. This was proven very clearly during the early days of WWII when the Volkesgrenadiers over ran the impressive, but unmanned defensive positions in Belgium. The same principles of security hold true today as they did 50 years ago. Any defensive mechanism that is not reinforced via a secondary defensive measure is easily defeated.

The real story is this is story worth discussing.

Re:Is this surprising? (2, Insightful)

Lemming Mark (849014) | more than 5 years ago | (#24542035)

Yes, it's not entirely surprising. However, it is a little surprising since this is a rather expensive high security lock with a more complicated key. I guess you could reasonably hope you'd at least need physical access to a key to a high security lock in order to copy it successfully, rather than just seeing it long enough to snap a picture. I understood that for at least some of the locks there was a key control system that meant that simply copying the strangely-shaped teeth of the key was not enough. However, the addition of a paperclip down one side of the lock was enough to solve that problem :-(

Re:Is this surprising? (1)

dragonturtle69 (1002892) | more than 5 years ago | (#24542071)

No, this is not surprising in the slightest.

In 1994 I purchased a Mercury Tracer which had a spare key included in the owner's manual, contained within a credit card shaped plastic sheet. The idea was that this would be your backup key if you locked yourself out of the car, and you had it on you instead of in the owner's manual. It did work to open the door locks.

The statement in the article that no one has ever looked at using plastic for a key is incorrect.

Re:Is this surprising? (1)

jcr (53032) | more than 5 years ago | (#24542381)

The California AAA also makes plastic duplicate keys for its members.

-jcr

Re:Is this surprising? (1)

FatdogHaiku (978357) | more than 5 years ago | (#24542211)

I can remember seeing some Medeco keys when I was working at a construction site. The cut edges of the keys teeth beveled front to back and side to side. I did not see the tumblers of a lock, so I never got to verify that the tumblers needed that double slope to make the pins line up, or if there was some other reason... Now I wonder if it was just to keep people from making copies on a standard key duplicator. If the tumbler strikes the center of the cross key slope to line up, then a duplicated key would not work as it would follow the highest point on the keys teeth. using a thin plastic tooth pattern would work because it could be moved up and down to catch all the tumblers. This would be even easier on a normal key.

Re:Is this surprising? (1)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#24542281)

It should be noted that one of the major selling points of the Medeco locks is that, through some mixture of technological and legal means, Medeco is quite aggressive about restricting access to key duplication blanks. It isn't a giant surprise that a sufficiently good picture can be turned into a key; but it is relevant when one of the major features of this type of lock was good key management.

the actual threath (3, Insightful)

fractic (1178341) | more than 5 years ago | (#24541511)

Now what is the actual threath? Shrinky dink or easily duplicated keys?

Re:the actual threath (0)

Anonymous Coward | more than 5 years ago | (#24541575)

It's Halloween already?

Threat or Treat!

Re:the actual threath (1)

Tycho (11893) | more than 5 years ago | (#24541879)

The real threat is credit cards. And in so many more ways than you might think.

Re:the actual threath (1)

Spy der Mann (805235) | more than 5 years ago | (#24542367)

The real threat is credit cards. And in so many more ways than you might think.

My credit card is a registered melee weapon. STAY AWAY!

Re:the actual threath (3, Funny)

cheater512 (783349) | more than 5 years ago | (#24541971)

Shrinky dink of course!
It must be banned to protect national security!
Visa cards as well.

Hmm a idea.

I am a Visa card confiscator from the NSA. Can I please have your card?

Re:the actual threath (1)

Secrity (742221) | more than 5 years ago | (#24542051)

Digital cameras and printers are the real threats. If they didn't have digital cameras they would have to take the film to Wall-Mart to get it developed and the photo lab techs will notify law enforcement if they see somebody with pictures of Medeco keys.

Re:the actual threath (1)

Dun Malg (230075) | more than 5 years ago | (#24542295)

Digital cameras and printers are the real threats. If they didn't have digital cameras they would have to take the film to Wall-Mart to get it developed and the photo lab techs will notify law enforcement if they see somebody with pictures of Medeco keys.

Please. Unless the keys were being held by naked kids, the film techs at Wal-Mart couldn't give two shits.

3-d printers? (4, Interesting)

LM741N (258038) | more than 5 years ago | (#24541513)

I bet those new 3-D type printers could perform the same thing without using razor blades and such. In fact, you could probably make a computer program to transfer from images to the final "printout."

Re:3-d printers? (2, Insightful)

tshetter (854143) | more than 5 years ago | (#24541705)

The interesting part is that you dont need very high quality scans or multiple images of an object to replicate the object in 3D.

You only need a fairly good image of a Medeco key and you can then cut a blank easily.

These Medeco keys are just like normal house/car keys, except they have variable slopes and spacing between peaks and troughs. Trying to cut those with normal tools would be very hard...but having a scale image to cut with an exacto knife is simple as pie.

The hardest thing about coping those Medeco keys was the difficulty in cutting the angles and the proper spacing. Now that is easy.

Open Source Intel/Security wins again.

Re:3-d printers? (4, Informative)

pimpimpim (811140) | more than 5 years ago | (#24541815)

3D printers create by default quite brittle objects, as it is lots of little dots of plastic glued together. To get a resistant plastic copy you should make a mold and then compress plastic inside of it. The forces on a key when turning can be quite high, that's why also thin sheet metal doesn't work here. Credit cards however can resist bending forces quite well. I've never seen a shrinky dink but I guess it's the same story.

Re:3-d printers? (1)

Legion303 (97901) | more than 5 years ago | (#24542175)

No, GP's post was very interesting. If a 3D scanner-fab unit churned out a copy, the plug could be easily turned with a tension wrench.

Is it just me (1)

zappepcs (820751) | more than 5 years ago | (#24541515)

Or are there others seeing the humor in finding out the Whitehouse and Pentagon are protected by such easily defeated locks?

Layered security indeed! I bet that had to put shivers down the spine of some security people. I wonder what the budget is for locks at the Whitehouse?

There is nothing like a good idea that is too trusted. Ex: Where I work, the IT guys thought it smart to map a couple of drives for everyone (against my better judgment) and guess what found it's way across those drive mappings? Yep, a virus. What saved me was using the Engineering VPN instead of the normal server.

Does anyone know if MWT has been declared a terrorist yet?

Re:Is it just me (5, Insightful)

Dachannien (617929) | more than 5 years ago | (#24541667)

Layered security indeed!

Maybe these locks aren't all that, but it's the Secret Service agents capping you in the head that you really have to worry about.

Getting the key picture, is the key to success (4, Funny)

Nymz (905908) | more than 5 years ago | (#24541523)

I suppose if I had a picture of someone's login and password, I might be able to deftly hack into their computer.

Re:Getting the key picture, is the key to success (5, Funny)

Anonymous Coward | more than 5 years ago | (#24541599)

Sure, if their password is *******.

Re:Getting the key picture, is the key to success (2, Informative)

Minwee (522556) | more than 5 years ago | (#24541717)

And, if you had been sold an $18 billion login system that was absolutely guaranteed to be unbreakable to anyone who wasn't directly issued the original login and password, then you might be a little surprised at how easy that was.

Which brings us back to the FA. We're not talking about a $10 lock from the hardware store here, these are "high security" locks that are supposed to have keys that cannot ever be copied unless you have the original key codes that were used to key the lock.

Re:Getting the key picture, is the key to success (1)

Firehed (942385) | more than 5 years ago | (#24541813)

Well FFS, a lot of cars these days have a little RFID tag embedded in the key's handle bit so that an unofficial copy will trip the alarm. You think Washington, DC of all places could figure out how to implement that kind of system. Maybe they don't have the budget to spend $40 and three days on a replacement key :/

Re:Getting the key picture, is the key to success (2, Informative)

rfuilrez (1213562) | more than 5 years ago | (#24542043)

They don't set off the alarm. The computer in the car just decides not to put fuel or spark to the cylinders. Unless it's some aftermarket system. OEM doesn't do that.

Re:Getting the key picture, is the key to success (1)

John Hasler (414242) | more than 5 years ago | (#24542061)

What makes you think that they have no backup security? Even the Slashdot article did not imply that Medeco locks were all that protected the Whitehouse and the Pentagon.

Re:Getting the key picture, is the key to success (3, Funny)

cheater512 (783349) | more than 5 years ago | (#24542079)

Yep. Those little RFID tags are really good since you cant copy them. .....SHIT!!!!

Re:Getting the key picture, is the key to success (1)

Mr. Vage (1084371) | more than 5 years ago | (#24542299)

What if the tip of the key was a switch that activated an RFID mechanism? That way, the RFID would only be transmitting when the key is inserted into the lock.

Re:Getting the key picture, is the key to success (2, Insightful)

rcw-home (122017) | more than 5 years ago | (#24542273)

And, if you had been sold an $18 billion login system that was absolutely guaranteed to be unbreakable to anyone who wasn't directly issued the original login and password, then...

I'd eventually be asking for my $18 billion back.

Security professionals (and Slashdot readers) should be very familiar with two truisms: it can always be broken and it can always be copied. If you claim otherwise, you are selling something.

I know locksmith friends who can stare at a key and read the pinning combination off of it (and if they read enough of them, can deduce the master combination). For the rest of us, a key will make a great imprint on a wet bar of soap. And a locked door (just like a safe) can only ever be counted on to delay someone for a certain amount of time, never to keep them out entirely - whether they can turn the lock or not.

Sorry about that, Chief (1, Funny)

Anonymous Coward | more than 5 years ago | (#24541527)

The only solution seems to be to ensure that your security systems are layered, so that attackers are stopped by other means

Maybe the White House and Pentagon need to have a look at the opening theme sequence to "Get Smart".

The picture heading TFA.. (0)

Anonymous Coward | more than 5 years ago | (#24541529)

.. is also clear evidence against certain racial stereotypes ..

vivace (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24541539)

swok brill anus grpeao sllcsoa 72wyhdn knNK jadp sh8uqw anus hf9owenlj 7ywuihkjn kdms.a aNUS fsdi nknujihukrnwq nnfsan fsn,,nn,n,n, fsay7xychs fsiufgrggfd ,d tgdtgdr tew r- u90--9 ite anus.

Re:vivace (0)

Anonymous Coward | more than 5 years ago | (#24542177)

I counted the word "anus" 3 times. Does that make me gay?

This just like how the mythbusters got past other. (1)

Joe The Dragon (967727) | more than 5 years ago | (#24541573)

This just like how the mythbusters got past other high tech locks.

Re:This just like how the mythbusters got past oth (0)

Anonymous Coward | more than 5 years ago | (#24541669)

MacGuyver would be able to get past every layer of security with the same items.

Re:This just like how the mythbusters got past oth (3, Insightful)

Firehed (942385) | more than 5 years ago | (#24541837)

They also had Kari wander around in a giant fluffy bird suit to get past those ultrasonic sensors, IIRC. It's not exactly practical, but it makes for great TV. I'm sure the trial of whoever tries that in DC will be equally amusing.

Re:This just like how the mythbusters got past oth (1)

cheater512 (783349) | more than 5 years ago | (#24542103)

Actually it was a fluffy rug that was converted in to a bird suit. ;)

Re:This just like how the mythbusters got past oth (2, Informative)

Anonymous Coward | more than 5 years ago | (#24542305)

IIRC, the fluffy bird suit didn't work.

A simple sheet held up in front of her did.

Not news... (3, Informative)

russotto (537200) | more than 5 years ago | (#24541623)

If you have a picture of a key, you can generally duplicate it well enough to work in metal (easier if you have a blank, but not necessary). It's not the shrinky-dink that matters. Cutting a key by sight based on a key sitting on the seat of an car is apparently a useful skill for locksmiths.

Re:Not news... (1)

Rachel Lucid (964267) | more than 5 years ago | (#24541673)

In other news, TWH and other places of national security are underprotected because they've not bothered to back their keys up with a secondary system, yes?

Makes sense.

Re:Not news... (1)

John Hasler (414242) | more than 5 years ago | (#24542075)

Where did you read that?

Re:Not news... (1)

Rachel Lucid (964267) | more than 5 years ago | (#24542171)

Didn't, but I think we can safely assume that if we're talking about how easy it is to hack into the place because of a single key, we're talking something that needs a secondary system of authentication (RFID in the keys? A second key? A dongle?) to secure itself.

Here's what I don't get... (5, Interesting)

NeutronCowboy (896098) | more than 5 years ago | (#24541847)

20 years ago, my house used to have a 3D-key - in other words, it had teeth all-around its central axis. Why? Because it is much harder to manipulate the tumblers that way. Not to mention that just photocopying the key won't work - or won't work as easily.

I'm surprised a high-security key has its teeth still on a line.

Re:Not news... (2, Insightful)

iceyone (123598) | more than 5 years ago | (#24541863)

It *is* the shrinky dink that matters. You can't cut a duplicate Medeco key in metal. Medeco key teeth have an angular component. They are 3 dimensional keys, whereas your usual kwikset or schlage lock are 2 dimensional.

The tumblers in a Medeco lock require some rotation to unlock, as well as vertical lift. That's why this hack is so clever - the shrinky dink or plastic can twist as you jam them into the lock and push up with the backing spline.

Until this, Medeco locks were considered to be uncrackable.

Re:Not news... (4, Insightful)

russotto (537200) | more than 5 years ago | (#24541915)

Of course you can duplicate a Medeco key in metal; Medeco keys are made of metal in the first place. Key control means you can't get the proper blanks from any legitimate source, but it's still a fairly simple hunk of metal.

Medeco locks were never considered "uncrackable". Medeco has claimed they're unpickable, but I think only the Biaxial remains unpicked. But picking is an attack that doesn't require knowledge of the key.

Re:Not news... (0, Troll)

iceyone (123598) | more than 5 years ago | (#24541969)

Ugh, you can't copy Medico keys in metal without access to the special blanks.

I knew as soon as I hit submit, someone was going to be anal with the "OF COURSE THE KEYS R METAL LOL LOL LOL"

Re:Not news... (0)

Anonymous Coward | more than 5 years ago | (#24542193)

Yeah, because machining arbitrary metal shapes is just oh so impractical...

Re:Not news... (1)

Dun Malg (230075) | more than 5 years ago | (#24542373)

Ugh, you can't copy Medico keys in metal without access to the special blanks.

Nonsense. Medeco key blanks, you just can't buy them from a key blank manufacturer, that's all. Any locksmith with skill in the art can make a usable Medeco blank without much difficulty. I've done it myself. I ran off a dozen unauthorized copies of a G3 Biaxial padlock key for the local station fire chief after he couldn't get his bosses to get hem more than the ONE they issued. Putting longitudinal grooves in a piece of brass isn't rocket science.

Re:Not news... (1)

eosp (885380) | more than 5 years ago | (#24542181)

Assa (same company, different brand however) are also unpicked, at least in competition. But they have two rows totaling 13 pins.

They protect the White House? (2, Insightful)

david@ecsd.com (45841) | more than 5 years ago | (#24541689)

Silly me, I thought that men with guns protect the White House.

Re:They protect the White House? (3, Funny)

ColdWetDog (752185) | more than 5 years ago | (#24541831)

Silly me, I thought that men with guns protect the White House.

Wrong again, Dave. It's sharks with lasers. Everyone knows that.

Old school method... (0)

Anonymous Coward | more than 5 years ago | (#24541733)

I was a teacher at a secondary school in West Africa. For the most part my students were amazing kids with more motivation than I've ever seen in a stateside school. But like everywhere else there were a few kids not on the right track.

One of them, it turns out, was a thief. He'd come over my place and sweep around my little bungalow, clean, cook, etc (culturally pretty standard stuff for a student to do for his teachers there). Then I started noticing things missing -- books, paper, pens, money.. Eventually I caught him red handed but couldn't figure out how he got in my place when I was away -- I never gave him my keys or anything so there's no way he could have time to go the 30 min into town, wait an hour to get it copied and return the key to me, and I always was around when he was inside.

One thing he did for me was my laundry. He brought his own soap. It turns out he made impressions of my keys in the soap and used them to make a working key. Pretty clever...

Wasn't this done w/ Diebold? (4, Interesting)

mikesd81 (518581) | more than 5 years ago | (#24541745)

Brad Blog has this story [bradblog.com] from when Diebold had a picture of their key on their corporate website back in January 2007. Diebold's since replaced the picture. There's a video of the key in action @ the link I just posted.

Put the threat where really is (1, Insightful)

gmuslera (3436) | more than 5 years ago | (#24541821)

if they are so easy to break, then the threat is the security people that choose it for so critical places.

Photography Backlash (0)

Anonymous Coward | more than 5 years ago | (#24541825)

So does this mean we'll see greater restrictions on photography around sensitive buildings? (As if security guards weren't paranoid enough about people with cameras.)

It seems to me that you could get a few hi-res snaps of a security guard's keyring, head back to the lair, and come back at night with a usable key. Of course, nobody is likely to actually do that, but now that the concept has been proven, I'd expect even greater rent-a-cop harassment of photographers around government buildings.

BFD (5, Interesting)

Dun Malg (230075) | more than 5 years ago | (#24541869)

Shrinky dinks? Paper clips? Gimme a break. I can duplicate a Medeco key blank with a piece of brass stock and a dremel tool, then cut a perfect key from a photocopy using my HPC Blitz [hpcworld.com] . There's nothing amazing about what this guy's done. Given the appropriate information (cut depths and angles) any medeco key can be duplicated without serious difficulty. Heck, that's the case with all mechanical key locks. I once showed the Medeco rep who came to my lock shop how I could duplicate a standard G3 Biaxial key using a slightly modified commonly available Rolls Royce key blank. He was understandably dismayed, but not surprised. There are two kinds of locksmiths in this world: 1) the kind like the guy quoted in the article who said "Your locksmith will tell you this is impossible", and 2) guys like me who will tell you "yeah, someone could make a key to that--- I've done it myself". Point is, you want to use a locksmith more like 2) than 1). The first guy will feed you the standard Medeco marketing bullshit about how "only we can make your keys" and convince you that equals security. The second guy will tell you key control is useful, but it's not relevant beyond its obvious purpose. There are really only two kinds of common break-ins: inside jobs and random burglaries. In the case of inside jobs, all the key control in the world won't matter because the perp has a key already. This key could have been given to them, taken out of a desk drawer, or otherwise acquired via lax internal key management. This makes up 99% of all break ins. The other 1% is burglaries by random opportunist perps taking advantage of a weakness, usually on the spur of the moment. Back doors propped open by people out for a smoke, simply walking in during business hours wearing a suit, etc. All this spy crap people have in their heads about about burglars picking locks and James Bonding into their houses is fantasy bullshit. Real burglars wait till you're not home and throw a brick through the window, or let themselves in with the key you gave the cleaning service. All this hoo-hah over making a medeco key with a credit card is total yawnsville, and if anyone thinks they can get into the white house with a shrinky dink key, they're totally on crack. The whit House has things like SECRET SERVICE AGENTS, and ALARM SYSTEMS because they know keys alone are not enough.

Re:BFD (1, Insightful)

Legion303 (97901) | more than 5 years ago | (#24542021)

"I can duplicate a Medeco key blank with a piece of brass stock and a dremel tool, then cut a perfect key from a photocopy using my HPC Blitz."

So?

Joe Crook can cut a Medeco bitting key out of an old grocery store coupon card and bypass the sidebar and slider in a few seconds without any need for a key machine or any particular skill. That's what the exploit is all about.

Re:BFD (5, Insightful)

Jeffrey Baker (6191) | more than 5 years ago | (#24542115)

Yeah I found it funny that the lamers in the write-up think the Pentagon is protected by Medeco locks. Sorry, no. The Pentagon is protected by men with rifles and grenades.

Re:BFD (1)

SilverJets (131916) | more than 5 years ago | (#24542331)

Agreed. The fact that they used a photograph of a key means that security already failed. How do you obtain a picture (to scale) of the key? You have access to the key. So the lock isn't the failure security and key control are the failures.

I wish Abloy PROTEC locks made it to the US sooner (5, Interesting)

mlts (1038732) | more than 5 years ago | (#24541895)

I don't know about Medeco 3, but one lock mechanism that was out in other countries for almost four years before making it to the US which is quite pick resistant is Abloy's PROTEC cylinder.

It uses no pins or springs, so bumping is useless. Vibrating the key isn't going to magically move the detainer disks into position. Picking it requires a different technique altogether than pin tumbler locks.

So far, if I recall right, the best picking record for PROTEC cylinders took over 10-11 hours.

Of course, if you want the best in anti pick protection, purchase either an Abloy or Mul-T-Lock Cliq lock. It has a pick resistant mechanical key, as well as a small chip and solenoid with a challenge/response system. If someone does make a key impression, it won't help much. However, for $500 a cylinder, its pricy.

Re:I wish Abloy PROTEC locks made it to the US soo (0)

Anonymous Coward | more than 5 years ago | (#24542141)

Another alternative is the Bilock. It's basically 2 cut keys in parallel. Supposedly bump proof as well. Not terribly expensive, about $150 for a double deadbolt. Duplication would not be easy at all, IMO. And the keys are proprietary, so your average joe wouldn't have access to blanks.

http://www.bilock.com/

Sure they can copy keys... (1, Funny)

Anonymous Coward | more than 5 years ago | (#24542039)

...but can they also repair shoes?

Door security key cards (2, Interesting)

Anonymous Coward | more than 5 years ago | (#24542041)

Most All door security keys cards drive a solenoid door strike .
The pro crooks or intruders don't bother with magnetic stripe cards , electronics, , encryption etc,they buy the system and drill a hole in the right place and operate the door strike Directly with a narrow screwdriver or fashioned shorting stripe or wad of tin foil , bypassing all of the electronics and all of the security.
Ironically , The better electronics is more precise making the drill and popping of the door solenoid that much faster and easier .

Normal or hacked card time to door open about 2 seconds
Drill and screwdriver about 10 seconds.

A similar thing was done in casinos to electronics in slot machines the crooks purchased a machine and screwed it over.
  A single metal piece of wire up into the machine at the right place and instant winner.
  Casinos have since changed the way the machines work and one can no longer buy the new machines as easily,and security looks out for anyone putting things up into the machines

Aluminum (1)

Xexos (890349) | more than 5 years ago | (#24542187)

I've been doing this for a while now with Aluminum from soda cans, but credit card plastic is a nice idea too

Not a huge threat (2, Informative)

Sniper98G (1078397) | more than 5 years ago | (#24542233)

This isn't the huge threat to national security that the article would have you believe. The government does not use key based lock systems to secure anything of real high priority. They use digital combination (X-09) locks to secure any information that is classified at secret level or higher. These keys are used in the white house and pentagon, but they are office keys not keys to places where someone could do dire harm to our nation.

Re:Not a huge threat (1)

db32 (862117) | more than 5 years ago | (#24542355)

Given the tremendous pain in the ass X09 locks are I am confident that it will keep threats out at LEAST as well as it keeps legitimate users out.

I hate America (0)

Anonymous Coward | more than 5 years ago | (#24542279)

Lameness filter encountered. Post aborted!

Secret Service... (5, Funny)

db32 (862117) | more than 5 years ago | (#24542329)

I would hate to be the Secret Service guy that has to tell the President he can't have his Shrinky Dinks anymore.

Yeah, Yeah -- The REAL Threat Is... (1)

webword (82711) | more than 5 years ago | (#24542341)

Technology is rarely the true threat to security. Likewise, security is rarely the key way to keep things secure.

The real threat is people using the toys, guns, or other tools. Yes, this is basically the "People kill people!" argument but it's true. If other nasty humans didn't want to hurt other humans security wouldn't exist.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...