Feeds

House key copied from photo

Your door ain't so secure, mate

High performance access to file storage

Security researchers have developed a technique for copying house keys using only a picture of a key.

The approach - developed by computer scientists at UC San Diego - requires no physical access to keys and only a relatively low resolution picture for the software to work. Boffins at the university said they developed the approach in order to nail the false belief that keys are inherently secure.

In one demo, the computers scientists took camera phone pictures of a residential key to pull out the information needed to create identical copies using image-recognition software. A second exercise featured the use of a 5in telephoto lens to take pictures of a key from 200 feet away.

The keys analysed had a series of five or six cuts, spaced regularly. The San Diego team developed software (dubbed Sneakey) that was capable of analysing photos from nearly any angle to measure the depth of each cut, the so-called bitting code. This, alongside knowledge of the brand and type of key, is enough to make a duplicate.

Adjusting for a wide range of different possible angles and distances between the camera and the target key created headaches for the researchers. They got around this problem by matching control points from a reference image onto the equivalent points in the target image.

"We built our key duplication software system to show people that their keys are not inherently secret," said Stefan Savage, a computer science professor from UC San Diego’s Jacobs School of Engineering. "Perhaps this was once a reasonable assumption, but advances in digital imaging and optics have made it easy to duplicate someone’s keys from a distance without them even noticing."

Savage added that some locksmiths have been able to copy keys by sight from high-resolution pics. The development of better image processing software makes it possible to extract the necessary data with far less expertise. The researchers carried out the exercise using Yale keys and its not clear how effective the approach would be using other types of keys.

Professor Savage presented the student-led research at the ACM’s Conference on Communications and Computer Security 2008 in Alexandria, Virginia on Thursday (30 October). ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.