conferences | speakers | series

Replication Prohibited

home

Replication Prohibited
32. Chaos Communication Congress

Physical keys and locks are one of the oldest security mechanisms still employed today. In this talk, we will discuss how 3D printing keys enable attacks against many modern lock systems. We will describe projects researchers and hobbyists have done involving 3D printed keys, and present our own research on automating several of these attacks in order to demonstrate how easy they are to do. Ultimately, we hope to describe the current state of 3D printed keys, and their impact on the physical security systems we most often take for granted.

Physical keys and locks are one of the oldest security mechanisms still employed today. Despite their long-standing history, many still suffer from known attacks including bumping, impressioning, teleduplication, and rights amplification. To mitigate these attacks, many lock systems rely on restricted keyways and use blanks that are not sold to the general public, making it harder for attackers to obtain them. Often the key blank designs themselves are patented, further discouraging distribution or manufacture by even skilled machinists. In this talk, we will investigate how rapid prototyping and 3D printing tools can be used to attack modern lock systems. Even when manufactured on commodity machines, 3D printed keys are now good enough to be used in a variety of attacks. We demonstrate this by showing several example attacks against popular locks, from 3D printing the TSA master key, to our own attacks against restricted key systems. To test the strength of modern 3D printed keys, we present results from our paper of a controlled analysis on a range of printed materials from plastic to metal, and show that it is possible to cheaply make or purchase 3D printed keys that are practically as strong as real keys. We also present a tool that can automatically create a CAD model of a key blank, given only a single picture of the front of the corresponding lock. This tool makes the attacks that 3D printing enables against locks even easier and cheaper by no longer requiring skilled 3D design knowledge, and provides a warning to start looking for alternatives to secure physical goods. Lastly, we describe defenses that modern lock manufacturers can do to ensure their locks are not easily bypassed by 3D printing technology, including new lock designs, as well as putting more emphasis on existing designs that may resist 3D printing-enabled attacks for years to come. Website: https://keysforge.com/ Paper: https://keysforge.com/paper.html

Speakers: Eric Wustrow