Slashdot Mirror
AT&T Identifies Widespread Security Hole - In Locks
__roo writes "The New York Times has an article [free registration required] about a researcher at AT&T Labs Research who has discovered a little-known vulnerability in many locks that lets a person create a copy of the master key for an entire building by starting with any key from that building, and it requires little more than a file and a few key blanks."
For those that don't want to register, here's the full text:
Master Key Copying Revealed
By JOHN SCHWARTZ
A security researcher has revealed a little-known vulnerability in many locks that lets a person create a copy of the master key for an entire building by starting with any key from that building.
The researcher, Matt Blaze of AT&T Labs-Research, found the vulnerability by applying his area of expertise -- the security flaws that allow hackers to break into computer networks -- to the real-world locks and keys that have been used for more than a century in office buildings, college campuses and some residential complexes.
Advertisement
The attack described by Mr. Blaze, which is known by some locksmiths, leaves no evidence of tampering. It can be used without resorting to removing the lock and taking it apart or other suspicious behavior that can give away ordinary lock pickers.
All that is needed, Mr. Blaze wrote, is access to a key and to the lock that it opens, as well as a small number of uncut key blanks and a tool to cut them to the proper shape. No special skills or tools are required; key-cutting machines costing hundreds of dollars apiece make the task easier, but the same results can be achieved with a simple metal file.
After testing the technique repeatedly against the hardware from major lock companies, Mr. Blaze wrote, "it required only a few minutes to carry out, even when using a file to cut the keys."
AT&T decided that the risk of abuse of the information was great, so it has taken the unusual step of posting an alert to law enforcement agencies nationwide. The alert describes the technique and the possible defenses against it, though the company warns that no simple solution exists.
The paper, which Mr. Blaze has submitted for publication in a computer security journal, has troubled security experts who have seen it. Marc Weber Tobias, a locks expert who works as a security consultant to law enforcement agencies, said he was rewriting his police guide to locks and lock-picking because of the paper. He said the technique could open doors worldwide for criminals and terrorists. "I view the problem as pretty serious," he said, adding that the technique was so simple, "an idiot could do it."
The technique is not news to locksmiths, said Lloyd Seliber, the head instructor of master-key classes for Schlage, a lock company that is part of Ingersoll-Rand. He said he even taught the technique, which he calls decoding, in his training program for locksmiths.
"This has been true for 150 years," Mr. Seliber said.
Variations on the decoding technique have also been mentioned in passing in locksmith trade journals, but usually as a way for locksmiths to replace a lost master key and not as a security risk.
When told that Mr. Seliber taught the technique to his students, Mr. Tobias said: "He may teach it, but it's new in the security industry. Security managers don't know about it."
In the paper, Mr. Blaze applies the principles of cryptanalysis, ordinarily used to break secret codes, to the analysis of mechanical lock designs. He describes a logical, deductive approach to learning the shape of a master key by building on clues provided by the key in hand -- an approach that cryptanalysts call an oracle attack. The technique narrows the number of tries that would be necessary to discover a master-key configuration to only dozens of attempts, not the thousands of blind tries that would otherwise be necessary.
The research paper might seem an odd choice of topics for a computer scientist, but Mr. Blaze noted that in his role as a security researcher for AT&T Labs, he examined issues that went to the heart of business security wherever they arose, whether in the digital world or the world of steel and brass.
Since publishing Mr. Blaze's technique could lead to an increase in thefts and other crimes, it presented an ethical quandary for him and for AT&T Labs -- the kind of quandary that must also be confronted whenever new security holes are discovered in computing.
"There's no way to warn the good guys without also alerting the bad guys," Mr. Blaze said. "If there were, then it would be much simpler -- we would just tell the good guys."
Publishing a paper about vulnerable locks, however, presented greater challenges than a paper on computer flaws.
The Internet makes getting the word out to those who manage computer networks easy, and fixing a computer vulnerability is often as simple as downloading a software patch. Getting word out to the larger, more amorphous world of security officers and locksmiths is a more daunting task, and for the most part, locks must be changed mechanically, one by one.
Advertisement
But Mr. Blaze said the issue of whether to release information about a serious vulnerability almost inevitably came down to a decision in favor of publication.
"The real problem is there's no way of knowing whether the bad guys know about an attack," he said, so publication "puts the good guys and the bad guys on equal footing."
In this case, the information appears to have made its way already to the computer underground. The AT&T alert to law enforcement officials said that a prepublication version of the paper distributed privately by Mr. Blaze for review last fall had been leaked onto the Internet, though it has not been widely circulated.
"At this point we believe that it is no longer possible to keep the vulnerability secret and that more good than harm would now be done by warning the wider community," the company wrote.
There is evidence that others have chanced upon other versions of the technique over the years. Though it does not appear in resources like "The M.I.T. Guide to Lockpicking," a popular text available on the Internet, Mr. Blaze said, "several of the people I've described this to over the past few months brightened up and said they had come on part of this to make a master key to their college dorm."
Mr. Blaze acknowledged that he was only the first to publish a detailed look at the security flaw and the technique for exploiting it.
"I don't think I'm the first person to discover this attack, but I do think I'm the first person to work out all the details and write it down," he said. "Burglars are interested in committing burglary, not in publishing results or warning people."
Mr. Tobias, the author of "Locks, Safes and Security: An International Police Reference," said that the technique was most likely to be used by an insider -- someone with ready access to a key and a lock. But it could also be used, he said, by an outsider who simply went into a building and borrowed the key to a restroom.
He said he had tested Mr. Blaze's technique the way that he tests many of the techniques described in his book: he gave instructions and materials to a 15-year-old in his South Dakota town to try out. The teenager successfully made a master key.
In the alert, AT&T warned, "Unfortunately, at this time there is no simple or completely effective countermeasure that prevents exploitation of this vulnerability, short of replacing a master-keyed system with a nonmastered one."
The letter added, "Residential facilities and safety-critical or high-value environments are strongly urged to consider whether the risks of master keying outweigh the convenience benefits in light of this new vulnerability."
Other defenses could make it harder to create master keys.
Mr. Blaze said that owners of master-key systems could move to the less popular master-ring system, which allows a master key to operate the tumblers in a way that is not related to the individual keys. But that system has problems of its own, security experts say.
Mr. Blaze suggested that creating a fake master key could also be made more difficult by using locks for which key blanks are difficult to get, though even those blanks can be bought in many hardware stores and through the Internet.
But few institutions want to spend the money for robust security, said Mr. Seliber of Schlage. His company recommends to architects and builders that they take steps like those recommended by Mr. Blaze, measures that make it more difficult to cut extra keys -- like using systems that are protected by patents because their key blanks are somewhat harder to buy, Mr. Seliber said. Even though such measures would add only 1 to 2 percent to the cost of each door, builders were often told to take a cheaper route. He said that they were told, " `We're not worried about ninjas rappelling in from the roof stuff -- take it easy.' "
That is not news to Mr. Blaze, who said it was also a familiar refrain in the world of computer security. "As any computer security person knows," he said, "in a battle between convenience and security, convenience has a way of winning."
courtesy of Google News
How different is this from making an ordinary copy of a key
It is different because the method can be used to create a Master Key to an entire building (like every single door in a block of flats for instance) from a key that only opens one single door in the same building.
If you make a copy of the single key, you only get to open the single door.
The obvious problem that allows a lock to be an oracle is that the pins are independent of one another, so a "mixed" key that is partly master key and partly a normal key for that lock will open it. There presumably could exist a technical solution that needs only changes to the locks, and doesn't involve whacked-out Medeco[tm] patented key blanks with slanted cuts (although medeco may very well own related patents that would cover some aspects of the improved lock design). However, that solution would be mechanically somewhat difficult (there's a reason master keys are designed the way they are). Maybe there's a good business opportunity for "medium security" locks, but unless this attack becomes very widespread installations with a high theft risk may just start using electronic locks more. Not that many of those are that great except by significant degrees of obscurity -- I'm wondering how many independent parameters there actually are to this resonant-circuit proximity badge I got issued for access to a machine room...
Cryptographer Matt Blaze (of AT&T),previously known for cracking the backdoor of the vaunted 'clipper chip' has submitted a publication to the IEEE journal "Security and Privacy" which demonstates that given an ordinary building key (like your office key or one borrowed for the rest room) you can get 'root' access to the entire building (i.e. a master key) with no more that about 30 guesses and $2.00 at the hardware store, and typically much less than that.
The crack works on virtually all locks and was inpsired by parallels to cryptographic analysis, reducing the search from exponential to linear, and exploiting 'key" generation weaknesses. Virtually all master-key locks are vulnerable.
There is also a story on the front page of the nytimes covering police verification of the threat including giving the instructions to a 15 year old.
Some drink at the fountain of knowledge. Others just gargle.
That can be found here:i de.html
http://www.lysator.liu.se/mit-guide/mit-gu
The technique is very simple. Mr Blaze has only succeeded in reinventing the wheel. I discovered this on my own almost 40 years ago in high school.
All you need is a file, some key blanks, calipers or modified micrometers, a soldering iron, some solder, and a working key to any lock in the system.
Use the calipers to determine all possible legitimate key cut depths. A typical lock will have 5 or 6 tumbler columns. Each column will usually have 10 or fewer possible key cut depths. The range of legitimate depths can be determined by examining several keys from the same system with the calipers.
Make a few copies of the working key to modify. You don't want to mess up the original. Work with one tumbler column at a time. The idea is to change the key cut depth and find another cut depth that opens the lock. I used an old Weller soldering gun and some solder to build up the key cut to it's highest value (minimum cut depth). Start filing and test each possible cut depth for another value that works. Frequently more than one can be found. This is common in sub-mastered systems. Record the working values and repeat the process for each tumbler column.
The master cuts will usually not share the same cut depth as the working key. When you've determined all of the master cut values, file yourself a master key using the new found working values.
No. Installing master wafers costs money, so it's only done when you actually want to have a master key.
It's done by installing master wafers into the lock. A normal cylinder lock has pairs of pins, touching each other with a spring pushing them into the hole where you put the key. When you put the key in, the pins all line up, and the cylinder can turn, opening the lock. The length of each pin varies, in the same pattern that you see on the key. By putting in master waters you instead have 3 pins, meaning that each set has two possible positions, and therefore two different keys work in the same lock. By making the second key the same in every lock, you have a master key. The master key for each building or complex would be different, so there is no universal master key.
Adding master wafers increases the cost of the lock, so it's only done when the lock is going to be used in a master key situation.
Here's the method in a nutshell.
1) get a normal key that opens a lock.
2)count the notches, if its a 5 pin tumbler, then buy 6 more blank keys. ($2.00)
3) cut 5 keys to be identical to the original except at one of the pin position, let it be full height. SO that you now have 5 keys each with a full height blank at a different pin postion.
3.b) reducing the complexity. it's not physically possible to have a full height position adjacent to a deeply cut position. No problem, just cut it as high a possible, the master key suffers the same limits too, and this reduces the complexity of the pattern.
4) insert the first key. does it turn? No then file off 0.010" of metal and try again. within 7 tries, usually only one or 2 it will turn. congatulation you now know the pin 1 master height.(duh: ignore the turning at the original height.)
5) insert key2, rinse, lather repeat.
the beauty of this crack twofold. first, you are discovering the master heights of each pin independently, so the combinatorics is just linear in the number of resolvable pin heights not the product of pin-positions times pin heights. Second, you are also simultaneously factoring the ordinary key out of the master key combination, thus only discovering the master key not some useless key that is part paster and part ordinary key (that would only owrk on that particular lock).
6) Exception: if you cannot find the a pin height that opens one of the tumblers (ignoring the obvious one for the original key) then the original key height is the one for the master too.
Some drink at the fountain of knowledge. Others just gargle.
Everybody knows that. It's the way master-keys systems works, you take of pieces until you have the most generic key, the most generic keys needs inherently to be the smallest and thus the least safe.
Not that it can't be news and research for security people, but I can't see how this can "make it easier for buglers and terrorists", anyone in the business or anyone thinking about it for a few minutes knows thats how it works and have always worked, and how it has to work if you really wants a master key system.
The so-called "little known" faults with locks have been around since the little things have been invented. There are books on how to circumvent locks.
For centuries, locksmithing has been a sort of "black art" and the inner workings of them kept under tight control. But that only goes so far, as we all know from the Crypto industry.
Locks are, in fact, absurdly easy to open if you know what you're doing. If you've got one key to a lock that is master keyed, you can easily figure out what the master key looks like. Without that initial key, it's only slightly more problematic.
And don't think safes are any safer. Except for those that are specifically designed to thwart attack, most safes are designed to protect documents from fire and environmental hazards. They are not designed to keep intruders out. For those types of safes, anybody with a heavy hammer and a metal punch can open it. You'd be surprised how many people are stupid enough to put cash and valuables in them. In high schools, the combination padlocks on school lockers can easily be opened with a screw driver.
As the old saying goes, locks are meant to prevent honest people from being tempted. The crooks don't care.
I studied locks in depth when I was in high school and put that knowledge to good use when I needed quick cash as a starving student in university.
Needless to say, I'm posting this anonymously.
The situation was so bad at one point in the early 1990's that British Aerospace even designed and tested bomb proof bins. The idea is that they acted like a gun barrel and directed the force of the blast straight upwards, so that the only people to get hurt would be those actually sitting on top of them.
However the IRA ceasefire put an end to the development.
Considering I recently bought a house in one of those "cookie-cutter neighborhoods", here's my experience:
The locks come with a "contractor key" and a "Owner key". Until the Owner key is used in the locks, the contractor key will open it. Once the Owner key is used, it breaks one (or more?) of the pins the contractor key uses to open it, rendering the "master" unusable.
Of course, I have added more locks since then, so it's not as big a deal if this didn't work...
I am dyslexia of borg - your ass will be laminated.
IRA terrorists would leave explosive in them, in order to kill or main
It must be pointed out that nowadays IRA terrorists have a habit of telling the police the general vicinity of said bombs so that civilians can be evacuated. Traffic gets snarled and countless commuters are late, but when was the last time lots of people were killed or maimed by an IRA bomb?
You must be thinking of the Basque.
Lockpicking has become a popular non-electronic hacker sport. Some links: Sportenthusiasts of Lockpicking, Wired, more links.
And now for the secure solution. You're gonna like this (in German).
now we need to go OSS in diesel cars
How about the Omagh bombing in 1998?
29 dead. (In other words, about 1% of the September 11th attacks.)
Bruce
Bruce Perens.
1) interchangeable core locks (Falcon or Best types). In addition to having master pins for the master key, there will be additional pins for the alternate shear line for pulling the cylinder out. Basically, if you find another key cut that works, you don't know if you have found the master key or the cylinder removal key cut.
2) MK? GMK? GGMK? Some key systems have multiple levels of keying. Though a well-designed system won't have too many stacked master pins, you still will likely end up finding a cut that works and not knowing if it's for the Master Key, Grand Master Key, Great-Grand Master Key, etc. Depending on the "resolution" of the key system, you could end up with a sub-master that only opens (say) five doors.
3) restricted keyways. Medeco, Assa, Schlage, et. al offer numerous restricted keyways. Good like finding blanks.
4) maximum adjacent cut differential. A Schlage key, for example, can have a depth from 0-9 on any given cut, but no two cuts that differ by more than 7 can be next to each other. If your office key is cut to 99333, and the master key is 51133, then one of the keys you'd have to cut using this system is 91333. A nine and a one are over the max differential, which would either obliterate the "1" cut, or the angle between them would be too steep-- in which case, good luck pulling this key out again.
If a job's not worth doing, it's not worth doing right.
Normal pedestrians cannot get blanks for some key types. The blanks are kept locked away.
In particular: Medico. Their keyways (the pattern of slots on the key's side that admit it to the cylinder) in their high-security models are in a number of (copyrighted) combinations, each sold only to one locksmithing company which is under contract to only resell cut keys, keep records (with ID and passwords) of the buyers, and only sell COPIES to the legitimate owner(s) of the particular lock. The privileged smiths go along with this, too, because Medico tries to get them to violate the contract and will transfer it (along with the lucrative business) to some more picky locksmith if they do.
So unconnected people who want to try such attacks against Medico locks need to make their own blanks. But that's not hard with a model-maker's midget milling machine, of which several brands are available.
(But Medico is also less vulnerable to attacks of the sort described. The lock's pins have a wedge-shaped tip, the cut in the key is at an angle across the axis of the key, and the pin must be rotated by the proper angle as well as lifted to release.)
But most of those "do not duplicate" keys are just ordinary keys from common manufacturers, which have been stamped. The stamp relates to laws prohibiting the copying of such a key and penalizing vendors who get caught doing so.
Of course if someone sticks a label saying something like "garage" or "front door" over the stamp, most hardware store clerks won't notice the stamp and will blithely make as many copies as desired.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I've known this method since I was a little kid. It's described in a book called _The Great Brain at the Academy_.