MIT Students Release Code To 3D-Print High Security Keys

Sparrowvsrevolution writes "At the Def Con hacker conference Saturday, MIT students David Lawrence and Eric Van Albert released a piece of code that will allow anyone to create a 3D-printable software model of any Schlage Primus key, despite Schlage's attempts to prevent the duplication of the restricted keys. With just a flatbed scanner and their software tool, they were able to produce precise models of Primus keys that they uploaded to the 3D-printing services Shapeways and i.Materialise, who mailed them working copies of the keys in materials ranging from nylon to titanium. Primus high-security locks are used in government facilities, healthcare settings, and detention centers, and their keys are coded with two distinct sets of teeth, one on top and one on the side. That, along with a message that reads 'do not duplicate' printed on the top of every key, has made them difficult to copy by normal means. With Lawrence and Van Albert's software, anyone can now scan or take a long-distance photo of any Primus key and recreate it for as little as $5."

"Do Not Duplicate"

[DexterIsADog]

Really? That makes them difficult to duplicate? On which planet?

Re:"Do Not Duplicate"

[DexterIsADog]

You have to be kidding - I have duplicated dozens of keys with that admonition on it. Not a single refusal from locksmiths, Home Depot staff, etc.

lol, how did you get modded insightful for something patently untrue?

Re:"Do Not Duplicate"

[mcmonkey]

on the planet where folks that have a key "grinder" tend to also be the folks that would obey said instruction

And which planet is that? It certainly isn't Earth.

In my college days we'd make copies of the dorm keys for friends who lived off campus, so we wouldn't have to go down to let them in the front door of the dorm.

Not only did those keys have the imprint "do not duplicate," but the copies we got back would have the same message!

How quaint

[msobkow]

I'd hardly call any industry that uses a physical key "high security" in an age of individually-revokable key card technologies.

How secure can a facility be when the loss of one key means that everyone's keys have to be replaced in order to recode the lock?

Re:How quaint

Thus ensuring that people who lose keys wait as long as possible before reporting it, in order to avoid retribution. Now you've lowered your loss rate *and* your security at the same time. :)

Re:How quaint

[mlts]

I have been at several places where the key card system goes toes up and will not allow anyone in. The controller on a lot of HID systems is an XP box, and computers can fail, locking everyone out.

You have to have a high security mechanical override somehow. A lot of places use Best locks (which are 6-7 pins, have spool/mushroom tumblers, and unique keyways.) Others tend to go with Medeco3.

If you want resistance to 3D printers, there are already three methods which work well. The first is what is on Mul-T-Locks and Abloy PROTEC2 locks, and that is an active pin on the side of the key.

The second is a method like the Evva MCS, and having magnets embedded in the key. Duplicating this is a lot harder than just 3D printing a replacement, one would have to know where all eight magnets are facing and precisely align them. Not impossible, but not trivial.

Finally, there is the "CLIQ" technology that is going through multiple revisions. This combines a high security mechanical key with an electronic chip and tiny rotating pin powered from a battery on the key. Since each cylinder keeps the authorized keys in memory, there is no one central point of failure. The CLIQ system has gotten better over the years since it was opened at a previous DEFCON. First it was a pin that would retract, but that was changed to a small disk that rotates to allow the key to turn.

Nothing is perfect, but Assa-Abloy's CLIQ system is getting decently secure to be used as a backup cylinder with a card access system.

Low-tech solution

[Conspiracy_Of_Doves]

Make the keys so that there are sheaths around them, which can bend away on a spring when you need to use the key, or the key can come out of the end of the sheath. Or some other way to hide the tooth pattern when the key isn't being used.

Re:Unfortunately

[Cenan]

Locks don't make secure doors, doors do. If you wish to enter, the type of lock on the door is not going to deter you. Electronic locks are not more or less secure, it is just a different set of crooks that are able to get through them without leaving traces.

Uhm... not really impressive

[dbitter1]

Former locksmith here. The Primus (and nearly all of the other high security keys) are simply relying on patent protection to keep people from duplicating the keys. Any locksmith worth his/her salt already has key machines that could reproduce them onto a chunk of brass (worst case) or just onto a normal key blank.

If you want to see something that would impress me, look at a German company - DOM - that has a design that includes a floating ball bearing in the key, which is integral to making the lock work. If they could make THAT with a printer, I'd be impressed.

One model:
http://www.dom-sicherheitstechnik.com/DOM-ix-Saturn.667.0.html

Re:Unfortunately

[hedwards]

Not true. I used to work security in a building that had a lot of electronic locks. And ultimately, you can't enter them without leaving a trace. Sure, they might not know who it is that entered at 2:26 AM, but we would know that somebody entered at that time. Whereas with regular keys, we would at most know that somebody went to that floor around that time, but we'd have no clue as to which door they went into.

In other words, we could probably get video footage of the person that went into the door secured by an electronic lock, or at least narrow it down substantially, but would have no way of doing that with a traditional lock as we would have to have video of them getting into the elevator, not at the actual door.

What's more, with electronic locks, there's the ability to lock people out during periods of the day that you can't do with a traditional lock and you can change the key much more rapidly.

Yes, they aren't perfect and can be prone to attacks that a normal lock and key aren't. But, ultimately, suggesting that they're not any sort of improvement ignores reality.

3D Printing Hysteria

[Sperbels]

Can some explain to me why the only stories about 3D printing that make the news are ridiculously paranoid? Anyone can print out a secret key. Anyone can print out shitty plastic gun. What's next? Anyone can print out a bat'leth? Anyone can print out a plastic pressure cooker and make a plastic bomb? Anyone can print out plastic kiddie porn? Not one story discussing the incredible potential? Like, machines printing out copies of itself? Or the effects on a society and economy where any product can be downloaded and printed? None of that interesting stuff? Just the fear and paranoia stuff?

Re:Long distance photo?

[tibit]

Whenever you'll be playing with a 12 inch or larger telescope, do yourself a favor and point it onto a terrestrial target a few hundred feet away. I've seen terrestrial pictures being taken through a 20" telescope and all I can tell you is that with clear air it's feels like taking your point and shoot and teleporting it a mile away. Never mind that if you don't care about giving yourself away, you can also flash-illuminate your target through the same optical assembly. I have to dig up some of the portraits my colleague took with his girlfriend standing about 1100 m. away on a winter night, with heavily overcast sky and no moon, with through-the-lens flash. It really looks as if you've been standing right there, except that of course the aberrations typical for closeup pictures are nowhere to be seen. As far as portraits go, a telescope gives you IMHO the best 2D reproduction to be had. I'm sure it'd be just as great at extracting the geometry of a key, since you get as close to axonometric projection as you can get.