High-end locks rely on their unique key-shapes to prevent "bumping" (opening a lock by inserting a key-blank and hitting it with a hammer, causing the pins to fly up), but you can make a template for a bump key by photographing the keyhole and modelling it in software.
Jos Weyers and Christian Holler presented their work on 3D printed bump keys at NYC's Hackers on Planet Earth last month, as an existence proof of the insufficiency of relying on proprietary shapes to defend a lock. The locks they attacked were successfully opened with keys printed in nylon, of the sort you can order from service bureaux like I.Materialize and Shapeways. Weyers and Holler have produced an app called "Photobump" that turns images of keyholes into print-ready 3D bump-key shapefiles.
A photo of a keyhole alone isn’t quite enough to print one of Weyers’ or Holler’s bump keys. They also need information about the position of each pin in a target lock. But Holler says that information easily is found in widely available key-cutting software. Weyers says he can derive it even more easily by sticking any thin tool into the keyhole, feeling for the pins, and marking their depth to measure how deep in the lock’s cylinder the pins are located...
Weyers and Holler aren’t trying to teach thieves and spies a new trick for breaking into high-security facilities; instead, they want to warn lockmakers about the possibility of 3-D printable bump keys so they might defend against it. Although Holler will discuss the technique at the Lockcon lockpicking conference in Sneek, the Netherlands, next month, he doesn’t plan to release the Photobump software publicly. He’s also working with police in his native Germany to analyze whether printed bump keys leave any forensic evidence behind.
These 3-D Printed Skeleton Keys Can Pick High-Security Locks in Seconds [Andy Greenberg/Wired]
In Does The Online Card Payment Landscape Unwittingly Facilitate Fraud?, a new paper in IEEE Security & Privacy, researchers from the University of Newcastle demonstrate a technique for guessing secruity details for credit-card numbers in six seconds — attackers spread their guesses out across many websites at once, so no website gets enough bad guesses […]
Michael Geist writes, “The global music industry has spent two decades lobbying for restrictive DMCA-style restrictions on digital locks. These so-called “anti-circumvention rules” have been actively opposed by many groups, but the copyright lobby claims that they are needed to comply with the World Intellectual Property Organization’s Internet treaties. Now the head of the RIAA […]
The smirking, villainous pharma-hedge-douche-bro Martin Shkreli (previously) bought the rights to the anti-parasitic drug Daraprim — used to treat malaria, a disease that disproportionately affects the poorest people in the world — and jacked the price from $13.50/dose to $750/dose.
Loot Crate is a totally different kind of subscription service that mails subscribers monthly boxes filled with curated geek, pop culture, and gamer paraphernalia. Its cult following awaits a box every month filled with everything from bobble heads to T-shirts to special edition collectibles. But nothing gets Loot Crate fans as excited as the limited […]
The ARMOR-X Mini Flexible Phone Tripod is a smartphone tripod that is designed with flexible legs to rest on virtually any type of surface. Other tripods have proved useless unless I conveniently have a flat surface in front of me, which is why this particular tripod was appealing enough to try out. The ARMOR-X is compact and easy […]
You don’t need to get an advanced degree and take out massive loans to become a coder. This bundle of 10 courses was designed to teach anyone to code at home for less than it costs to go out for dinner. I was particularly impressed with this new 2017 bundle because it includes courses on […]