Schneier Warns Of Duplicate Key Threat From Photos

People should be careful to prevent their household or office keys from being photographed, as a ‘sneaky’ way now exists to duplicate them.

The issue was highlighted in a recent blog posting by security guru Bruce Schneier, also BT’s chief security technology officer.

He warned it is now possible to duplicate physical keys (i.e. the keys used to lock up our offices and homes), simply from a photograph of a key. This could be a problem for example if a security guard is photographed with a bunch of keys hanging from his belt.

Duplicate from photo

Schneier pointed to the following paper, and a demonstration of the concept.

Researchers Benjamin Laxton, Kai Wang, and Stefan Savage from the Department of Computer Science & Engineering, University of California, photographed keys from 200 feet away and then made working copies of the keys.

Essentially the way it works is that a picture is taken of the keys, and then by using sophisticated image analysis techniques, the researchers prepare a 3D model that exactly duplicates the key shape. The prototype system has been dubbed “Sneakey”.

The demonstration, apparently using modest imaging equipment and standard computer vision algorithms, shows that a set of keys were photographed lying on an outside table from almost 200 feet away (from a spy position on the rooftop of a four story building).

The researchers were able to duplicate the keys, even when the key is positioned at various angles. The researchers’ software analyses the image and produces codes corresponding to the key shape. A code cutting machine then uses the codes to produce a usable key.

Of course, with all the hype about online and computer security in light of the ongoing cyber attacks, it is interesting to note how this relatively old-school approach of simply printing a new key from a photograph can also result in a security breach.

Physical Barrier

This is because most of us rely on mechanical locks to physically secure our homes and places of business.

We therefore assume that these locks are challenging to open without the appropriate keys, and that by maintaining physical possession of the key ensures our homes and offices remain safe.

However it should be noted that this concept about penetrating a building’s security is not exactly new. Indeed, Schneier admits that he first documented this process back in October 2009.