November 1

6 comments

You Think Your Physical Keys Keep You Secure?

Introduction

Most of us have at least a few physical keys that we use every day.

Think about all the things you have keys for:

  • Home
  • Office
  • Cars
  • Family member’s home/car
  • Friend’s or neighbor’s home/car for emergency
  • Workshop
  • Secured storage
  • Padlocks
  • Lockers
  • Post office boxes

In addition to older traditional keys, we’ve added electronic key fobs that open our car door as we get within range or when we touch the door handle.

What about the new wireless locks that can be opened with your smartphone?

Do you use RFID cards or fobs that provide easy access to buildings or workspaces?

We’ve always depended on keys to keep us safe and secure.

But what if I told you that those keys might not be as secure as you think?

KeyMe

Let me tell you first about a company named KeyMe. You may have seen their kiosks in a retail store or visited their website at https://www.key.me/.

Here’s how the basic service works.

Let’s say you need an extra key:

  • Download the KeyMe app to your smart phone or tablet.
  • Place the key on a blank sheet of white paper and take a photo of both sides.
  • Send the image to KeyMe and they’ll mail you an exact copy of the key.

Or, you can take a physical key to any KeyMe kiosk, and the machine will duplicate the key while you wait.

KeyMe kiosks can take your RFID card or fob and create a small sticker that duplicates the RFID frequency. Then you can put the sticker on the back of your phone, and you’ll be able to open any associated door or lock.

You can share images of your keys with anyone via the KeyMe app, and they can also have physical copies of your keys made.

But as with all convenient technology, there’s the potential for abuse.

See a short television spot to see what the reporter was able to do with the service:

How burglars could get a copy of keys to your house by just using their cell phones

KeyMe kiosks only accept credit cards and have video cameras to document every transaction. An email address is also required, along with scanned fingerprints.

Can you think of ways to bypass these security measures?

It probably wouldn’t be very challenging.

But KeyMe is not the only risk to the security of your locks.

How Do You Feel About 3D-Printed Keys?

At a hacker conference, there was a presentation showing how to make a 3D-printed “bump” key that would open an estimated 90% of all cylinder locks. Bump keys have the same key blank profile as the lock, but work by “bumping” the pins in the lock so the key will turn the lock’s cylinder to open it.

In 2016, the Washington Post published photos of TSA master keys for luggage. Researchers (and hackers) were able to use 3D-printing to reproduce copies of the seven types of master keys.

TSA-Travel-Sentry-master-keys

Security experts have cloned all seven TSA master keys

Make your own TSA universal luggage keys

Are Hotel Room Locks Safe?

Hotel room locks that use RFID or magnetic strip key cards have been widely hacked, and many are still vulnerable.

The Hotel Room Hacker

Two hackers have found how to break into hotel-room locks

$50 Hacking Device Opens Millions of Hotel Room Locks

How Safe Are Your Wireless Keys?

You might be wondering about the security of your wireless car key fob.

These have also been hacked.

Just a Pair of These $11 Radio Gadgets Can Steal a Car

NICB Uncovers Car Theft ‘Mystery Device’

Wireless locks that operate on a Bluetooth low energy (BLE) signal have also been hacked. Many of these devices transmit the password (if there is one) in plain text, which can be easily intercepted and duplicated.

Have a smart lock? Yeah, it can probably be hacked

Hacking Smart Locks with Bluetooth / BLE

Ring’s smart doorbell can leave your house vulnerable to hacks (now patched, we think)

Hacker Takes Over ‘Smart Home’ by Hacking into Google Nest System

Final Thoughts

The security of any lock depends on the quality and design of the device, and the determination and skill of the person trying to open the lock.

This post isn’t meant to scare you, but you should not take the security of any device for granted.

Do your homework and choose your keys wisely!

Perhaps it’s time for new ones?

What do you think?

Please join our mailing list!

If you want to learn more about techno-crimes, cybersecurity tips and techniques, and threats to privacy, join our mailing list!


Tags


You may also like

  • I wanted to take a moment to commend you on the outstanding quality of your blog. Your dedication to excellence is evident in every aspect of your writing. Truly impressive!

  • Hello my loved one I want to say that this post is amazing great written and include almost all significant infos I would like to look extra posts like this

  • Hi Neat post There is a problem along with your website in internet explorer would test this IE still is the market chief and a good section of other folks will pass over your magnificent writing due to this problem

  • I just could not depart your web site prior to suggesting that I really loved the usual info an individual supply in your visitors Is gonna be back regularly to check up on new posts

  • This article was incredibly insightful! I was captivated by the thoroughness of the information and the clear, engaging way it was delivered. The depth of research and expertise evident in this post is remarkable, significantly elevating the content’s quality. The insights in the opening and concluding sections were particularly compelling, sparking some ideas and questions I hope you will explore in future articles. If there are any additional resources for further exploration on this topic, I would love to delve into them. Thank you for sharing your expertise and enriching our understanding of this subject. I felt compelled to comment immediately after reading due to the exceptional quality of this piece. Keep up the fantastic work—I’ll definitely be returning for more updates. Your dedication to crafting such an excellent article is highly appreciated!

  • {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
    >