Shrinky Dinks As a Threat To National Security

InflammatoryHeadlineGuy writes "What do Shrinky Dinks, credit cards and paperclips have in common? They can all be used to duplicate the keys to Medeco 'high-security' locks that protect the White House, the Pentagon, embassies, and many other sensitive locations. The attack was demonstrated at Defcon by Marc Weber Tobias and involves getting a picture of the key, then printing it out and cutting plastic to match — both credit cards and Shrinky Dinks plastic are recommended. The paperclip then pushes aside a slider deep in the keyway, while the plastic cut-out lifts the pins. They were able to open an example lock in about six seconds. The only solution seems to be to ensure that your security systems are layered, so that attackers are stopped by other means even if they manage to duplicate your keys."

Re:3-d printers?

[pimpimpim]

3D printers create by default quite brittle objects, as it is lots of little dots of plastic glued together. To get a resistant plastic copy you should make a mold and then compress plastic inside of it. The forces on a key when turning can be quite high, that's why also thin sheet metal doesn't work here. Credit cards however can resist bending forces quite well. I've never seen a shrinky dink but I guess it's the same story.

Re:Is this surprising?

[closetpsycho]

Most modern keypad locks like what you're thinking of actually randomize the layout of the keypad. So looking for the more worn keys is an exercise in futility.

Re:More power to Homeland Security

[morgan_greywolf]

Shrinky Dinks are a kids toy. You cut it out and put it in the oven and it shrinks and gets stiff. See the video

Re:Is this surprising?

[Dun+Malg]

Most modern keypad locks like what you're thinking of actually randomize the layout of the keypad. So looking for the more worn keys is an exercise in futility.

There are very few manufacturers of those kind of keypads. The vast majority of the keypads installed are fixed and suffer from the "dirty keys" exploit. The "scramble pad" keypads are 4-5 times the price, and very few people outside of defense contractors spec that sort of thing. I've only ever seen one, and I've installed and serviced hundreds of keypad entry systems.

Re:Is this surprising?

[Dun+Malg]

It should be noted that one of the major selling points of the Medeco locks is that, through some mixture of technological and legal means, Medeco is quite aggressive about restricting access to key duplication blanks.

Of course, their aggressive protection of their patented key blanks is about marketing more than anything else. They are the sole legal supplier of keys to their locks*, so they therefore reap profit every time someone needs another key. The only selling point of their high priced and inconvenient to procure patented keys is the natural control this restricted access creates. They've managed to sell this access with very slick marketing which conveniently glosses over many important security issues. But then again, their business is only to sell locks, and they do it very well. The mechanical quality of their stuff is high as well, so you at least get a quality product for the price.

* You can buy 3rd party blanks now for the old Sky, Air, and the newer Biaxial keyways. They're always looking for one more mechanical "kink" to add to the system to justify the next patent. Skay and Air were patented on the strength of the rotating pin concept. Biaxial was patented via making the cuts staggered either for or aft on the key. The latest M3 is patented on a step on the blank that pushes a silly little "anti pick" pin near the back. Seems to me they're running out of ideas.