LawMeme LawMeme Yale Law School  
LawMeme
Search LawMeme [ Advanced Search ]
 
 
 
 
Computer researcher finds vulnerability in real-world locks
Posted by James Grimmelmann on Thursday, January 23 @ 11:24:23 EST Cryptography
Matt Blaze, a security researcher with AT&T Labs, has found an exploit that enables almost anyone to reverse-engineer a copy of the "master key" used to unlock every door in a building. The technique has been understood within the locksmith community for years, but has been kept on the hush-hush, in a classic example of security-through-obscurity.

The technique itself is quite elegant. Armed with a key that works and a smallish supply of blank keys, an attacker modifies the original key, step-by-step, trying each "new" key against the lock. The lock bcomes an "oracle," telling the attacker whether the modified bump or notch matches the master key. While it's no surprise that master keys are insecure (one key to unlock an entire building? Hello!); Blaze's technique means that it's not necessary to steal the master key itself in order to exploit the insecurity.

The paper (eminently readable, entirely non-technical, and quite scary) is available here. A New York Times story, complete with quotes indicating that the ostrich approach to security is just as prevalent offline as on, is here.

 
Login
Nickname

Password

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Related Links
· Matt Blaze
· here
· here
· More about Cryptography
· News by James Grimmelmann


Most read story about Cryptography:
Computer researcher finds vulnerability in real-world locks

Options

Printer Friendly Page  Printer Friendly Page

Send to a Friend  Send to a Friend
"User's Login" | Login/Create an Account | 2 comments | Search Discussion
Threshold
  
The comments are owned by the poster. We aren't responsible for their content.

Prior references to this attack (Score: 1)
by Seth_Finkelstein on Thursday, January 23 @ 12:29:31 EST
(User Info | Send a Message) http://sethf.com/
I was able to supply Matt Blaze with two earlier references to this attack, one from 1987 and one from 1994. See the entry in my Infothought blog [sethf.com] about
Matt Blaze Master Key security paper, earlier attack descriptions [sethf.com] - Seth Finkelstein [sethf.com]


[ Reply to This ]

Re: Computer researcher finds vulnerability in real-world locks (Score: 0)
by Anonymous (Name Withheld on Advice of Counsel) on Thursday, January 23 @ 13:51:37 EST
Besides the master key vulnerability, many locks
have cylinders that can easily be removed when the
door is unlocked. A cylinder can be disassembled
and the pins measured to figure out the keys that
will open the lock.

This works particularly well in schools where some
rooms are often left unlocked and unused for hours
at a time.


[ Reply to This ]

"User's Login" | Login/Create an Account | 2 comments | Search Discussion
Threshold
  
The comments are owned by the poster. We aren't responsible for their content.


Leges humanae nascuntur, vivunt, moriuntur
Human laws are born, live, and die

All stories, comments and submissions copyright their respective posters.
Everything Else Copyright (c) 2002 by the Information Society Project.
This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/).
You can syndicate our news using backend.php