Not learning a thing from 3D printing of TSA keys or all the data breaches that have happened in the last decade, a firm has created photos-of-keys-as-a-service. It is a bad idea beyond bad ideas.
This year's announcement.
Why that's bad.

@paco well, keys are just bad tech. Honestly, key based locks just slow keep accidents from happening and serve as a checklist for police reports.

Even if there weren't pictures, you could just buy the lock and extract the pins and get a key.

@paco to be fair, bad really just means "old" in this case.

@msmouse I don’t follow. If you know I have brand X or Y you know what keys and pins it takes. You can pick the lock or you bump it or whatever. BUT those are all riskier than just making a key and using it. Especially if you’re sure it’s the right key.

@paco For TSA locks you can buy the lock, take it apart, file a blank to match the pins. It's not really that hard.

For anything else, burglars just break windows.

@msmouse It's not that the things you said aren't possible and aren't easy. It's that a database of photos of keys with the street addresses of the doors they open makes new and even EASIER attacks possible. I don't have to drive to a wealthy neighbourhood and look at a front door to know what lock to buy and copy. I just search the DB for houses in the right post code, decide if I think they have good stuff, then print a key and find out.

@paco I mean, if we're talking easy vs easier,...
my point is you can't rely on a simple door lock for protection, weather it's easy or really easy to circumvent.

@msmouse I'm confused. Don't most people have simple door locks on their houses? Isn't that all the protection most people have on their front door? Perhaps you and I have different ideas of "protection"? Or maybe we're thinking of different kinds of doors (data centre versus house)? I've never used anything on any door to any house stronger than an ordinary deadbolt.

Most people do; I think most of the protection people have is wholly ineffective- that's probably the disconnect, I think no one actually accomplished their goals with just a door lock.

Also we started talking about TSA locks and drifted; good discussion either way tho :)

Absolutely no physec considerations have been made. Such a terrible idea

Uhh but why? Rekeying a door isn't expensive and I assume this is pay per month

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.