Feeds

House key copied from photo

Your door ain't so secure, mate

The Power of One eBook: Top reasons to choose HP BladeSystem

Security researchers have developed a technique for copying house keys using only a picture of a key.

The approach - developed by computer scientists at UC San Diego - requires no physical access to keys and only a relatively low resolution picture for the software to work. Boffins at the university said they developed the approach in order to nail the false belief that keys are inherently secure.

In one demo, the computers scientists took camera phone pictures of a residential key to pull out the information needed to create identical copies using image-recognition software. A second exercise featured the use of a 5in telephoto lens to take pictures of a key from 200 feet away.

The keys analysed had a series of five or six cuts, spaced regularly. The San Diego team developed software (dubbed Sneakey) that was capable of analysing photos from nearly any angle to measure the depth of each cut, the so-called bitting code. This, alongside knowledge of the brand and type of key, is enough to make a duplicate.

Adjusting for a wide range of different possible angles and distances between the camera and the target key created headaches for the researchers. They got around this problem by matching control points from a reference image onto the equivalent points in the target image.

"We built our key duplication software system to show people that their keys are not inherently secret," said Stefan Savage, a computer science professor from UC San Diego’s Jacobs School of Engineering. "Perhaps this was once a reasonable assumption, but advances in digital imaging and optics have made it easy to duplicate someone’s keys from a distance without them even noticing."

Savage added that some locksmiths have been able to copy keys by sight from high-resolution pics. The development of better image processing software makes it possible to extract the necessary data with far less expertise. The researchers carried out the exercise using Yale keys and its not clear how effective the approach would be using other types of keys.

Professor Savage presented the student-led research at the ACM’s Conference on Communications and Computer Security 2008 in Alexandria, Virginia on Thursday (30 October). ®

Designing a Defense for Mobile Applications

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.