Post by Hacker on Aug 10, 2008 0:45:45 GMT -5
blog.wired.com/27bstroke6/2008/08/medeco-locks-cr.html
he researchers say that plastic used in all of these credit cards can be easily fashioned into simulated keys that open three kinds of M3 high-security locks made by the Virginia-based Medeco Security Locks company -- locks that are used to secure sensitive facilities in places such as the White House, the Pentagon, embassies and other buildings.
"Virtually all conventional pin-tumbler locks are vulnerable to this method of attack, and frankly nobody has really considered it or looked at it before," says Marc Weber Tobias, one of the researchers.
The researchers showed Threat Level how they could create the simulated keys from plastic simply by scanning or photographing a Medeco key, printing the image onto a label and placing the label onto a credit card or other plastic to cut out the key with an X-Acto blade or scissors and then use the key to open a lock covertly.
Any credit card plastic will do to create a simulated key, as will Shrinky Dinks plastic, which comes in sheets that can be run through a printer. For the digital picture of the original key to work, the image has to be to scale.
The researchers can make plastic keys, despite the fact that Medeco's M3 locks are supposed to be more secure than conventional locks, due to key-control measures designed to prevent unauthorized duplication of their keys.
"When you have a high-security lock, you don't expect this to be able to happen," says Tobias, an investigative lawyer who will be demonstrating the hack with Matt Fiddler, a computer-security researcher, and Tobias Bluzmanis, a Florida locksmith. "Key control is supposed to make this impossible to happen. That's what you're paying for."
he researchers say that plastic used in all of these credit cards can be easily fashioned into simulated keys that open three kinds of M3 high-security locks made by the Virginia-based Medeco Security Locks company -- locks that are used to secure sensitive facilities in places such as the White House, the Pentagon, embassies and other buildings.
"Virtually all conventional pin-tumbler locks are vulnerable to this method of attack, and frankly nobody has really considered it or looked at it before," says Marc Weber Tobias, one of the researchers.
The researchers showed Threat Level how they could create the simulated keys from plastic simply by scanning or photographing a Medeco key, printing the image onto a label and placing the label onto a credit card or other plastic to cut out the key with an X-Acto blade or scissors and then use the key to open a lock covertly.
Any credit card plastic will do to create a simulated key, as will Shrinky Dinks plastic, which comes in sheets that can be run through a printer. For the digital picture of the original key to work, the image has to be to scale.
The researchers can make plastic keys, despite the fact that Medeco's M3 locks are supposed to be more secure than conventional locks, due to key-control measures designed to prevent unauthorized duplication of their keys.
"When you have a high-security lock, you don't expect this to be able to happen," says Tobias, an investigative lawyer who will be demonstrating the hack with Matt Fiddler, a computer-security researcher, and Tobias Bluzmanis, a Florida locksmith. "Key control is supposed to make this impossible to happen. That's what you're paying for."