Feeds

House key copied from photo

Your door ain't so secure, mate

Boost IT visibility and business value

Security researchers have developed a technique for copying house keys using only a picture of a key.

The approach - developed by computer scientists at UC San Diego - requires no physical access to keys and only a relatively low resolution picture for the software to work. Boffins at the university said they developed the approach in order to nail the false belief that keys are inherently secure.

In one demo, the computers scientists took camera phone pictures of a residential key to pull out the information needed to create identical copies using image-recognition software. A second exercise featured the use of a 5in telephoto lens to take pictures of a key from 200 feet away.

The keys analysed had a series of five or six cuts, spaced regularly. The San Diego team developed software (dubbed Sneakey) that was capable of analysing photos from nearly any angle to measure the depth of each cut, the so-called bitting code. This, alongside knowledge of the brand and type of key, is enough to make a duplicate.

Adjusting for a wide range of different possible angles and distances between the camera and the target key created headaches for the researchers. They got around this problem by matching control points from a reference image onto the equivalent points in the target image.

"We built our key duplication software system to show people that their keys are not inherently secret," said Stefan Savage, a computer science professor from UC San Diego’s Jacobs School of Engineering. "Perhaps this was once a reasonable assumption, but advances in digital imaging and optics have made it easy to duplicate someone’s keys from a distance without them even noticing."

Savage added that some locksmiths have been able to copy keys by sight from high-resolution pics. The development of better image processing software makes it possible to extract the necessary data with far less expertise. The researchers carried out the exercise using Yale keys and its not clear how effective the approach would be using other types of keys.

Professor Savage presented the student-led research at the ACM’s Conference on Communications and Computer Security 2008 in Alexandria, Virginia on Thursday (30 October). ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?