Slashdot Mirror
Duplicating Your Housekeys, From a Distance
Roland Piquepaille writes "Some clever computer scientists at UC San Diego (UCSD) have developed a software that can perform key duplication with just a picture of the key — taken from up to 200 feet. One of the researchers said 'we built our key duplication software system to show people that their keys are not inherently secret.' He added that on sites like Flickr, you can find many photos of people's keys that can be used to easily make duplicates. Apparently, some people are blurring 'numbers on their credit cards and driver's licenses before putting those photos on-line,' but not their keys. This software project is quite interesting, but don't be too afraid. I don't think that many of you put a photo of their keys online — with their addresses." I wonder when I'll be able to order more ordinary duplicate keys by emailing in a couple of photos.
They probably just use their slanted squinty little sheltered eyes to get clear focus of the keys.
looks like hiding your key in that rock was a good idea after all :)
It seems to me that the number of incidences where this could possibly be an issue is astronomically slim. Need picture of key, need to know where the key goes, and need the method of duplicating key with picture accurately enough to be of use. Then there has to be a pretty impresive reason why any of the other less complicated and faster ways of breaking in wouldn't be useful.
The only change I can believe in is what I find in my couch cushions.
I don't know about M. Piquepaille, but it's not very hard to find my address online. How many places am I going to have keys for? My house, my car, my bike, and my mailbox. That's pretty much it. Besides, I geotag just about every picture I post to flickr. But who takes pictures of keys?
www.timcoleman.com is a total waste of your time. Never go there.
every time i pull my keys out to use them i have always tried to hide at least one side of them for just such a reason. now my paranoia has finally paid off!
The mind boggles.
Locks are to keep honest people out.
Who uploads photos of themselves (or others) holding credit cards or keys? In my entire life, I don't think I've EVER even TAKEN a photo like that, let alone thought about sharing it. Am I just bizarre or is it the people on Flickr? Ok, admittedly it could be both, but still....
I locked my Cadillac once and left my keys lying on the drivers seat. The locksmith successfully cut a new door key by hand just by looking at the key through the window.
make copies of my keys. Have fun "playing" with my pitbull waiting for you on the other side of the door.
Attention all planets of the Solar Federation! We have assumed control! - Neil Peart
Just use a bump key
You mean like this, but from 200 feet away?
It's only a matter of time before Google Maps 0wns your keys.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Why do people post pictures of their keys on Flickr anyway? Or pictures of their credit cards and drivers licenses on Flickr. Why would someone want to do that. Just curious.
Keys only serve to keep honest people honest. A lock pick and torsion bar can mimic any (average) key anyways.
The story is interesting (on the subject of computer vision) but shouldn't scare anyone.
I think most of you are aware of the controversy surrounding regular Slashdot article submitter Roland Piquepaille. For those of you who don't know, please allow me to bring forth all the facts.
Roland Piquepaille has an online journal. (I REFUSE TO USE THE TERM 'BLOG'). It consists almost entirely of content, both text and pictures, taken from reputable news websites and online technical journals. He does give credit to the other websites, but it wasn't always so. Only after many complaints were raised by the Slashdot readership did he start giving credit where credit was due.
Roland Piquepaille's Technology Trends serves online advertisements through a service called Blogads, located at www.blogads.com.
Before we talk about money, let's talk about the service that Roland Piquepaille provides in his journal. He goes out and looks for interesting articles about new and emerging technologies. He provides a very brief overview of the articles, then copies a few choice paragraphs and the occasional picture from each article and puts them up on his web page. Finally, he adds a minimal amount of original content between the copied-and-pasted text in an effort to make the journal entry coherent and appear to add value to the original articles. Nothing more, nothing less.
Now. Let's HIT THIS FUCKER WHERE IT HURTS and talk about money.
It appears that every single article submitted to Slashdot by Roland Piquepaille is accepted, and he submits multiple articles each month. As of today, it is clear that ten articles were accepted in October, six in November, and four in December (so far). See http://slashdot.org/~rpiquepa for yourself. Some generate lots of discussion; others very little. What is clear is that, on a whole, this generates a lot of traffic for Roland Piquepaille. Just over 150000 hits each month according to Blogads. And the higher the traffic, the higher the advertisement rates Roland Piquepaille can charge. So, why do the Slashdot editors accept every single story from Roland Piquepaille? Is the content of his journal interesting and insightful? Of course it is, but not by Roland Piquepaille's doing. The actual content of his journal is ripped from the real articles, but at least he gives them credit now. Does the content of his journal bring about energitic discussion from the Slashdot readership? Yes, because the original articles from which he got his content are well written and researched and full of details. So you may be asking, "What is so controversial about this?" Well, in almost every single article submitted by Roland Piquepaille, Slashdot readers complain that Roland Piquepaille is simply plaigarizing the original articles.
Slashdot should instead link to the original articles. In essence, avoid going through the middle man (and making money for him!). The Slashdot readership that can see through Roland Piquepaille's farce objects on the basis that he stands to make a generous amount of money by doing very little work and instead piggy-backing on the hard work of other professional writers. Others argue that he is providing us with a service and should not be ashamed to want to get paid for it. But exactly what service is he providing us with? He copies-and-pastes the meat of his journal entries from professional and academic journals and news magazines and submits about seven or eight of these "articles" to Slashdot each month. Is this "service" worth up to $647 a month?
Or, does each "article" represent up to $80 of work?
Is it just my observation, or is eldavojohn an idiot?
You are currently broadcasting your keys TO THE WORLD!
Punch the monkey to learn how to protect yourself.
All the pictures of my keys online have been photoshoped. The keys you could make from them set the tumbler combination that looses the killer bees!
-Peter
The keys in the pic seem to be the crappy "2-D" sort that are vulnerable to "bump keys".
It'll be much easier to just make a bump key and use it to break in covertly, than to bother making the "same key". Google for bump key videos.
You'd probably need better pics to make duplicates of those "3-D" keys - those with wedges and so on.
If they work more than half the time I'd be impressed! So far no key cutter in my locale has managed this, even with *the keys themselves* to copy from.
Dear Mr. Coleman:
Your wife wears John McCain's Navy boots!
Although Norm Coleman wants nothing less than to pander to our worst fears, I want this letter to speak a language of reconciliation, not retaliation. Let's get down to brass tacks: He is an obnoxious, sophomoric vigilante. I use that label only when it's true. If you don't believe it is, then consider that Coleman's cringers assert that Coleman's hastily mounted campaigns are Right with a capital R. This is precisely the non-equation that Coleman is trying to patch together. What he's missing, as usual, is that if he can one day let down ladders that the sneaky, improvident, and hopeless scramble to climb then the long descent into night is sure to follow.
It is no news that Coleman has two imperatives. The first is to gag free speech. The second imperative is to hamstring our efforts to challenge him to defend his deeds or else to change them. If I didn't sincerely believe that there are a number of conceptual, logical, and methodological flaws in his flimflams, then I wouldn't be writing this letter.
Coleman's homophobic actions paint pictures of loathsome worlds inhabited by destructive troublemakers. Coleman then blames us for that. Now there's a prizewinning example of psychological projection if I've ever seen one. His desire to encourage the acceptance of scapegoating and demonization is incontrovertible evidence that Coleman harbors some ostentatious grudges. Interestingly, Coleman doesn't seem to care about that.
I, speaking as someone who is not a grotty, poxy dingbat, just want to create a world in which obscurantism, gnosticism, and demagogism are all but forgotten. That's why I propose, argue, cajole, plead, wheedle, and joke about ways to provide an antidote to contemporary manifestations of unctuous terrorism. If Coleman's invectives get any more elitism-prone, I expect they'll grow legs and attack me in my sleep.
What is often overlooked, however, is that there is no excuse for the innumerable errors of fact, the slovenly and philistine artistic judgments, the historical ineptitude, the internal contradictions, and the various half-truths, untruths, and gussied-up truths that litter every one of Coleman's essays from the first word to the last. On theoretical grounds alone, Coleman's statements are so filled with errors that I feel some futility in replying to them. This is not what I think; this is what I know. I additionally know that Coleman says that he needs a little more time to clean up his act. As far as I'm concerned, Coleman's time has run out.
As if you didn't know, an understanding of the damage that may be caused by Coleman's rummy précis isn't something I expect everyone to develop the first time they hear about it. That's why I write over and over again and from so many different angles about how Coleman's helots were recently seen causing riots in the streets. That's not a one-time accident or oversight. That's Coleman's policy. Remember, though, that just because I have one view of an issue and Coleman has a different view does not in itself mean that Coleman is an insecure, diabolic gutter-dweller and a vengeful liar. But when Coleman says that the Universe belongs to him by right, he's simply lying. That's why I maintain that Coleman doesn't know everything. Regular readers of my letters probably take that for granted, but if I am to drive off and disperse the inaniloquent communism enthusiasts who convince others that two-faced reprobates are the "chosen people" of scriptural prophecy, I must explain to the population at large that I believe in "live and let live". Coleman, in contrast, demands not only tolerance and acceptance of his sophistries but endorsement of them. It's because of such maladroit demands that I believe that he doesn't want us to prescribe a course of action. He would rather we settle for the meatless bone of mandarinism.
I don't just contend that the best way to seek liberty, equality, and fraternity is to oppose Coleman and all he stands for;
Apart from the 200 feet bit of course.
>The Prison Service has been forced to spend £250,000 on changing every lock and key in Feltham young offenders' institution after a TV news crew filmed a prison key during a media visit last week.
http://www.guardian.co.uk/media/2006/jul/05/broadcasting.youthjustice
That's nothing! On the Discovery Health channel there was a story about a man that swallowed his friend's car key. They were too drunk to drive home and he wanted to prevent his friend from driving while drunk. To make a long story short, the spare key was lost and they they were able to make duplicate keys from an X-Ray that clearly showed the key.
I have a great idea: use Hubble to get a picture of the key to the universe and ask walmart to make it very cheaply.
Get into my house however you want, my wife is going through menopause, she's bi-polar, and she has my shotgun.
In my other life, I eat cats.
Remember the old days when swingers used to have "key parties?"
For the young and innocent who have never been exposed to such debauchery -- they would get together and throw all the mens' motel room keys in a hat. Then the ladies would pick them out of the hat and go to that key's room....
Well, now the possibilities for adultfriendfinder dot com have just been expanded... Just post a picture of your key and wait for your new friends to show up!
In times of universal deceit, telling the truth gets you modded -1 Troll
I can't even get those chumps at home depot to give me a copy that works when they're using the original, much less a photograph.
Wise men say, "Forgiveness is divine, but never pay full price for late pizza."
Well the word is out on bump keys, which are an easier method of entry in most cases, yet burglaries are down. I don't see key photos as a particularly meaningful threat to most of us.
I really like the keys that they use in Brazil: Key-four(Chave-Quatro)
I'd like to see them take a picture of this and reproduce it.
Not too surprising following the incident in which Diebold voting machines were hacked using a key image in an advertisement:
http://news.cnet.com/8301-10784_3-6153328-7.html
Oh yeah - I knew that sounded familiar!
http://it.slashdot.org/article.pl?sid=08/02/06/1627220
Who needs the profile of an individual key when you can open any lock of the same type with a simple filed down key?
the more reasons to keep keys where they belong - in your pockets. you want a copy? fight me for it.
Ordering duplicate keys by sending in a photo is a whole lot less secure than doing it in person. If I go in person to get a duplicate key, I can watch and see that they didn't make a copy for themself, I get the original back right away with the copy, I don't have to tell them where I live, and I can pay cash. If I were to order remotely by photo, they know where I live (either from my shipping address or my credit card billing address) and there's nothing preventing them from making a copy I don't know about so they can come rob my house later.
It seems to me picking the lock would be a better approach.
My motorbike travels in Chile.
The best antitheft device on my car is the manual transmission. ;)
The ratio of people to cake is too big
. . . when will they be able to make a new set on the spot for me after I lock them in my car?
Can somebody make an iPhone app that does that?
Please?
What?
Europeans keys (Secure keys) are much harder to duplicate and safer then american (US or Canada). I don't think you can bump open a european lock. Anyways this sounds like a good scenario for the next James Bond movie.
My root password is "uijepsup". Not telling you what machine.
It's not like a duplicate has to be carved out of bar stock. Most of the key brands are recognizable by their shape, which gives you the proper blank. From this, you can scale the photo to actual size. The cuts of the key are a known length with a discrete depth (out of 7 or so choices). It would be pretty trivial to look at someone's house key and say that it's a Kwikset with cuts 4-1-6-3-3.
I thought this would just generate a public key for the corresponding private one to form a key pair, and is good for security?
http://www.i-hacked.com/content/view/264/1/
House keys still lack "chips" which are RF encoded to unlock a door. On the other hand most car keys in last batch of years have a radio chip which is required to make the car start. I realized this when I had to spend $80 a key to create dupes of my Toyota keys last week. Ouch!
Even ignoring a bump key or a lock pick or a hundred other things. Houses are not secured via a key. Keys stop opportunity thieves. They keep alzheimer patients from going into the wrong home. This is not a big deal.
excitingthingstodo.blogspot.com
Most pin tumbler locks (like the one on your front door) are pathetically easy to break using a set of bump keys that you can make yourself or buy online for $10.
If you want real security, you need a high security deadbolt. Breaking a good lock like an Abloy Protec is considerably more difficult. The Protec, for example, doesn't use pins. That means that it can't be bumped and it can't be picked (note that I said it can't be picked, not that it can't be manipulated). The end result is that it takes different skills and tools to manipulate a Protec, which means that criminals are far less likely to do so.
I have made thousands of key duplicates (family retail business), so I have a little knowledge in key duplication. Here's two bits of knowledge: 1) When you make a copy from the original key, the copy is, maybe, a hair off on either or both the pin offset and depth. Depending on the age and quality of the lock, this minor deviation can cause the key not to work. Copies from originals work (best guestimate) 99/100 times.
2) Most people do not have their original keys anymore. They have 2nd, 3rd, or 4th generation keys. Every time you duplicate, the error multiplies just like using a photo-copier on a copy. With so much error, 3rd or later generations work (guestimate) 1 in 3 times.
So, even if this technology can duplicate your key by photo, unless they bring the key back to a locksmith (who has a special jig for cutting new originals using pins instead of the key -- gets rid of the "signal noise") or the software already adjusts for the "signal noise", there's a good chance the key won't work. It all depends on the source key and the lock.
I wouldn't be too worried about this.
Modify your lock with a "duress key" which, when it turns, sprays pepper spray at the person in front of the door (and remains locked). Post a photo of that one.
(using a lock with a core-removal key and then modifying that mechanism might be one place to start; remember you don't actually want the core to come out though)
Seriously, sight-reading keys is nothing new. Ask a locksmith about cutting a new key based on a car key left on the front seat. I'm pretty sure the idea has even been on slashdot before (shock of shocks), although without the software angle.
Despite being quite awful, there's a reference to key parties in the Grinch movie (the remake with Jim Carey, directed by Ron Howard.) As a bunch of Who's enter a who-house for a Christmas party, they all throw their keys into a fishbowl by the window. My kids had no idea why I was laughing my ass off.
I had a car key that snapped in half in my hand once. The locksmith who showed up looked at the two pieces of the key, wrote down a series of numbers indicating the pin depth, and then hand-ground a key from those numbers using the grinder wheel in his van.
Not as cool sounding as using an X-Ray, but the exact same principle. From sight of the key, he made a new key.
SIG: HUP
As always, if you want to protect your keys from being copied, wrap them in tin foil.
Making a key copy that will last for a single use has always been within the capacities of a retarded monkey. Once you realize that, the only think that makes the article interesting is the social blaze, and the image processing. Naming specific distances from the camera is a little silly though. The bigger concerns are focus, pixel count, and lossy compression; to say nothing of the orientation of the key relative to the lens, and color contrast.
I won a bet once by making a copy of someone's key by pressing it against my arm for a few seconds, and using a trace of the resultant discoloration as a template.
I re-keyed the locks on my house with a kit I got off eBay. The kit merely contains an assortment of six different lengths of pins plus some driver pins. Each pin corresponds to a different key notch depth.
You can assign sequence of numbers to the key that represents the notch depths. All you need to duplicate the key is the sequence. My locks only had five pins, each of which could be six different lengths. Six possible depths isn't many, and the depths can easily be differentiated by just looking at a key. After re-keying one or two locks, I could just look at a key and instantly know the key's code. I suspect locksmiths are very adept at this.
The summary mentions blurring credit card and check number details to post such things on the web. It has been shown, and I believe posted on slashdot that the numbers can still be recovered.
If they enter with a key, there is virtually no trace from anybody entering, so you'll have a hard time getting any compensation.
I don't think that many of you put a photo of their keys online -- with their addresses.
Maybe not, but how many of us expose our keys in places where they could be covertly photographed with telephoto lenses and/or cameraphones?
I'm very curious as to how far this sort of photometrics can be developed. If you can measure a key well enough to manufacture a duplicate just by viewing a picture with the key in it (not even necessarily a picture *of* they key, just with it in a picture lying there on the table) the capabilities for making precise measurements of complex arrangements of parts aren't that far off. Add the time dimension in, and things get more interesting; instead of having to mount a potentiometer or LVDT or accelerometer to measure the displacement or motion of a part, just film it. That could make a lot of jobs much easier.
Once I locked myself out of my DeLorean, and the locksmith was able to make a copy of the key using only two pieces of wood, a knitting needle, and a half gram of coke.
...that you still need the hardware to cut the key blank.
I always thought that those were some of the tools they used on the assembly line!
I've seen it done. Thieves backed a truck up to one of the homes in my neighborhood, opened the garage door, wheeled out the appliances and left.
I saw it happen as did several other neighbors, but it was one of the showhomes the builder was trying to sell and we figured that they buyer probably wanted a different appliance option and they were just going to switch them out. In retrospect they probably went into the home when it was showing on the weekend and left a window unlatched.
They did it on a weekday afternoon, broad daylight and wearing somewhat matching uniforms and they just blended in.
When I get a key copy made from the original key, half the time it doesn't work! And it costs more money to drive back to the store to get another one than the copy costs. Grr...
If you think that's creepy, don't worry. It's way easier to get duplicates than taking a photo. My father in law is training to be a locksmith as a retirement hobby, and I'd recently purchased a motorcycle. It was used, and when I got it, it only had the one key. I'm a lazy kind of guy, so I never got around to getting a replacement. I *talked* about getting copies made all the time, but never actually did. Anyhow, my wife sent him the VIN, and a couple weeks later, I got two keys in the mail. Apparently, that's all you needed. And the VIN is a rather public record that anyone can obtain.
Long story short, anybody could have a key to my motorcycle without even ever having seen it, and with the same information they used to get the key, I have little doubt they could look up the owner and address, where the bike is usually parked. Yay, security!
-G
Their may be a grammatical error, misspeling, or evn a typo in this post.
A little while ago, diebold posted a picture of the master key that can open any of their voting machines online. And someone made a copy, of course (yet another example of lax diebold security).
Maybe the lazy but slightly dishonest kid down the street, who upon finding my door locked, comes and finds yours--your hard drive is now on ebay for way less than it is worth by the way.
"What's the half-gram of Bolivian Marching Powder for?"
"Have YOU ever tried to cut a key with a piece of wood and a knitting needle? I'm surprised it only took two tries!"
"These people look deep within my soul and assign me a number based on the order in which I joined" --Homer re:
Re: the DeLorean. Now that was funny.
Even though it does not seem to exist anymore (at least not where I moved), but in good ol' Europe we used to have these all flat keys, that had this magnetic strip inside (sometimes 3 round ones, sometimes a straight line of magnet).
Not sure if it had a security issue, or it never made it to Latin America, or what the hell, but I cannot see these even online anymore.....
Well,,.. anyway, duplicate those from a photo taken from 200 meters....
That reminds me of the time we were partying with John DeLorean. Good times.
I locked my keys in the car about 15 years ago and had to call the locksmith. He didn't bother with a slim jim or any of that crap. He just looked at the key sitting on the seat and cut a new one by hand. It worked on the first try. He said that he figured that I probably needed a spare anyway.
Looks like I'll have to remove my flickr photo series of "My favorite keys for locking up valuables". This is right after I had to remove "My favorite credit cards".
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
a) As noted by others, there are easier ways to break into a person's home/car.
b) Seems to me that for many apps, metal keys are being displaced by key cards.
-Frank
Here's a photo of my keychain. Knock yourselves out.
"People have started blurring photos of their credit cards"..wow. If you're that stupid, you deserve to be screwed over.
My car key snapped in half, and it was my only copy. I made a pattern out of the two halves, and carved a replacement key out of wood. It worked fine; I drove to a locksmith, and they made a new key out of the pieces.
"I don't think that many of you put a photo of their keys online â" with their addresses"
But many people do reveal thier place of work or study online. If you have that and a photograph you can simply follow them to find out where they live.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
You can waste your time doing worthless experiments and get paid for it! Well, at least the full professors.
Other than that, a few keys that are eyeball resistant that come to mind are the Shlage Primus, and the Medeco3 key, because someone would have to eyeball the slider, the pin depth cuts, and the angles of the cuts for the pins to rotate.
Except that all of Medeco's locks can be bumped AFAIK.
Try eye-balling one of Evva's MCS keys that are simply magnets:
http://www.evva.com/at/products/mechanische-schliesssysteme/mcs/en/
Locks are to keep honest people out.
And to prove to the police and insurance company that there was an actual break in. If someone can get in through your door cleanly (bumping or this technique), then they can make off with stuff with little evidence.
Now if you prevent someone from walking in the front door, and they're force to go in through a window, at least you'll get some compensation.
You're not preventing someone from getting in with an unpickable lock, you're making sure it takes some effort to do so.
Always over thinking the problem, this is totally unnecessary google "key bumping".
** I don't think that many of you put a photo of their keys online -- with their addresses. I wonder when I'll be able to order more ordinary duplicate keys by emailing in a couple of photos.**
Then some scammer would set up a snazzy website and they would have copies of keys - linkled to home addresses.
While amazing, as a concept and a process, this really doesn't create much of a "OMGTHESKYISFALLING" security risk. Residential pin-and-tumbler locks exist to keep honest people honest. Anyone with a set of lockpicks and a modicum of skill (or a sledge hammer and a modicum of chutzpah, or $20 and access to a SourthOrd catalog for a pick gun, etc, etc...) can gain entry through any old locked door.
While the man-in-black in question is at it, after picking your lock he may as well just take it off of the door, pop the cylinder out, and measure the pins so he can cut himself a key and avoid having to pick it next time.
You don't even need no steeking picture of the key.
If they enter with a key, there is virtually no trace from anybody entering, so you'll have a hard time getting any compensation.
Great, that explains why it would be worse. Now explain to me why a burglar would would give a crap whether your insurance would cover what he took, particularly when the procedure for doing so is both more costly (camera + computer + CNC machine) and more time consuming than prying open a window.
If a job's not worth doing, it's not worth doing right.
Although a twelve foot camera pointed at my retina is kinda hard to miss, I now have the urge to wear sunglasses whenever in public. And gloves.
As shown on China Central Television (http://www.cctv.com), an experienced lock maker can construct an equivalent key merely after a glance at your key. He was appreciated as one of the Ten Model Workers of the Year.
This wouldn't be a problem for a sufficiently motivated photographer who had the time and unsettling desire to follow one home. Stalkers: 7 Stalkees: 0
HD has repeated failed to duplicate my bog-standard Weiser house-keys. I'd like to see somebody do it from 200 feet.
wait there people out there who load pictures randomly to the net?!?!?!? i thought you load pictures in some way that you friends could find them... unlucky for you!
"You are still innocent until proven guilty. What's changed is what they do to innocent people." by notnAP (846325)