Car-Key Copier

This is neat:

The Impressioner consists of a sensor that goes into the lock and sends information back to a computer via USB about the location of the lock's tumblers—a corresponding computer program comes up with the code, depending on the make of car you've entered beforehand. Once you know the code, a key-cutting machine can use it to carve up a key.

Right now, it's a prototype that only works on Ford car locks. The article points out that both locksmiths and thieves can use this device.

Another article.

EDITED TO ADD (2/16): How it likely works.

Posted on February 12, 2010 at 6:23 AM • 28 Comments

Comments

BF SkinnerFebruary 12, 2010 6:57 AM

" only be for sale to state-licensed locksmiths"

When is a control not a control? When it's trivial to bypass. First there are bent locksmiths. Then again locksmiths can be robbed. And in a locksmith world a bent piece of metal counts as 'professional tools' in the eyes of the law and are mail orderable (i like lockpickshop.com in NY).

Second jail breaking license schemes and reverse engineering software has been a main preoccupation for hackers of all hat colors. They've gotten good at it.

"Randall says the technology might be better received if it served another purpose. "We've been trying to figure out what else to use it for," he says."

Let's ask DHS and TSA? I'm sitting and every orifice on my body is starting to clench.

Nicholas WeaverFebruary 12, 2010 7:20 AM

Actually, with a MODERN car, its really only of benefit to locksmiths.

Basically because the physical key is really only used for the doorlock, its the transponder in the key thats used to start the car, and thats a cryptographic interrogation by the car's computer.

Now some of them may be lame, eg, Ford has used the same as the Mobile Speedpass RFID, but all those attacks STILL need an original tag to query to set right.

JRRFebruary 12, 2010 7:25 AM

Agree with Nicholas above. Having the physical key just gives you physical access, and unlocks the steering wheel. Still won't start the car without an authorized RFID.

Of course, if you have installed a remote starter, that's not true anymore, the remote starter bypasses that security by putting an authorized RFID in the car all the time. Another reason why remote starters are lame.

Andrew SuffieldFebruary 12, 2010 8:21 AM

Article says they can brick the device remotely over the internet. They're planning to protect a lockpick with a lock. The irony appears to have escaped them.

Clive RobinsonFebruary 12, 2010 8:42 AM

The technique of enumerating the lock by various means is by no means new.

However working out the required order code for such keys used to involve a "Trade Secret" mapping list. It usualy was not used for mechanical only locks as "impresioning" produced a new key in about 20mins if you knew what you where about.

All mechanical locks have "slop" and thus can be "enumerated". This has been known to those inside the trade for more than 150years. And I suspect lock picks since locks where still made of wood...

However automating it in such a maner is new.

However with regards to electronic locks if done properly they should be secure...

But the protocols in many cases are "trade secrets" or under NDA and from the little I've seen in recent times I would rate them about as secure as MiFare Classic...

So the question is when is the "add on" ariving ;)

Clive RobinsonFebruary 12, 2010 9:02 AM

@ BF Skinner,

"every orifice on my body is starting to clench."

Hey you take care clenching of orifices tends to induce teeth grinding.

And that can be heavy on the dental plan ;)

DavyFebruary 12, 2010 9:50 AM

It wont work on a lot of modern locks as the internals of the wafers are all identical. It is only the exterior of the wafers that allow the lock to be opened. A bit like walking through a tunnel with various posts sticking up into the surface. There is no way you will know how high up they stick as you can only see the base of them and they are all aligned in the same position internaly. Externaly they are at different heights.

uk visaFebruary 12, 2010 10:55 AM

Having watched a 'former' car thief open a BMW more rapidly with 1/2 a tennis ball than the owner could with the key, I'm not sure it's a major game changer!

jujuFebruary 12, 2010 11:23 AM

RFID chips in car keys are not against thieves but against locksmiths. this way the car manufacturer gains a big aftermarket when the owner needs a duplicate. We have yet to see a thief that tryies to crack the crypto in such an RFID chip...

Bryan FeirFebruary 12, 2010 11:54 AM

@BF Skinner:
Second jail breaking license schemes and reverse engineering software has been a main preoccupation for hackers of all hat colors. They've gotten good at it.

Hardly just black hat 'hackers', either. When I worked at Microsoft (about 20 years ago now) a new release of Lotus 1-2-3 caused the Excel team to go reach for their debuggers to see what it was doing internally. Reverse engineering is all over the place in business.

BF SkinnerFebruary 12, 2010 12:31 PM

@Clive "induce teeth grinding"

My cube mates thank you Clive and tole me to 'keep it down already I'm trying to facebook'

KatFebruary 12, 2010 12:37 PM

What makes it car specific... what keeps people from using it on their home's front door locks, for example?

CybergibbonsFebruary 12, 2010 3:17 PM

I really don't think this is real. There's no photos, no decent description.

Key impressioning isn't that hard in itself, depending on the type of lock. I'm really not up on the weird and wonderful world of car locks, but as Davy above suggests, they may well be designed to be very hard to impression.

Normal impressioning is very very sensitive to minute changes in pressure that pins or wafers exert on a blank or foil. I find it hard to believe anything mechanical could sense these forces.

What I find most ridiculous though is the goal of this device. Impressioning results in you having a key which opens the lock. With foil impressioning it may only work the one time, but you have opened the lock regardless.

If the key is locked in the vehicle, I have now got a replacement key and don't need some fancy electronic device to read the code so that I can make a new one.

If I've lost my keys, I don't want a copy made of them from an impression, because it's quite likely someone else has my keys. I want new tumblers.

BCSFebruary 12, 2010 3:19 PM

The artical mentions that the devices could be leashed to an online data base allowing them to be remotely bricked.

1) That brings up all kinds of interesting questions along the lines of who watches the watchers?

2) I give it 3-6 months before some crook gets there hands on one and manages to bypass the database leash.

BobWFebruary 12, 2010 7:10 PM

It doesn't matter how easy it gets, the locksmith will *still* charge $60.00 to open it when you've locked you keys in the car.

TechniqueFebruary 12, 2010 7:45 PM

Are you serious about this device even working?

a "sensor" - WHAT sensor would that be? As a locksmith, I'm doubtful as to how this can work. Firstly, the USB connection is for sending data to the computer, so presumably the computer can look up the bittings for you?

If the sensor is sensing the positions of the wafers, then so what? Any of the automotive referance books, or online subscription service will tell you all that from the make, model and year of the car anyway.

Aha, but is the sensor a piezo force transducer, telling you when the wafer, or even pin has been raised to the correct height? Maybe, but it will not work on all locks then, for the same reason the brush picks failed. Not all springs have the same force of compression and even if they do, one that is damaged or broken will throw it all out anyway.

Does the unit have it's own power supply and memory? If not, then the only way to operate it is connected to a computer - Not very stealthy in your local parking lot and that nice big screen giving off all that light to attract attention! Imagine a car breaker being mugged for his computer...

You know how we keep the devices out of the hands of people who shouldn't have them? Price mainly... Who is going to pay a lot of money for one of these when a brick or piece of broken spark plug ceramic will get you in quicker and for free? Don't forget this is only a sensor, you will still need a computer to connect it to, up-to-date data on the bittings, a key-cutting machine that cuts to code, not just a key duplication machine (unless you are nandy with a micrometer) and finally a good supply of blank keys of course (or any key that fits, but has existing cuts that are all shallower than the ones you need to make).

The same argument goes for why the whole world is not being burgled with bump keys already - Because theives need speedy entry, so breaking something is so much easier. The easiest way for a theif to get into a car whilest still maintaining plausible deniabilty for his "tools" is just a screwdriver. You bend the top of the door away from the body of the car just enough to get your hand inside. It is quick, quiet and easy - As long as you do not bend it a ridiculous amount and break the glass.

Finally, the number of cars that use "teeth" on keys is declining rapidly. In Europe it quite difficult to find them anymore already and so it is no use to a locksmith, much less a theif. Needing to make a key for a car, rarther than just copy one is quite rare and certainly not worth the cost of such a device. In the few occasions where one is needed, you do it from the V.I.N. anyway.

There are so many claims for this device that I am wondering if I am missing something here? Like most keyways for keys with "teeth" are heavily obstructed (those grooves that run along the sides of your keys). Does that mean that for each different keyway, you will need a different sensor end to fit in it?

Unless Mr. Schneier knows more about the workings of this device than was in Popular Mechanics, then I am disappointed that this is the first time I've known something poorly-researched published here.

Clive RobinsonFebruary 13, 2010 7:13 AM

@ Cybergibbons,

"If I've lost my keys, I don't want a copy made of them from an impression, because it's quite likely someone else has my keys. I want new tumblers."

Look at it this way, you need a working key to change the tumblers for a couple of reasons.

1, To get in and take the handbrake off and unlock the stearing so your car can be moved.

2, Most locks are designed so that changing the tumblers needs the key to get the barrel out of the lock.

And there are other reasons for needing the "old key" information as well with some keys...

As for,

"Normal impressioning is very very sensitive to minute changes in pressure that pins or wafers exert on a blank or foil. I find it hard to believe anything mechanical could sense these forces."

The answer is actually you can design a device that will measure it way more sensitivly that you can through impressioning.

To explain why first a simple question,

'How do you measure the speed of a DC motor?"

There are two ways "ask the shaft" and "ask the comutator".

The first (ask the shaft) requires you to add a transducer to the shaft that converts the rotation to an ouput signal.

The second (ask the comutator) does not require an aditional transducer as the motor produces a very good series of signals it's self that you can use. All you have to do is extract them out of the DC supply.

Likewise a force balance weighing machine for micro gram or less measurments uses a "floating transducer" very similar to the coil in a speaker. You know how much additional mass has been added byt the increase in current in the coil required to keep the transducer plate floating at the same hight.

If you make a chopper supply to a micro solonoid the waveform you can extract from the supply leads will give you as much information as you wish on the pin tumbler. And if you are a little smart and use it like a "Newton's cradle" etc you can effectivly "bumb" each pin out and determin if it is a split pin or even anti pick pin...

Think of it if you will as a combined thumper and geophone to make a micro seismograph to sound out the the layers in the lock...

The joys of signal processing can have fun applications it you think sideways.

CybergibbonsFebruary 14, 2010 3:43 AM

Clive,

When you impression the lock you end up with a working key. This is enough to get you in and remove any of the tumblers you need removed. There really isn't that much call for a key cut from code after impressioning.

I'm not really sure how the DC motor etc. stuff is relevant as there is little to no information about how the device works.

I have no doubt that it's possible to measure tiny forces, but I very much doubt that it is possible to create an electronic sensing device that can sense everything that a blank key made from soft metal can. Sometimes the marks left by impressioning are very subtle. It's also not a simple task of measuring force in one direction. You'll need to be able to move the sensing surface as well.

We're also talking an extremely small space here. You need to sense at least 5 distinct points along the length of the key.

There's a reason why microgram balances in labs are often kept in glass cases on vibration isolating tables - they are extremely sensitive pieces of equipment. For this device to work, we're talking similar levels of force.

This is not the kind of engineering someone can do in their shed either.

As I say, there isn't even a photo of the device. Not even a prototype. I doubt it is real.


Clive RobinsonFebruary 14, 2010 4:40 PM

@ Cybergibbons,

"I have no doubt that it's possible to measure tiny forces, but I very much doubt that it is possible to create an electronic sensing device that can sense everything that a blank key made from soft metal can."

I'm not sure how old you are but I'm guessing you may have seen 33&1/3 RPM 12" LP Stereo records and the smaller 45RPM 7" stereo records.

The former had a grove that could hold 30mins of High Fidelity music.

The pickup was usually a tiny piece of synthetic dimond on a tiny arm that fed two or four tiny solenoids, so some types of sensing work very well even in a mechanicaly sloppy environment (the play in the pivots and bearings in the tone arm and turntable would be atleast as much as the width of the grove.

So much for the sensing side. The more fun part is how do you "cut a master" to press the records from. This involved a more robust setup with a gear driven linear tracking cutting arm. Mounted on which is (in principle) the same transducer type as that on the tone arm on the player. The difference being it has to be powered and biased so requires larger solenoids and a stronger arm to hold the cutting tip.

As I said earlier you can use signal processing and a chopper drive system to make a device that would enumerate the lock in a similar way to radar/sonar/siesmology. That is you put out a high energy pulse and record the echos. It you make a hundred or two such measurements and average them you can be fairly certain of your results.

Class D chopper drives are very very efficient and when used vith a force feed back transducer can provide a wealth of information that just cannot be obtained by other measurment systems.

You find related systems in "fly by wire" systems for both military and comercial aircraft.

And in new technology that would not have been possible before such as in mechanical energy storage devices (such as fly wheel systems) used for energy recovery in braking systems in high performance vehicals. You can read bearing and tire wear and all sorts of other signals long before they become a problem and thus planed maintanence becomes easier and lower cost parts can be used.

The technology is out their and the trick to get around low frequency problems (temprature drafts etc) is to use a high frequency signal and appropriate filter systems and standard signal processing systems to pull signals out of noise.

The technical ability is most definatly there the question is if anyone has built such a system or has another possibly cheaper way to get the same job done.

Oh and yes there is still a reason to get the correct key cut. It is possible to make one key work with two locks but the impresioning of either lock will not open the other. It is like the master key system in reverse.

CybergibbonsFebruary 14, 2010 6:14 PM

Clive - that's all conjecture. As I said, I know there are ways of measuring very small forces.

I'd be interested to see any practical way of having 5 or more magnetic pickup cartridge like arrangements in something that fits into a keyway. That's a very small space.

Also, even stereo pickups are only capable of picking up two dimensions of movement. You get a wealth of information from a key when you are impressioning including rotation of the pins. It's not as simple as just detecting when a pin is binding or not.

The other issue is with the movement of pins. You need to move the pin gradually downwards until it stops binding. A pickup like you mention is very sensitive, but only over a very narrow range of movement. This is why you have the tone arm - to keep the cartridge and stylus carefully in the middle of their very limited sensing range. In a lock you need mm of movement. I'm struggling to see any way of allowing this in something that fits in the keyway.

I've studied and used vibration analysis in great depth. I know it's possible to infer wear and damage from these signals, but what relevance does this have? We have no idea how the device works because the only information out there is a single computer generated image.

All of what you are saying is a bit of a straw man argument. You don't know that it exists, and try blinding everyone with vaguely related concepts.

My point being - doing this would be a large technical challenge. Nothing similar has been produced before - it's certainly not a case of standing on the shoulder's of giants. The demand for this will not be particularly high because impressioning kits are cheap and work well.

Clive RobinsonFebruary 15, 2010 6:41 AM

@ Cybergibbons,

"We have no idea how the device works because the only information out there is a single computer generated image."

No we have no idea if the device exists other than as a series of computer generated external images (unless others know of further info or a link to it).

But to go from a reasonable suspicion that this particular device does not exist to a position of arguing that it is not possible to do what the device is supposed to do as the reason it is not real is not a reasonable argument.

All I have simply pointed out is some moderatly simple methods by which people can see that such a thing is potentialy possible.

That is this specific device may or may not exist but in principle there is no real reason to think it can be done one way or another on a pin by pin basis in simpler locks.

You however have arguments such as,

"I'd be interested to see any practical way of having 5 or more magnetic pickup cartridge like arrangements in something that fits into a keyway. That's a very small space."

You are boxing yourself in with your own view point.
For instance try asking yourself the question,

'Why do I need five sensors?"

The simple answer is you don't.

Thus you are limiting your thinking process by raising a false barrier.

Most people who have picked the simpler tumbler locks know you effectivly open the lock a pin at a time. Likewise with mechanical key impresioning you usualy do it a pin at a time.

All the device has to do is measure each pin in turn.
How it does five / seven / twenty pins as opposed to one pin is not of that much relevance in deciding if it is possible to make a mesurment of a single pin or not.

The important first step from the security asspect is "can a pin be measured this way".

Further if you think about it all a single pin measure has to do is deduce from each measurment it takes of the pin the length of the botom part of each split pin. And normalise that against the lock manufactures usual cut depths.

The device has absolutly not need to convert the readings into the maufactures "Key Code". The pin length information is enough to make a key from. Thus this "key code" convertion is I suspect an attempt at "security by obscurity" and an acknowledgment of trying to stop "non trade" people using the information to keep the "trade" happy (which arguably adds credence to the idea).

You apear to be quite hung up on the idea that the pin needs to be moved up (or down) in the barrel to determine it's length. You say,

"The other issue is with the movement of pins. You need to move the pin gradually downwards until it stops binding."

Again with a little further thinking you realise that to measure the pin length you do not need to move it up or down the pin channel in the lock barrel to find it's non bite position.

All you need to know is the aproximate hight from a fixed point of refrence in the keyway that the botom of all the pins align to and the length of the bottom part of each split pin.

This becomes obvious when you think about the basic idea behind a "Bump key". The bump key uses the idea that if you couple enough mechanical energy into the bottom part of the split pin the top part like a Newton's cradle will jump away out of the barrel, and if you get your timing right you will be able to rotate the barrel open, importantly the bottom part of the pin stays in the barrel.

This lack of further thought again limit's your outlook as your comment,

"A pickup like you mention is very sensitive, but only over a very narrow range of movement."

shows.

Your view point might be the norm for those regarding lockpicking and impresioning from a distance. But this is due to human inabilities not to the limitations of measuring.

If you think about it geologists don't drill down to rock layers to find out how deep down they are, it's impractical so they use a different method.

So another question for you to ponder,

'Do you need to move the pin to measure it's length?'

Again the answer is no.

All you need to do is have contact with the bottom of the pin and give it a very small impulse and then use the return echo from the pin to determin it's length. This is what my earlier comment,

'Think of it if you will as a combined thumper and geophone to make a micro seismograph to sound out the the layers in the lock...'

was about.

There are already (relativly) cheap devices that meaure the thickness of coatings such as paint. For instance some of the Police in London have a pocket version of a paint thickness measuring device that they use to see if a car has been "re-sprayed" and thus may be a stolen item.

So rather than saying it's not possable as you cannot immediatly see how to do it, or do not have technical drawings you can assess, or have not had a demonstration of a working device in your hand, try thinking in a different way.

Boxing yourself in is a very bad mindset to be in for "security" thinking.

That is ask yourself how you might go about attacking a system. And only when you can reasonably rule out all the possible ways can you say that a device to do this could not be made.

So have a think about all the number of ways.

Say for instance a probe about the same general size as a bump key, on the leading edge a pizo or synthetic crystal sensor.

When in contact with the bottom off a pin it sends an impulse into it, and also measures the return signal time delay in exactly the same way as radar sonar and siesmographs or other Time Domain Reflectomatry (TDR) measurment.

So we can visualise such a device and a principle by which it could work. So now we know in principle it is possible to do which makes your comment,

"All of what you are saying is a bit of a straw man argument."

More aplicable to yourself. (Assuming you are going with the US meaning of the phrase not the original English meaning of a "witness to rent to commit purjury").

You go on to say,

"You don't know that it exists"

I have never said it did, all I trying to point out a number of general principles by which it could work reasonably be expected to work.

Thus If we can rule them all out then we can say the device probably does not exist (assuming we can identify all the principles by which it may work). But not otherwise.

Which is why I'm not as you say,

"... and try blinding everyone with vaguely related concepts."

It is these same "vague ideas" that design engineers and inventors use to come up with new and inovative products.

Which brings us onto your final paragraph,

"My point being - doing this would be a large technical challenge. Nothing similar has been produced before"

I'm not sure it is a technical chalenge it depends largly on your meaning. Yes it would be a chalenge making a prototype but not overly so. As I have noted there are several not too dificult to understand principles that can be used.

With regards,

" it's certainly not a case of standing on the shoulder's of giants."

I'm not sure if you know thet Newton used the statment as an insult to others who he felt had delayed his work by not releasing their data to him when he demanded it. If you have another meaning then it is not overly clear.

You then go on to express a personal view point without any real supporting evidence with,

"The demand for this will not be particularly high because impressioning kits are cheap and work well."

You appear to be assuming that a person can first be bothered to learn how to use the impressioning kit. As we know there are a number of faux locksmiths in it for the money who just "drill or kill" the lock (ie no skill required but a high fee charged).

Then there is the question of if a sufficiently skilled person is prepared to spend the 20minutes or so to do an impression on a street corner late at night with a frustrated customer breathing down their neck.

Or worse some thief who is waiting for the locksmith to turn their back so they can be mugged for their tools van keys etc etc.

Let me ask you to ponder this,

If you had to visit the rougher parts of any major city such as Washington, New York, London, Paris etc etc to help a "stranded maiden" get back into her car in the early hours of the morning, I suspect you would be very interested in a device you could just shove in the lock and then plug into your CNC style key cutting machine back in your van. Where you cannot be easily jumped etc.

Oh speaking of that time of day, the next time you get "a fit of the tweeters in the Midnight Hour" just remeber it might come back to haunt you.

Anyway it's up to you but try climbing out of the box and having a sideways think, you might get to enjoy the experiance as it will hopefully open up your horizons.

CybergibbonsFebruary 15, 2010 4:23 PM

Clive,
There’s no point arguing that it is possible to somehow measure the internals of a lock using any number of fanciful concepts. It’s easy to dream up all of these ideas, but very hard to put them into practice.

It’s a straw man argument because you are arguing that it is possible, whereas my argument is that it is extremely challenging to do.

We’ve never seen any electronic sensing device inside a lock before – this seems like a very big step for someone to make. Why haven’t we seen electronic picks that use high frequencies to cause resonance between the two sections of each pin? There are no patents on anything vaguely related.

“Standing on the shoulders of giants” means to build upon work done by others before you. There has been no specific work in this area before, and it is a big step from nothing to this.

We’re talking many large, technical challenges here:
1. Sensing the inside of the lock somehow. Although the concepts are imaginable, putting these into practice is not as easy as reading the Wikipedia article.
2. Miniaturising it so that it fits in a keyway.
3. Making this into a device that is resilient and reliable enough to be used by a tradesman.

This is no small feat.

Whenever a company makes a press release that only consists of the vaguest details and a computer generated image, it is almost guaranteed that the product doesn’t exist – just google for vapourware. It’s got all the hallmarks – no in-depth detail, no patents, a really badly designed website, founders with no technical qualifications. This product was first presented a long time ago and has gone nowhere since then.

It’s certainly not “boxing myself in”. It’s simply seeing that this is almost certainly beyond the limits of possibility. You've got to have some kind of limit.

Your same argument would mean that if some random guys posted a website claiming to have landed on Mars, it’s within the realms of thought, so it’s possible.

Clive RobinsonFebruary 15, 2010 9:59 PM

@

"There’s no point arguing that it is possible to somehow measure the internals of a lock using any number of fanciful concepts."

I'm sorry none of the technologies I have mentioned is in any way fancifull. Some of them where originaly developed seventy od years ago and are still being refined to this day.

"It’s easy to dream up all of these ideas, but very hard to put them into practice."

Err they are not dreamed up as I have taken pains to point out using existing well proven ideas.

"It’s a straw man argument because you are arguing that it is possible, whereas my argument is that it is extremely challenging to do."

Err no the definition of a strawman argument (from wikipedia you seam to favour so much) is,

'To "attack a straw man" is to create the illusion of having refuted a proposition by substituting a superficially similar proposition (the "straw man"), and refuting it, without ever having actually refuted the original position.'

Sorry at what point have I taken any part of your argument and represented it in a weakened form and struck it down?

You have not actualy presented an argument one so it would be a bit difficult to make a "strawman" from it.

"We’ve never seen any electronic sensing device inside a lock before"

Who are "We've"?

Oh and as a statment it is false we have seen locks with sensing devices in them (one was on this blog not so long ago).

"this seems like a very big step for someone to make."

Why?

This is where you should be presenting your argument but you don't.

You go on with,

"Why haven’t we seen electronic picks that use high frequencies to cause resonance between the two sections of each pin?"

We have seen both the pick gun and the bump key both of which impart mechanical energy into a split pin to cause one part to rise in a way that will enable the barrel to be turned.

However at no point have I talked about moving the pin with mechanical energy or bringing the pin or part of it into resonance. I have talked about using the age old principle of TDR which can be seen in Radar / Sonar and seismography.

"There are no patents on anything vaguely related."

How do you come to that conclusion. Deciding what a patent principle does and does not cover or is related to is a very difficult and fraught excersise which keeps IP specialists in work.

Ah you do respond to some points,

" “Standing on the shoulders of giants” means to build upon work done by others before you."

That is one definition of the phrase. But as I said the operating principles I have out lined can be seen all around you so I fail to see why you bothered with it.

Ah but you make one of you assumptive arm waving arguments to justify it with,

"There has been no specific work in this area before, and it is a big step from nothing to this."

Sorry but are you saying that TDR / Radar / Sonar / siesmology don't work or exist?

Are you also saying that force feedback transducers don't exist?

Or are you saying that "you personaly" are unaware of any work that "you personaly" think relates to locks?

You go on to say,

"We’re talking many large, technical challenges here:"

Again in what objective view point to do with security?

You go on with a short list,

"1. Sensing the inside of the lock somehow. Although the concepts are imaginable, putting these into practice is not as easy as reading the Wikipedia article."

I would sugest that this is very much your opinion that is not supported by any objective thought. I'm personaly not that familiar with Wikipedia the few times I have looked at it when trying to find an easy source for others I have found that often those writing the page do not appear to be that conversant with the subject they are writing about (in some areas it appears that the editors have entered a "my number of pages, is bigger than your number of pages" contest).

"2. Miniaturising it so that it fits in a keyway."

Keyways come in all sizes and shapes and usually have been designed for reliability. You only have to look at a "bump key" or "pick gun" to see what you can get in if you wish. And as it happens I have made up keys out of plastic that have held magnetic components when doing some electronic lock development. On one occasion I mounted a "barber pole" magnetic sensor on the bottom of a milled UK Yale key as a prototype back in the 1980's, but found the Kaba keys much more amenable to this. On another occasion I built a prototype plastic cylinder where the metal pins where used as contacts with the key to read a chip from a smart card that was mounted in the key fob. Some highend security locks manufactures are now dowing similar a quater of a century later. In the mean time the electronics industry has moved on by 16 generations as has the manufacturing of surface mount and smaller components.

Which brings me on to your final item in the list,

"3. Making this into a device that is resilient and reliable enough to be used by a tradesman."

Well if depends on your definition of a "tradesman" locksmithing is not what it once was there are a lot of "Drill-n-Bill high" "cowboys" out there who's primary tools apear to be a cordless drill or a slide hammer. I doubt that they would be interested in such a device. The older style locksmith who can impression a key in 20 minutes will have a considerably greater regard for their tools as they are the way they earn their living. As I said in my previous post I can certainly see these guys considering such a device as it lowers the "on site" risk to them if they simply walk up to the lock "dip it" and return to the relative safety of their van etc.

Which brings me onto the point of how mechanicaly robust does this device need to be. Well it only needs to be the same general shape as a bump key, but unlike the bump key it does not need to be either hit or used to turn the barrel of the lock. Thus in reality it does not actually need to be any more solid than FR4 board. Infact the probe could be made to be disposable in the same way as the test strips for electronic Blood Glucose meters.

Your comments about your belife that this particular product is "vapourware" is actually not relevant as I've previously explained. That is when assessing security you have to take a view of what is possible not just what you currently know about.

Which brings us back to weather you are limiting your own view point by your assumptions. You say,

"It’s certainly not “boxing myself in”. It’s simply seeing that this is almost certainly beyond the limits of possibility."

Why?

You have again failed to produce any argument to that effect you simply wave your arms around saying it like a mantra.

You then go on to say,

"You've got to have some kind of limit."

There are two types of limit the laws of physics and assumed limits.

The problem with assumed limits is that when we get close to one somebody comes along with a new way of doing it (see Charles Moor's Law over this).

And oh dear oh deary me, what on earth where you thinking with this comment,

"Your same argument would mean that if some random guys posted a website claiming to have landed on Mars, it’s within the realms of thought, so it’s possible."

How about you draw up your bale of straw and go to this random website,

http://www.beagle2.com/front.htm

Now if you are prepared to back up your assertions with anything aproaching recognisable fact I would be happy to continue this conversation.

But if all you are prepared to do is offer arm waving protestations of "it cann't be done" then please don't bother.

CybergibbonsFebruary 16, 2010 1:33 AM

Clive,

You're arguments are really verbose and I'm not going to address all of them.

I'm not sure how you can say these ideas are not fanciful because you are imagining ways this could operate, not putting them into practice. This is the very definition of fanciful.

It's similar to quantum computing. There's continuous articles about how general purpose quantum computers could work, all based on sound scientific work, but we've not managed to put it into practice, and probably won't for another 10 years, even in the lab. It will be another 10 years before there is anything commercial.

I am not performing a security analysis of if this is possible. I'm performing a technical and commercial analysis to try to work out if this is possible to build. You appear to be attacking the concept that I think it is entirely impossible - I don't.

Show any substantive evidence of any kind of piezoelectric, magnetic, or other type of sensor that has been used in a keyway for the purpose of sending a impulse into a pin to measure it's length? Can you show me even a device used to measure the position of a single pin pick electronically to read the profile of a key? Or really any electronic sensor actually inside the key way excepting a plain electrical contact?

I'm not talking evidence in the form of mentioning a concept and how you think it could work. Patents, research, products or books?

I think a far easier task would be creating a key which uses high frequencies to cause the pins to separate. It's something I have tried as an alternative to a pick gun and seems to work relatively well. This could be as simple as a key with a piezoelectric transducer and a driver. But the lockpicking community hasn't developed something even this simple. 95% of the lockpicking community seem to be amazed when the manage to use a grinder on a wiper blade to make a pick. And the locksmith community is notoriously behind the times when it comes to technical innovation.

You trivialize how easy it would be to take this device from an idea to a product. Again, I could see how a large, laboratory grade, delicate instrument could perform such a task. But not something that would get thrown in a toolbox, rained on, inserted into locks full of sticky oil and grit etc.

Calling it vapourware is entirely relevant, because if we look at all the evidence presented to us, it looks highly likely to myself and others that this product is not real. Forget any technical argument - the look of the website, the lack of technical detail, the lack of contact address. It all stinks of every other product before it that has only consisted of computer generated image and idea.

No guy landed on Mars in the Beagle. Even if we're just talking the probe, it failed didn't it? Proving that even if you have the best minds behind a project, sometimes things are still not possible.

Going back to your argument of the locksmith in the dodgy area. If I was a criminal, I would far rather steal this impressioning device and laptop. Doesn't matter if he is there for 2 minutes or 20 - it's long enough for it to be taken.

ΑnonymousFebruary 17, 2010 7:56 PM

Cute idea. I just hope they don't try to patent it, when the basic idea was already invented on this blog by Roger and Clive on 23 June 2009.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..