Security is a heck of a lot of fun. Whenever you believe you have made a better mouse trap somebody finds an exploit in it. Since all security mechanisms can be bypassed, and will be bypassed, the field is constantly changing. One of the things that society needs to learn is that printing words on surfaces doesn’t equate to security. For example, many “high security” locks will have keys that say “Do Not Duplicate” on them. It’s a pointless thing to print because duplicating keys isn’t rocket science:
When lock maker Schlage imprinted the words “do not duplicate” across the top of the keys for their high-security Primus locks, they meant to create another barrier to reproducing a piece of metal that’s already beyond the abilities of the average hardware store keymaker. One group of hackers, of course, took it instead as a direct challenge.
At the Def Con hacker conference Saturday, MIT students David Lawrence and Eric Van Albert plan to release a piece of code that will allow anyone to create a 3D-printable software model of any Primus key, despite the company’s attempts to prevent the duplication of those carefully-controlled shapes. With just a flatbed scanner and their software tool, they were able to produce precise models that they uploaded to the 3D-printing services Shapeways and i.Materialise, who mailed them working copies of the keys in materials ranging from nylon to titanium.
“In the past if you wanted a Primus key, you had to go through Schlage. Now you just need the information contained in the key, and somewhere to 3D-print it,” says 21-year old Van Albert. “You can take a high security ‘non-duplicatable’ key and basically take it to a virtual hardware store to get it copied,” adds 20-year-old Lawrence.
This is just an evolution in key manufacturing. Before duplication using 3D printers was a thing we used files. If you didn’t have a key to a lock you could always impressions one:
The lesson to take away from this story is that printing “Do Not Duplicate” on a key doesn’t equate to security. While a locksmith may abide by that text for professional reasons nobody else is likely to do so.
This is quite true. We can label keys as “Do Not Duplicate” all we want but there are simply unscrupulous locksmiths out there who do not give any attention to this kind of label. Sometimes I think it is simply all about how well we control duplicate keys so they do not fall into the wrong hands…
I wouldn’t consider a locksmith who didn’t abide by the “Do Not Duplicate” label unscrupulous. There may be very valid reasons why somebody would need to duplicate a “Do Not Duplicate” labeled key.
But physical locks reflect digital locks in many regards. Controlling physical keys is the only way to make duplicating them somewhat difficult just as protecting digital private keys is the only way to make duplicating them difficult. Once you relinquish control over a key it can be copied.
I agree that “Do Not Duplicate” does not translate to fool-proof security. It’s a continued cat and mouse games between manufacturers and crooks. Rolling out “burglarproof” devices is basically just like throwing the gauntlet to crooks who’d take up the challenge of finding a way to bypass them.