Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Identifies Widespread Security Hole - In Locks

Posted by timothy on from the analogies-reversed dept.

__roo writes "The New York Times has an article [free registration required] about a researcher at AT&T Labs Research who has discovered a little-known vulnerability in many locks that lets a person create a copy of the master key for an entire building by starting with any key from that building, and it requires little more than a file and a few key blanks."

6 of 462 comments (clear)

  1. Overstating the risk? by hcdejong · · Score: 5, Insightful

    I see several problems with the article.

    He said the technique could open doors worldwide for criminals and terrorists.

    • Surely, any place that's a likely target for terrorists has more security in place than cylinder locks? Like keycard access systems, or Marine guards with machine guns? This is more a criminal than a terrorist problem.
    • Most types of terrorist attack don't require access to keys. Just park a truck full of explosives in the general vicinity.
    • If the technique has been known to locksmiths, what makes the author think lockpickers haven't known about it, too?
    • This technique is only marginally safer (less detectable) than an attack with lockpicking tools.

    All in all, the article sounds more like fearmongering than a real concern.

    1. Re:Overstating the risk? by GigsVT · · Score: 5, Insightful

      It's not even a criminal problem in reality. I've be willing to bet that 99.9% of criminals don't know how to pick locks, and don't care. There is usually little point in picking a lock when a door can be kicked in, a window broken, a lock drilled, or a padlock cut.

      --
      I've had enough abrasive sigs. Kittens are cute and fuzzy.
  2. If this were bits rather than molecules... by sdo1 · · Score: 5, Insightful
    ... we'd be hearing about building owners calling for new laws outlawing the tools involved, i.e. files and blank keys. After all, their assets could be compromised by the use of these tools and therefore those tools should be banned! It should not matter that there are legitimate uses for these tools and everyone knows that anyone who owns and/or uses a metal file is a criminal and should be prosecuted!

    -S

    --
    --- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
  3. Re:Cant wait for bluetoof by WoodSmoke · · Score: 5, Insightful

    And when the power goes off do you want it to fail open or fail closed? Woodsmoke

  4. Re:Is this a joke? by raddan · · Score: 5, Insightful

    It's a big deal because regular people, people that trust the system, *don't* know about it. I didn't know about it, and though I knew locks could be picked, I didn't know that they could be circumvented so easily.

    Sure, locksmiths knew this. A good sysadmin also knows the weaknesses in their systems. But as a user of both locks and ecommerce, I blindly put my trust in those systems in part because I *don't* know their weaknesses!

    How many sysadmins know that the door to their server closet can be opened by an employee with a regular key?

    It's like with PGP: what can you trust? Regular people know now that you cannot trust master-key systems.

  5. Oh, one more thing... by Skapare · · Score: 5, Insightful

    Oh, one more thing. If you do decide to make yourself a grand master key, and are tempted to carry it around on your key ring, cut the hilt off so that the key will go in too far to work. Then only you will know that you have to put it in only part way. So if you get stopped and someone thinks you might have a master key and tries the keys on your ring, their natural human thing of "go all the way" will prevent them from detecting that your key works the lock.

    --
    now we need to go OSS in diesel cars