How closely do you guard your passwords? Probably pretty well, most of them are likely stored in a little notebook by your desk, or in an encrypted storage program, or even just kept up in a mental rolodex. We’re coming to an understanding that in the digital age the password can be the keys to the kingdom, and we guard those secrets carefully. But what about the actual keys to the kingdom? The real, physical ring of keys that you carry with you everywhere you go. The little metal passwords that grant you access to your car, your safe, and your home. Do you keep a close eye on those?
Of course you do. Except for when you hand them to a valet. Or loan them to a neighbor so they can let themselves in to feed the cat when you’re on vacation. Or when you leave them on a table to respond to “Number 42!” at the lunch counter. There are many circumstances when we hand our most valuable access control mechanism to perfect strangers or leave them unattended. But these windows are always small, and everyone has had that rush of panic when they realize that they’ve misplaced their keys. But those tiny windows have gotten a lot wider thanks to a host of new apps on smart phones.[youtube https://www.youtube.com/watch?v=buVGnq561EM&w=600&h=410]
These new apps allow copies of keys to be made from photographs.
- Simply download the app and take a picture of the key to be copied
- The app works by measuring the teeth of the key and turning that into a series of numbers
- From the app you can order a new key to be shipped to you, or you can use one of the kiosks to get an instant copy
- The whole process can take seconds
- Any keys scanned can be saved in a cloud database for later access
- Nearly any key can be copied, even high-security ones like those sold by Schlage or Medeco.
- Even car keys are vulnerable, though most of these key duplication services cite that as an upcoming feature.
This technology has some immediate benefits for the legitimate user. Should you lose an important key you would be able to have a digital backup and could quickly recover a physical key from that backup. However there are some looming security concerns regarding the technology’s use in criminal activity.
In 2009 a group of researchers formed a project called SneaKey. They demonstrated that they could reproduce keys from a photograph well enough that they could be used in their intended locks. The photograph could be taken at an angle and from up to 200 feet away and, through the magic of 3-D printing, be used to create a working key.
This didn’t incite any panic: 3-D printing was in its infancy and still largely unavailable to the public. But the method and technology have matured in the five years since SneaKey, and now kiosks are springing up in major cities that offer something simultaneously convenient and potential insidious.
These kiosks circumvent a visit to the hardware store by providing the means to take a picture of a key and in seconds a still-hot replica will clatter into a waiting receptacle. From a photo a copy of the key is instantly made, and the low bar of security in place to prevent using this technology for criminal ends means that the trust we put into valets and neighbors is suddenly much larger.
Companies that are monetizing on this new technology include KeyMe, KeysDuplicated, and Keysave. These enterprises are providing a paid-service version of the “forgot my password” function on many websites. Once a key is scanned it can be saved, uploaded, emailed and shared same as any other kind of digital information. But this information grants access to your house.
To provide some security barriers the photograph must be taken against a white background from 4 inches away. The key to be copied has to be detached from its ring, and a valid credit card and address is cataloged in association with the key. The obvious implications of what happens should someone get ahold of and copy your key aside, this digitization of the information alongside physical address location is a potential treasure trove for intrepid hackers. Should someone successfully break into any of these companies databases not only would they have access to the information regarding the keys, but also the address their likely paired to.
The digital paper trail is mandated to provide a method of recourse should a copied key be used in a crime. But this logic is flawed. Having a record doesn’t prevent the crime in the first place. The technology is so new most people aren’t even aware that it’s a realistic method to steal a key. And finally, should a criminal be tech-savvy enough to use this to commit a crime, their likely able to obfuscate their digital paper trail.
Bottom line: guard your keys as you would your wallet or your passwords. It now only takes a few seconds for a copy to be made with you none the wiser.