Most of us have at least a few physical keys that we use every day.
Think about all the things you have keys for:
- Family member’s home/car
- Friend’s or neighbor’s home/car for emergency
- Secured storage
- Post office boxes
In addition to older traditional keys, we’ve added electronic key fobs that open our car door as we get within range or when we touch the door handle.
What about the new wireless locks that can be opened with your smartphone?
Do you use RFID cards or fobs that provide easy access to buildings or workspaces?
We’ve always depended on keys to keep us safe and secure.
But what if I told you that those keys might not be as secure as you think?
Here’s how the basic service works.
Let’s say you need an extra key:
- Download the KeyMe app to your smart phone or tablet.
- Place the key on a blank sheet of white paper and take a photo of both sides.
- Send the image to KeyMe and they’ll mail you an exact copy of the key.
Or, you can take a physical key to any KeyMe kiosk, and the machine will duplicate the key while you wait.
KeyMe kiosks can take your RFID card or fob and create a small sticker that duplicates the RFID frequency. Then you can put the sticker on the back of your phone, and you’ll be able to open any associated door or lock.
You can share images of your keys with anyone via the KeyMe app, and they can also have physical copies of your keys made.
But as with all convenient technology, there’s the potential for abuse.
See a short television spot to see what the reporter was able to do with the service:
KeyMe kiosks only accept credit cards and have video cameras to document every transaction. An email address is also required, along with scanned fingerprints.
Can you think of ways to bypass these security measures?
It probably wouldn’t be very challenging.
But KeyMe is not the only risk to the security of your locks.
How Do You Feel About 3D-Printed Keys?
At a hacker conference, there was a presentation showing how to make a 3D-printed “bump” key that would open an estimated 90% of all cylinder locks. Bump keys have the same key blank profile as the lock, but work by “bumping” the pins in the lock so the key will turn the lock’s cylinder to open it.
In 2016, the Washington Post published photos of TSA master keys for luggage. Researchers (and hackers) were able to use 3D-printing to reproduce copies of the seven types of master keys.
Are Hotel Room Locks Safe?
Hotel room locks that use RFID or magnetic strip key cards have been widely hacked, and many are still vulnerable.
How Safe Are Your Wireless Keys?
You might be wondering about the security of your wireless car key fob.
These have also been hacked.
Wireless locks that operate on a Bluetooth low energy (BLE) signal have also been hacked. Many of these devices transmit the password (if there is one) in plain text, which can be easily intercepted and duplicated.
The security of any lock depends on the quality and design of the device, and the determination and skill of the person trying to open the lock.
This post isn’t meant to scare you, but you should not take the security of any device for granted.
Do your homework and choose your keys wisely!
Perhaps it’s time for new ones?
What do you think?
Please join our mailing list!
If you want to learn more about techno-crimes, cybersecurity tips and techniques, and threats to privacy, join our mailing list!