Slashdot Mirror
Duplicating Your Housekeys, From a Distance
Roland Piquepaille writes "Some clever computer scientists at UC San Diego (UCSD) have developed a software that can perform key duplication with just a picture of the key — taken from up to 200 feet. One of the researchers said 'we built our key duplication software system to show people that their keys are not inherently secret.' He added that on sites like Flickr, you can find many photos of people's keys that can be used to easily make duplicates. Apparently, some people are blurring 'numbers on their credit cards and driver's licenses before putting those photos on-line,' but not their keys. This software project is quite interesting, but don't be too afraid. I don't think that many of you put a photo of their keys online — with their addresses." I wonder when I'll be able to order more ordinary duplicate keys by emailing in a couple of photos.
looks like hiding your key in that rock was a good idea after all :)
It seems to me that the number of incidences where this could possibly be an issue is astronomically slim. Need picture of key, need to know where the key goes, and need the method of duplicating key with picture accurately enough to be of use. Then there has to be a pretty impresive reason why any of the other less complicated and faster ways of breaking in wouldn't be useful.
The only change I can believe in is what I find in my couch cushions.
I don't know about M. Piquepaille, but it's not very hard to find my address online. How many places am I going to have keys for? My house, my car, my bike, and my mailbox. That's pretty much it. Besides, I geotag just about every picture I post to flickr. But who takes pictures of keys?
www.timcoleman.com is a total waste of your time. Never go there.
every time i pull my keys out to use them i have always tried to hide at least one side of them for just such a reason. now my paranoia has finally paid off!
The mind boggles.
Locks are to keep honest people out.
Who uploads photos of themselves (or others) holding credit cards or keys? In my entire life, I don't think I've EVER even TAKEN a photo like that, let alone thought about sharing it. Am I just bizarre or is it the people on Flickr? Ok, admittedly it could be both, but still....
I locked my Cadillac once and left my keys lying on the drivers seat. The locksmith successfully cut a new door key by hand just by looking at the key through the window.
make copies of my keys. Have fun "playing" with my pitbull waiting for you on the other side of the door.
Attention all planets of the Solar Federation! We have assumed control! - Neil Peart
Just use a bump key
You mean like this, but from 200 feet away?
It's only a matter of time before Google Maps 0wns your keys.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Why do people post pictures of their keys on Flickr anyway? Or pictures of their credit cards and drivers licenses on Flickr. Why would someone want to do that. Just curious.
Keys only serve to keep honest people honest. A lock pick and torsion bar can mimic any (average) key anyways.
The story is interesting (on the subject of computer vision) but shouldn't scare anyone.
You are currently broadcasting your keys TO THE WORLD!
Punch the monkey to learn how to protect yourself.
All the pictures of my keys online have been photoshoped. The keys you could make from them set the tumbler combination that looses the killer bees!
-Peter
The keys in the pic seem to be the crappy "2-D" sort that are vulnerable to "bump keys".
It'll be much easier to just make a bump key and use it to break in covertly, than to bother making the "same key". Google for bump key videos.
You'd probably need better pics to make duplicates of those "3-D" keys - those with wedges and so on.
If they work more than half the time I'd be impressed! So far no key cutter in my locale has managed this, even with *the keys themselves* to copy from.
Apart from the 200 feet bit of course.
>The Prison Service has been forced to spend £250,000 on changing every lock and key in Feltham young offenders' institution after a TV news crew filmed a prison key during a media visit last week.
http://www.guardian.co.uk/media/2006/jul/05/broadcasting.youthjustice
That's nothing! On the Discovery Health channel there was a story about a man that swallowed his friend's car key. They were too drunk to drive home and he wanted to prevent his friend from driving while drunk. To make a long story short, the spare key was lost and they they were able to make duplicate keys from an X-Ray that clearly showed the key.
I have a great idea: use Hubble to get a picture of the key to the universe and ask walmart to make it very cheaply.
Get into my house however you want, my wife is going through menopause, she's bi-polar, and she has my shotgun.
In my other life, I eat cats.
Remember the old days when swingers used to have "key parties?"
For the young and innocent who have never been exposed to such debauchery -- they would get together and throw all the mens' motel room keys in a hat. Then the ladies would pick them out of the hat and go to that key's room....
Well, now the possibilities for adultfriendfinder dot com have just been expanded... Just post a picture of your key and wait for your new friends to show up!
In times of universal deceit, telling the truth gets you modded -1 Troll
I can't even get those chumps at home depot to give me a copy that works when they're using the original, much less a photograph.
Wise men say, "Forgiveness is divine, but never pay full price for late pizza."
Well the word is out on bump keys, which are an easier method of entry in most cases, yet burglaries are down. I don't see key photos as a particularly meaningful threat to most of us.
I really like the keys that they use in Brazil: Key-four(Chave-Quatro)
I'd like to see them take a picture of this and reproduce it.
Not too surprising following the incident in which Diebold voting machines were hacked using a key image in an advertisement:
http://news.cnet.com/8301-10784_3-6153328-7.html
Oh yeah - I knew that sounded familiar!
http://it.slashdot.org/article.pl?sid=08/02/06/1627220
Who needs the profile of an individual key when you can open any lock of the same type with a simple filed down key?
the more reasons to keep keys where they belong - in your pockets. you want a copy? fight me for it.
Ordering duplicate keys by sending in a photo is a whole lot less secure than doing it in person. If I go in person to get a duplicate key, I can watch and see that they didn't make a copy for themself, I get the original back right away with the copy, I don't have to tell them where I live, and I can pay cash. If I were to order remotely by photo, they know where I live (either from my shipping address or my credit card billing address) and there's nothing preventing them from making a copy I don't know about so they can come rob my house later.
It seems to me picking the lock would be a better approach.
My motorbike travels in Chile.
The best antitheft device on my car is the manual transmission. ;)
The ratio of people to cake is too big
. . . when will they be able to make a new set on the spot for me after I lock them in my car?
Can somebody make an iPhone app that does that?
Please?
What?
Europeans keys (Secure keys) are much harder to duplicate and safer then american (US or Canada). I don't think you can bump open a european lock. Anyways this sounds like a good scenario for the next James Bond movie.
My root password is "uijepsup". Not telling you what machine.
It's not like a duplicate has to be carved out of bar stock. Most of the key brands are recognizable by their shape, which gives you the proper blank. From this, you can scale the photo to actual size. The cuts of the key are a known length with a discrete depth (out of 7 or so choices). It would be pretty trivial to look at someone's house key and say that it's a Kwikset with cuts 4-1-6-3-3.
I thought this would just generate a public key for the corresponding private one to form a key pair, and is good for security?
http://www.i-hacked.com/content/view/264/1/
Smidge, I appreciate your factual approach, but you might improve your message if you update it a bit. If RP is getting stories approved in December, I tip my hat to him!
House keys still lack "chips" which are RF encoded to unlock a door. On the other hand most car keys in last batch of years have a radio chip which is required to make the car start. I realized this when I had to spend $80 a key to create dupes of my Toyota keys last week. Ouch!
Even ignoring a bump key or a lock pick or a hundred other things. Houses are not secured via a key. Keys stop opportunity thieves. They keep alzheimer patients from going into the wrong home. This is not a big deal.
excitingthingstodo.blogspot.com
Most pin tumbler locks (like the one on your front door) are pathetically easy to break using a set of bump keys that you can make yourself or buy online for $10.
If you want real security, you need a high security deadbolt. Breaking a good lock like an Abloy Protec is considerably more difficult. The Protec, for example, doesn't use pins. That means that it can't be bumped and it can't be picked (note that I said it can't be picked, not that it can't be manipulated). The end result is that it takes different skills and tools to manipulate a Protec, which means that criminals are far less likely to do so.
I have made thousands of key duplicates (family retail business), so I have a little knowledge in key duplication. Here's two bits of knowledge: 1) When you make a copy from the original key, the copy is, maybe, a hair off on either or both the pin offset and depth. Depending on the age and quality of the lock, this minor deviation can cause the key not to work. Copies from originals work (best guestimate) 99/100 times.
2) Most people do not have their original keys anymore. They have 2nd, 3rd, or 4th generation keys. Every time you duplicate, the error multiplies just like using a photo-copier on a copy. With so much error, 3rd or later generations work (guestimate) 1 in 3 times.
So, even if this technology can duplicate your key by photo, unless they bring the key back to a locksmith (who has a special jig for cutting new originals using pins instead of the key -- gets rid of the "signal noise") or the software already adjusts for the "signal noise", there's a good chance the key won't work. It all depends on the source key and the lock.
I wouldn't be too worried about this.
Modify your lock with a "duress key" which, when it turns, sprays pepper spray at the person in front of the door (and remains locked). Post a photo of that one.
(using a lock with a core-removal key and then modifying that mechanism might be one place to start; remember you don't actually want the core to come out though)
Seriously, sight-reading keys is nothing new. Ask a locksmith about cutting a new key based on a car key left on the front seat. I'm pretty sure the idea has even been on slashdot before (shock of shocks), although without the software angle.
Despite being quite awful, there's a reference to key parties in the Grinch movie (the remake with Jim Carey, directed by Ron Howard.) As a bunch of Who's enter a who-house for a Christmas party, they all throw their keys into a fishbowl by the window. My kids had no idea why I was laughing my ass off.
I had a car key that snapped in half in my hand once. The locksmith who showed up looked at the two pieces of the key, wrote down a series of numbers indicating the pin depth, and then hand-ground a key from those numbers using the grinder wheel in his van.
Not as cool sounding as using an X-Ray, but the exact same principle. From sight of the key, he made a new key.
SIG: HUP
As always, if you want to protect your keys from being copied, wrap them in tin foil.
Making a key copy that will last for a single use has always been within the capacities of a retarded monkey. Once you realize that, the only think that makes the article interesting is the social blaze, and the image processing. Naming specific distances from the camera is a little silly though. The bigger concerns are focus, pixel count, and lossy compression; to say nothing of the orientation of the key relative to the lens, and color contrast.
I won a bet once by making a copy of someone's key by pressing it against my arm for a few seconds, and using a trace of the resultant discoloration as a template.
I re-keyed the locks on my house with a kit I got off eBay. The kit merely contains an assortment of six different lengths of pins plus some driver pins. Each pin corresponds to a different key notch depth.
You can assign sequence of numbers to the key that represents the notch depths. All you need to duplicate the key is the sequence. My locks only had five pins, each of which could be six different lengths. Six possible depths isn't many, and the depths can easily be differentiated by just looking at a key. After re-keying one or two locks, I could just look at a key and instantly know the key's code. I suspect locksmiths are very adept at this.
The summary mentions blurring credit card and check number details to post such things on the web. It has been shown, and I believe posted on slashdot that the numbers can still be recovered.
If they enter with a key, there is virtually no trace from anybody entering, so you'll have a hard time getting any compensation.
I don't think that many of you put a photo of their keys online -- with their addresses.
Maybe not, but how many of us expose our keys in places where they could be covertly photographed with telephoto lenses and/or cameraphones?
I'm very curious as to how far this sort of photometrics can be developed. If you can measure a key well enough to manufacture a duplicate just by viewing a picture with the key in it (not even necessarily a picture *of* they key, just with it in a picture lying there on the table) the capabilities for making precise measurements of complex arrangements of parts aren't that far off. Add the time dimension in, and things get more interesting; instead of having to mount a potentiometer or LVDT or accelerometer to measure the displacement or motion of a part, just film it. That could make a lot of jobs much easier.
Once I locked myself out of my DeLorean, and the locksmith was able to make a copy of the key using only two pieces of wood, a knitting needle, and a half gram of coke.
...that you still need the hardware to cut the key blank.
I always thought that those were some of the tools they used on the assembly line!
I've seen it done. Thieves backed a truck up to one of the homes in my neighborhood, opened the garage door, wheeled out the appliances and left.
I saw it happen as did several other neighbors, but it was one of the showhomes the builder was trying to sell and we figured that they buyer probably wanted a different appliance option and they were just going to switch them out. In retrospect they probably went into the home when it was showing on the weekend and left a window unlatched.
They did it on a weekday afternoon, broad daylight and wearing somewhat matching uniforms and they just blended in.
When I get a key copy made from the original key, half the time it doesn't work! And it costs more money to drive back to the store to get another one than the copy costs. Grr...
If you think that's creepy, don't worry. It's way easier to get duplicates than taking a photo. My father in law is training to be a locksmith as a retirement hobby, and I'd recently purchased a motorcycle. It was used, and when I got it, it only had the one key. I'm a lazy kind of guy, so I never got around to getting a replacement. I *talked* about getting copies made all the time, but never actually did. Anyhow, my wife sent him the VIN, and a couple weeks later, I got two keys in the mail. Apparently, that's all you needed. And the VIN is a rather public record that anyone can obtain.
Long story short, anybody could have a key to my motorcycle without even ever having seen it, and with the same information they used to get the key, I have little doubt they could look up the owner and address, where the bike is usually parked. Yay, security!
-G
Their may be a grammatical error, misspeling, or evn a typo in this post.
A little while ago, diebold posted a picture of the master key that can open any of their voting machines online. And someone made a copy, of course (yet another example of lax diebold security).
Maybe the lazy but slightly dishonest kid down the street, who upon finding my door locked, comes and finds yours--your hard drive is now on ebay for way less than it is worth by the way.
"What's the half-gram of Bolivian Marching Powder for?"
"Have YOU ever tried to cut a key with a piece of wood and a knitting needle? I'm surprised it only took two tries!"
"These people look deep within my soul and assign me a number based on the order in which I joined" --Homer re:
Re: the DeLorean. Now that was funny.
Even though it does not seem to exist anymore (at least not where I moved), but in good ol' Europe we used to have these all flat keys, that had this magnetic strip inside (sometimes 3 round ones, sometimes a straight line of magnet).
Not sure if it had a security issue, or it never made it to Latin America, or what the hell, but I cannot see these even online anymore.....
Well,,.. anyway, duplicate those from a photo taken from 200 meters....
That reminds me of the time we were partying with John DeLorean. Good times.
I locked my keys in the car about 15 years ago and had to call the locksmith. He didn't bother with a slim jim or any of that crap. He just looked at the key sitting on the seat and cut a new one by hand. It worked on the first try. He said that he figured that I probably needed a spare anyway.
Looks like I'll have to remove my flickr photo series of "My favorite keys for locking up valuables". This is right after I had to remove "My favorite credit cards".
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
a) As noted by others, there are easier ways to break into a person's home/car.
b) Seems to me that for many apps, metal keys are being displaced by key cards.
-Frank
Here's a photo of my keychain. Knock yourselves out.
"People have started blurring photos of their credit cards"..wow. If you're that stupid, you deserve to be screwed over.
My car key snapped in half, and it was my only copy. I made a pattern out of the two halves, and carved a replacement key out of wood. It worked fine; I drove to a locksmith, and they made a new key out of the pieces.
"I don't think that many of you put a photo of their keys online â" with their addresses"
But many people do reveal thier place of work or study online. If you have that and a photograph you can simply follow them to find out where they live.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
You can waste your time doing worthless experiments and get paid for it! Well, at least the full professors.
Other than that, a few keys that are eyeball resistant that come to mind are the Shlage Primus, and the Medeco3 key, because someone would have to eyeball the slider, the pin depth cuts, and the angles of the cuts for the pins to rotate.
Except that all of Medeco's locks can be bumped AFAIK.
Try eye-balling one of Evva's MCS keys that are simply magnets:
http://www.evva.com/at/products/mechanische-schliesssysteme/mcs/en/
Locks are to keep honest people out.
And to prove to the police and insurance company that there was an actual break in. If someone can get in through your door cleanly (bumping or this technique), then they can make off with stuff with little evidence.
Now if you prevent someone from walking in the front door, and they're force to go in through a window, at least you'll get some compensation.
You're not preventing someone from getting in with an unpickable lock, you're making sure it takes some effort to do so.
Always over thinking the problem, this is totally unnecessary google "key bumping".
** I don't think that many of you put a photo of their keys online -- with their addresses. I wonder when I'll be able to order more ordinary duplicate keys by emailing in a couple of photos.**
Then some scammer would set up a snazzy website and they would have copies of keys - linkled to home addresses.
While amazing, as a concept and a process, this really doesn't create much of a "OMGTHESKYISFALLING" security risk. Residential pin-and-tumbler locks exist to keep honest people honest. Anyone with a set of lockpicks and a modicum of skill (or a sledge hammer and a modicum of chutzpah, or $20 and access to a SourthOrd catalog for a pick gun, etc, etc...) can gain entry through any old locked door.
While the man-in-black in question is at it, after picking your lock he may as well just take it off of the door, pop the cylinder out, and measure the pins so he can cut himself a key and avoid having to pick it next time.
You don't even need no steeking picture of the key.
If they enter with a key, there is virtually no trace from anybody entering, so you'll have a hard time getting any compensation.
Great, that explains why it would be worse. Now explain to me why a burglar would would give a crap whether your insurance would cover what he took, particularly when the procedure for doing so is both more costly (camera + computer + CNC machine) and more time consuming than prying open a window.
If a job's not worth doing, it's not worth doing right.
Although a twelve foot camera pointed at my retina is kinda hard to miss, I now have the urge to wear sunglasses whenever in public. And gloves.
As shown on China Central Television (http://www.cctv.com), an experienced lock maker can construct an equivalent key merely after a glance at your key. He was appreciated as one of the Ten Model Workers of the Year.
This wouldn't be a problem for a sufficiently motivated photographer who had the time and unsettling desire to follow one home. Stalkers: 7 Stalkees: 0
HD has repeated failed to duplicate my bog-standard Weiser house-keys. I'd like to see somebody do it from 200 feet.
wait there people out there who load pictures randomly to the net?!?!?!? i thought you load pictures in some way that you friends could find them... unlucky for you!
"You are still innocent until proven guilty. What's changed is what they do to innocent people." by notnAP (846325)