Researchers at DefCon in Vegas have demonstrated that they can make "high security" Medeco key-blanks out of the plastic used in credit-cards, and then whittle them into working keys by referring to low-resolution photos of original keys.
"Basically, we've destroyed Medeco's key control, because we can make (plastic keys) for any of their M3 locks and a lot of their Biaxial locks, which is their last generation of locks," says Tobias, who authored the book Open in Thirty Seconds, with Bluzmanis.
The researchers demonstrated the technique using a Medeco mortise cylinder that Threat Level purchased in California before leaving for Las Vegas. After buying the lock, Threat Level scanned the key and e-mailed the image to the researchers, who then created several plastic keys. When Threat Level arrived in Las Vegas with the lock, it took about six seconds to open the lock using a plastic key.
"It's keys by e-mail," says Tobias. "It's key-mail."…
The Medeco M3 key does have an extra feature to secure the lock — a step protrusion on the side of the key that's designed to move a slider inside the lock. But last year at DefCon, Tobias and his colleagues showed how they could simply insert the end of a bent paper clip into a Medeco high-security lock to push back the slider, rendering the slider ineffective as a security layer. Once that is done, they're then able to insert the plastic key in this new attack, to lift and rotate the pins.