Introduction
Most of us have at least a few physical keys that we use every day.
Think about all the things you have keys for:
- Home
- Office
- Cars
- Family member’s home/car
- Friend’s or neighbor’s home/car for emergency
- Workshop
- Secured storage
- Padlocks
- Lockers
- Post office boxes
In addition to older traditional keys, we’ve added electronic key fobs that open our car door as we get within range or when we touch the door handle.
What about the new wireless locks that can be opened with your smartphone?
Do you use RFID cards or fobs that provide easy access to buildings or workspaces?
We’ve always depended on keys to keep us safe and secure.
But what if I told you that those keys might not be as secure as you think?
KeyMe
Let me tell you first about a company named KeyMe. You may have seen their kiosks in a retail store or visited their website at https://www.key.me/.
Here’s how the basic service works.
Let’s say you need an extra key:
- Download the KeyMe app to your smart phone or tablet.
- Place the key on a blank sheet of white paper and take a photo of both sides.
- Send the image to KeyMe and they’ll mail you an exact copy of the key.
Or, you can take a physical key to any KeyMe kiosk, and the machine will duplicate the key while you wait.
KeyMe kiosks can take your RFID card or fob and create a small sticker that duplicates the RFID frequency. Then you can put the sticker on the back of your phone, and you’ll be able to open any associated door or lock.
You can share images of your keys with anyone via the KeyMe app, and they can also have physical copies of your keys made.
But as with all convenient technology, there’s the potential for abuse.
See a short television spot to see what the reporter was able to do with the service:
How burglars could get a copy of keys to your house by just using their cell phones
KeyMe kiosks only accept credit cards and have video cameras to document every transaction. An email address is also required, along with scanned fingerprints.
Can you think of ways to bypass these security measures?
It probably wouldn’t be very challenging.
But KeyMe is not the only risk to the security of your locks.
How Do You Feel About 3D-Printed Keys?
At a hacker conference, there was a presentation showing how to make a 3D-printed “bump” key that would open an estimated 90% of all cylinder locks. Bump keys have the same key blank profile as the lock, but work by “bumping” the pins in the lock so the key will turn the lock’s cylinder to open it.
In 2016, the Washington Post published photos of TSA master keys for luggage. Researchers (and hackers) were able to use 3D-printing to reproduce copies of the seven types of master keys.
Security experts have cloned all seven TSA master keys
Make your own TSA universal luggage keys
Are Hotel Room Locks Safe?
Hotel room locks that use RFID or magnetic strip key cards have been widely hacked, and many are still vulnerable.
Two hackers have found how to break into hotel-room locks
$50 Hacking Device Opens Millions of Hotel Room Locks
How Safe Are Your Wireless Keys?
You might be wondering about the security of your wireless car key fob.
These have also been hacked.
Just a Pair of These $11 Radio Gadgets Can Steal a Car
NICB Uncovers Car Theft ‘Mystery Device’
Wireless locks that operate on a Bluetooth low energy (BLE) signal have also been hacked. Many of these devices transmit the password (if there is one) in plain text, which can be easily intercepted and duplicated.
Have a smart lock? Yeah, it can probably be hacked
Hacking Smart Locks with Bluetooth / BLE
Ring’s smart doorbell can leave your house vulnerable to hacks (now patched, we think)
Hacker Takes Over ‘Smart Home’ by Hacking into Google Nest System
Final Thoughts
The security of any lock depends on the quality and design of the device, and the determination and skill of the person trying to open the lock.
This post isn’t meant to scare you, but you should not take the security of any device for granted.
Do your homework and choose your keys wisely!
Perhaps it’s time for new ones?
What do you think?
Please join our mailing list!
If you want to learn more about techno-crimes, cybersecurity tips and techniques, and threats to privacy, join our mailing list!
Excellent post. I want to thank you for this informative, I really appreciate sharing this great post. Thanks for sharing this
Like all technology Kiosks are not a secure storage option for your keys. It seems we get emails, letters and notifications weekly on firewall and data breaches. Be careful what you leave in a cloud you don’t have any control of.