Working Medeco high-security keys can be whittled out of plastic

Researchers at DefCon in Vegas have demonstrated that they can make "high security" Medeco key-blanks out of the plastic used in credit-cards, and then whittle them into working keys by referring to low-resolution photos of original keys.

"Basically, we've destroyed Medeco's key control, because we can make (plastic keys) for any of their M3 locks and a lot of their Biaxial locks, which is their last generation of locks," says Tobias, who authored the book Open in Thirty Seconds, with Bluzmanis.

The researchers demonstrated the technique using a Medeco mortise cylinder that Threat Level purchased in California before leaving for Las Vegas. After buying the lock, Threat Level scanned the key and e-mailed the image to the researchers, who then created several plastic keys. When Threat Level arrived in Las Vegas with the lock, it took about six seconds to open the lock using a plastic key.

"It's keys by e-mail," says Tobias. "It's key-mail."...

The Medeco M3 key does have an extra feature to secure the lock -- a step protrusion on the side of the key that's designed to move a slider inside the lock. But last year at DefCon, Tobias and his colleagues showed how they could simply insert the end of a bent paper clip into a Medeco high-security lock to push back the slider, rendering the slider ineffective as a security layer. Once that is done, they're then able to insert the plastic key in this new attack, to lift and rotate the pins.

Researchers Crack Medeco High-Security Locks With Plastic Keys

(Image: Dave Bullock (eecue)/


  1. Why is it as a vegas resident, events are given bigger coverage AFTER they happen?

    I scan the papers and yet they expect me to goto these things ex posto facto.

  2. I don’t know if I’d really call this ‘cracking the lock’. More like cracking the key control system.

    To be clear, this doesn’t allow them access to a lock which they didn’t originally have access to the key (or detailed picture of the key).

  3. “There are some locks that hackers can’t open. For everything else, there’s MasterCard.”

  4. When I worked at a secure government site, locks for filing cabinets (the ones that didn’t have combination locks) used odd keys that had two sets of teeth at a 120 degree angle, precisely so that it would be harder to make a replacement or get one cut.

    Of course, once we have RepRaps, weird-shaped keys won’t be a problem.

  5. Simon@4: Medeco tried something like this and were pwned by a paper-clip: “last year at DefCon, Tobias and his colleagues showed how they could simply insert the end of a bent paper clip into a Medeco high-security lock to push back the slider, rendering the slider ineffective as a security layer.”

  6. #3 – It’s more accurate to say that it requires just enough access to a key to get a good-enough-to-replicate digital image of its profile. A cameraphone photo of the key might be enough for all we know, and that’s certainly a much lower hurdle to clear. If an intruder is motivated enough, getting a quick, surreptitious snap of someone’s keys probably isn’t that daunting.

    Like most security measures, most physical keys just aren’t that secure against a determined intruder, for any number of reasons.

  7. >>My hardware store can do the same thing….
    >>Not for a Medeco key.

    Which is sometimes the only reason for using Medeco. I once lived in an apartment where the front door to the building had a Medeco lock. It was a big plate-glass door, making the pickability of the lock completely irrelevant. They just wanted to keep the tenants from duplicating the keys.

  8. There’s usually a “The hackers are coming! The hackers are coming!” article in the local papers about week before Blackhat/DEFCON. Hard to miss, lots of paranoia about social engineering and people stealing grass from the lawn at Ceaser’s.

    #2 Writes

    Why is it as a vegas resident, events are given bigger coverage AFTER they happen?

    For Vegas, I check the convention and events calendar websites for when I plan to be in town, to see if anything interesting is going on, or to reschedule if my visit coincides with some huge optometrist convention or something.

    I scan the papers and yet they expect me to goto these things ex posto facto.

    This is a common problem with newspapers, some acknowledge the issue, and are planning to “fix” it, give local events much more advance coverage rather than only after-the-fact.

  9. Is there anything here that isn’t true of all key locks? And hasn’t been true of all key locks since the very first one was invented?

    i.e. if you know exactly what the key looks like, you can make another one. Okay, until comparatively recently you couldn’t have made one out of a credit card. I guess that counts as a patentable innovation these days.

  10. I think one of the main issues is that medeco locks have always been thought of as the most secure locks in the US. Clearly they have serious issues. Most attacks come from the inside. If you can copy a key the system epic fails.

  11. People who are saying this isn’t a big deal should read the original article at Wired, as it explains this better than the excerpt does, but essentially what it comes down to is that Medeco has used patents and other legal stuff to make it so that only specific locksmiths, licensed by Medeco themselves, have access to the blank keys used for Medeco locks. This, along with their having been considered unpickable until last year’s Defcon, was a main selling point: even if someone who is supposed to have a key should turn out to be untrustworthy, they couldn’t duplicate that key, quit their job, and then break in. Until now.

  12. “To be clear, this doesn’t allow them access to a lock which they didn’t originally have access to the key (or detailed picture of the key).”

    These keys are extra expensive because they’re supposed to be unduplicatable.

  13. Security is inherently a balance between unbreakable, usable , and cost effective. Pick any 2 was the joke.
    This time the joke is unfunny yet true. And stacking factors inherently runs head on against usable or cost effective.

    Witness the automotive “transponder keys” Nice in concept yet fails on cost AND usability. A key BLANK priced at over $50 is far from cost effective to many people. Then when you add dealer mechanical cutting plus transponder coding? Closer to $150 for some cars if not more.

    WE just could reproduce the corridor of doors Maxwell Smart went thru.

  14. Yeah, ’cause, you know, when I hear “human guard” I immediately think: “myself, keeping an eye on my own belongings.”

    That said, they’ve finally found a legitimate use for credit cards.

  15. Housemates of mine in college used to make keys for Medeco locks out of some more generic key blank (Yale I think, something that was thin enough to fit in a Medeco key path). The material just needs to be stiff enough and thick enough that you can file in the twists for the pins. Doesn’t surprise me too much that credit card plastic fits the bill.

    I suppose it’s interesting that they were able to duplicate a Medeco from a picture, but I imagine it’s not too hard to measure the pin heights from the picture, and determine whether each pin is twisted left, right or center. The twists are pretty easy to see on a real Medeco key.

    As others have said Medecos aren’t impenetrable, no lock is. They just up the barrier, since you can’t realistically pick them and duplicating the key requires some extra effort.

  16. I sorta figure Takuan is so zen he has no petty material ‘things’ worth locking up, so of course he could keep an eye on them himself.

  17. Or a tentacle. Leaving several hundred more tentacles free to tipple, eviscerate and constrict, amongst other things beyond the ken of man.

    1. I’m pretty sure Takuan is a mom.

      I’ve heard him referred to as a ‘mother’ before, but not as a mom.

  18. So Medeco has based its business model on the claim that they can make an object into some kind of special shape such that nobody else can form matter into that shape?

    Seriously, WTF? A key is just a piece of inert matter. The only thing that differentiates it from a cheese grater is that it’s been formed into a very particular shape that matches the pattern of tumblers inside the lock. How can it be impossible to form another piece of inert matter into that shape once you know the details of the shape in question? Honestly, am I missing something?

  19. Medecos exist mainly to help with key control. The locks are beatable, but it isn’t really worth most office workers’ time to mess with all that, or to find a specific dealer who will copy their keys without recording it.

  20. You can duplicate almost any key that you have access to, by making a mold of it, or using a 3d scanner, or just by eye/comparison.

    Medeco keys are harder to duplicate, but if you are familiar with how they work it’s easy to imagine how it wouldn’t take THAT much work to duplicate one yourself.

    In addition to superior key control, medeco locks offer increased defense against picking.

  21. It would be trivial to increase the torque required for latch actuation. Set it way beyond what any conceivable plastic could transmit and this hack’s expired! Left for reader research is keys with ohmic contact devices. Which also could devalue this hack.

    It’s arguably good practice to use self restraint in applying skills. YES we should ethically feed back a valid risk so it can be managed. Exploiting it for unwarranted personal gain is ethically bankrupt.

    Locks are of primary utility to keep honest people thinking that their property is secure.

  22. Tak –

    Just thought you’d like to know, BoingBoing is #5 in Google results for “human guard.”

    That may be enough to establish a new sense of meaning, in my estimation. But another use of the phrase might be: “a human-shaped guard fitted to a giant electric razor.” Like a Flowbee, only scarier.

  23. It’s good when someone will point out a flaw in the weakness of a system. Sometimes. It’s not like everyone who uses those locks is going to run out and change them. Sometimes telling people how easy it is to copy something is a two-edged sword.

  24. M3 Has “for” and “aft” cuts. thesere are angles cuts at the dept of every cut. Unlike regular keys medeco keys has angle cuts whre pins drop and spin at same time. did they do those “for” and “aft” cuts also ?
    i wish they have given some info about that

    Jon from NYC – champion LS-

  25. I am a bonded, registered Master Locksmith. Attended Medeco University (that’s what they call the training course) There is only ONE DOCUMENTED instance of anyone EVER picking a Medeco cylinder. The gentleman was a retired New York Police dectective. He only did it once…..Medeco invited him to the factory, where he was unable to pick the lock, again. Someone said they could make a key from PLASTIC??? Not gonna happen, folks. MAYBE some of the older keyways, (Sky & Air) and that is a big maybe. Those are keyblanks that the federal patent has expired on. The upgraded Keyways are sold to lawful Locksmiths, who are required by law, to register EACH key system….The owner cannot even get a key copied unless he or she has picture ID, and each key is logged into a signature card. The number of keys made is carefully tracked. Medeco can, and often does, ask for verification of keyblank usage from the licensed Locksmith. Even when the Locksmith makes an error with a keyblank, the key is logged into the system, and destroyed. The key information is stored in a safe, as are the Keyblanks. I realize that anyone on here can make claims, but the reality of it is, that most claims are just that….claims. Perhaps if a person had a milling machine…..and IF that person could obtain the right blank (Medeco has several series of keyblanks, all patented)and could read all of the half cuts and double cuts at the correct angles and spacing, well, you get the idea. Not trying to bust anyones balloon, just being as honest as I know how.

    1. @Anon#44;

      “Perhaps if a person had a milling machine…..and IF that person could obtain the right blank”

      Who needs a blank if I have the original key for the lock?

      Check out

      Nothing special about these, just the first three I could find that print 3D shapes in stainless steel.

      They might be nice guys for you, and block key-like objects – but there are already home 3D printers, although they won’t do the same range of materials yet. Either way – the biggest challenge is getting an accurate model of the key – but that can be worked on ahead of time, in private.

      Also – I don’t think I need to make the whole shape out of metal. I can likely position the pins with a plastic copy of the cuts, bonded to a torque wrench that gives me the oomph to turn the cylinder. So the home printer will likely give me a solution anyway.

      As a Master Locksmith, I hope you’re ahead of the curve and looking at newer locking systems for your clients who may eventually want something better than to be secured with a key that anyone can copy.

Comments are closed.