The Gogi smart lock greets you by name at the door, via.
The classic lock-and-key combo that most of us still use today has been around for 4,000 years—longer than the steamboat, the telegraph, or electricity, for some perspective. While it's been refined over the years, the principle hasn’t changed: insert uniquely-cut metal key into matching lock, turn and enter. But, the mechanical key may be finally nearing the end of its reign.
While mechanical locks could always be picked, now even the most high-security model keys—the ones you can’t copy at the local hardware store—can also be scanned, deciphered, and 3D-printed into a working replica.
Two MIT students demonstrated this key hack at DEFCON last week. David Lawrence and Eric Van Albert wrote a piece of code that makes it possible create a 3D-printable model of any high-security Primus key. All that’s needed is a basic scanner, their software system to decipher the unique information in each key, and a 3D-printer to spit out the replica.
Thanks to high-tech cameras, would-be key pirates don’t even need to have the key in their possession to duplicate it. A scanned photograph can be converted into a digital blueprint of the object, which can then be printed.
“Pirating keys is becoming like pirating movies. Someone still has to get the information in the first place, but then everyone can get a copy,” Lawrence said during the presentation, reported by Forbes.
Primus makes maximum-security locks and keys—the kind used in detention centers, government facilities, and bank vaults. So you can imagine it wouldn’t be too difficult to duplicate a simple house key or car key too, especially once 3D printers and scanners become commonplace.
For Lawrence and Van Albert’s part, they’re convinced there will be 3D-printable models for all high-security keys in the future. This revelation could really kick the keyless trend into gear. It raises the question: will all locks soon be electronic, "smart" locks? And if so, will that actually be more secure than the mechanical lock-and-keys of yore?
A KEYLESS FUTURE
“If we show that mechanical locks are vulnerable to key duplication just by having a handful of numbers you can download off the internet, hopefully they’ll be phased out more quickly,” Van Albert said. The students recommended that all high-security institutions move to electronic locks that use harder-to-copy cryptographic keys.
To be sure, the electronic lock has been gaining ground over the last few years. Today there's a versatile menu of post-key smart locks to choose from. To name a few:
- Electro-mechanical locks—magnetic locks with a mechanical or battery-powered fall-back option
- Biometric locks—activated by fingerprint or facial recognition, for the sci-fi-minded
- Computerized "smart" locks—interconnected with the rest of your internet-of-things-enabled home
- Keypad-entry locks—you can program and re-program up to 60 different codes
- Remote-access locks—good for working parents or AirBnbers
- Hands-free, phone-activated locks—handy when carrying too many bags home from the store
Trouble is, these electronic and network-enabled locks aren't foolproof either. What if the power fails? Yes, there are battery backups and mechanical hybrids, but what if you lose the physical version of the key, or forget to recharge the battery? Likewise, fingerprints can be copied, cell phones can get lost, and computerized locks can be hacked.
HACKING "SMART" LOCKS
While MIT hackers were pirating keys at DEFCON, security researchers at the Black Hat conference were detailing how to break into web-connected smart homes, in a panel called “Home Invasion 2.0.”
The internet-of-things trend has entered the home, connecting everything from the toilet to the thermostat to the front door to the network. But researchers found some of the systems lacked basic things like user authentication, leaving them vulnerable to anyone who gained access to the network.
Hackers were able to successfully break into a person’s home from the other side of the country, and gain access to the security system. It makes you wonder if maybe we're better off with a good old dead bolt.
Then last month, a couple of car thieves stumped police when they were able to open keyless-entry car doors, with an unknown device. Electronic key fobs are increasingly common in new cars, but the break-in made experts think twice about their security.
“On most cars, when you hit the unlock button, it sends a code to the car. That code is encrypted and constantly changing—and should be hackproof,” reported Today. Police said “it's almost like the thieves are cloning your car remote, which is virtually impossible to do.”
I could on and on. Granted, the technology is evolving to evade these security breaches, but so are the hacks. Who’ll have the last laugh? Maybe the mechanical key after all. Hey, it’s worked for four millenia, what’s a few more?