Security

Captured images of your physical keys can be used to make copies

It seems like every time we turn around, there is another threat to our privacy and security that needs to be addressed. This time, it's your physical -- not cryptographic -- keys.

They say that imitation is the sincerest form of flattery, but there are definitely times that you do not want someone copying you without your express permission. One such time is the case of your house and car keys. It is always important to avoid letting your keys out of your sight in the hands of people you do not explicitly trust.

Unfortunately, that level of care is not sufficient, and as technology advances there will be growing dangers to the physical keys you carry around with you. Computer scientists at the University of California: San Diego, Jacobs School of Engineering, have presented proof-of-concept for capturing images of keys from a substantial distance and using those images to make working copies of the keys.

Relatively security-conscious people, when posting images on the Internet, have tended to use tools like Photoshop, MS Paint, the GIMP, Cinepaint, ImageMagick, and scads of other tools to blur out names, addresses, street signs, telephone numbers, and other identifying information that might appear in an image. Even an unmodified photo of your keyring can prove your undoing, however.

As reported by the UCSD Jacobs News site in 2008, in Keys Can be Copied From Afar, Jacobs School Computer Scientists Show:

"We built our key duplication software system to show people that their keys are not inherently secret," said Stefan Savage, the computer science professor from UC San Diego's Jacobs School of Engineering who led the student-run project. "Perhaps this was once a reasonable assumption, but advances in digital imaging and optics have made it easy to duplicate someone's keys from a distance without them even noticing."

This may be old news, but it is not nearly widely-enough circulated news. In stumbling across a discussion forum where an entire thread was devoted to photographs of their "every-day carry" -- an inventory of their pocket contents on an average day -- I discovered numerous photos of keyrings. Among them, I think only one took the time to blur out the bumps and valleys on their keys.

Again, from the UCSD Jacobs article:

Professor Savage notes, however, that the idea that one’s keys are sensitive visual information is not widely appreciated in the general public.

"If you go onto a photo-sharing site such as Flickr, you will find many photos of people's keys that can be used to easily make duplicates. While people generally blur out the numbers on their credit cards and driver's licenses before putting those photos on-line, they don't realize that they should take the same precautions with their keys," said Savage.

Read the UCSD Jacobs article for more about the technical process used to copy keys from photos.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

7 comments
PhilippeV
PhilippeV

You may also use a leather wallet for enclosing your basic metal-only keys when you don't use them. It will also protect your clothes from cuts, and it is also cleaner. Don't just use a simple ring. You'll find these key-wallets in lots of stores.

PhilippeV
PhilippeV

My car keys are secure: when I don't use them, they rotate and clip within the plastic box protecting the metallic scultured part (and the pockets of my clothes!) and featuring a lock/unlock button (plus the remote distance control). In fact I open the physical key only when I have sit in my car to start the engine. Change your keys so that they can hide their security part in such a box (by rotaing, or be sliding in). I find it so easy, that all my keys are like this now (including my home)... If you can't, there exists kits with sliders that will do the same thing. A simple photo of the keys (even with excellent resolution) will not reveal its details. ***** Note: can you explain me why I can't post here (Permission denied) with Google Chrome??? *****

mousejn
mousejn

Bump keys in the hand on an inexperienced thief makes most locks a device to keep honest people out.

Tink!
Tink!

there is always a way around them. We will continue to invent new and "better" security measures, but there will always be an opening. How much is too much? Can we really be completely secure ever?

bboyd
bboyd

Carbon paper tracing, numbered keys look-up tables, key chip readers and Comm test gear reading remote key fobs. All a long way from the old skeleton key. One more step, its unfortunate most people won't understand the impact that their lack of privacy is having. Nice little article.

bboyd
bboyd

If I have a decent test set i can read your code as the car interrogates the key. Most of those are as good as a plain text password database. I could take the Lincoln towncar fob and read it from 30 ft, and use the same gear to reproduce it to open and close locks, hit panic button or pop the trunk. That was on a governors car. don't imagine most people improve past that.

Neon Samurai
Neon Samurai

One can purchase locks that resist bump keys.. even the way the lock drum is installed makes a difference. For the locks that are vulnerable to bump keys; we're screwed. We can look at more robust locks though and at least bring the breach back to picking skill or physical damage (the original "brute force" method).

Editor's Picks