This would be awesome, except for the fact that my landlord installed a "Mul-T-Lock" with "DO NOT DUPLICATE" instructions on all tenant keys, to prevent over-occupied apartments, unauthorized sublets, and squatters.
And, guess what I tried: grinding off the "DO NOT DUPLICATE" instructions with an angle grinder, and getting copies made anyway.
I walk into the hardware store, and ask the clerk for a copy. The guy glances at it, and gives me a funny look, and says:
You got the card?
Card? Uh... Ah, nah man, not on me.
Pause and a long look...
Okay, $25 bucks. Pay in cash.
...long pause. I look at the key prices, and a Mul-T-Lock copy is priced at $5. The guy's obviously inflating the price of the copy as an implicit bribe to do something he's not supposed to do. Fuck it. Let's see where this goes.
5 minutes later and I have a copy that works perfectly.
Next week, the super changes the lock on the front door, distributes new keys to all tenants and tells us that the master was reported stolen.
Fortunately, burglaries are pretty rare. I presume it has since occurred to you that, if anything had gone missing from your building during the critical week, you'd have been down at the local police station in handcuffs, making a phone call to a lawyer?
I'd be astonished if that hardware store didn't have surveillance video of you.
Incidentally, the trick where you test someone's level of guilt by massively overcharging them, then seeing if they pay without a peep, is straight out of G.K. Chesterton's The Blue Cross:
Ha ha! Well, snagging an unauthorized copy still seemed smarter than some of the alternatives, like climbing fire escapes and jimmying my own window...
Just a suggestion, but in the case of KeyMe, Photoshop would take care of the problem. Just smudge out the "DO NOT DUPLICATE" and keep that image handy on your phone.
Sure, "in the future", but right now, most common 3D printers seem to only operate with a precision of ~0.5 mm.
I've thought about trying to make a crude 3D printed copy now, with a current generation printer, and polishing the ABS with acetone, to produce a higher quality copy manually.
The resistance of the springs on my building's outer door lock give a pretty smooth, low-resistance action that plastic (or maybe even wood, but not hard wax or soap) might tolerate, but then I'm paying $3,000 for a copy...
I'd imagine that he was actually charging you for the extra effort as much as doing something sketchy. While the card does provide an additional layer of security, it also provides a layer of convenience for the locksmith, as they can just punch your code into their machine and it will spit out a copy very rapidly.
It sounds like you were talking with someone who had a clue and could quickly, but with additional effort, reproduce a key via a duplicator like this: http://www.lockpicks.com/w333l-sidewinderkeyduplicator.aspx which is fine, but dramatically less convenient than an automated code cutter.
Going to walmart works too. I've been to three or four, every time with 'do not duplicate' keys, and every time they simply haven't even looked. If you're concerned that they might, there are always key-head covers.
Well, I'm not certain that the guy at hardware store was a total jerk. I'm not entirely clear on how the lock was determined to be compromised. Yeah, he took my money, but did the hardware clerk take a picture of the key, and report it? (I doubt it) Was the master actually stolen, as a matter of coincidence? Did the lock somehow indicate that an improper key was being used on it? I had both my original and the copy, and there weren't any serial numbers, and there don't seem to be any embedded chips in my keys...
Yes, the clerk almost certainly turned you in. The alert went out within a week. Do you really want to bet that was a coincidence?
He may not have turned you in, by name or by face, and he may not have turned you in specifically to your landlord, but he could have. And the coincidence suggests that the word went out and that your landlord took action in response.
As for the "master" key thing: Master keys can often be made by filing off a tiny bit of a non-master key. That's how they work. So, when you requested a copy of your key, you may really have raised the suspicion that you were about to go home, take out a file, make a master key, and go on a fun round of housebreaking.
(Obviously, you would not turn your original key into a master, because then when your landlord or the cops asked you to produce it, it would be tampered with.)
Incidentally: Because master keys are variations on the shape of non-master keys, your key doesn't need a "serial number" or embedded chips to match it up with other keys from your building.
Eh, I'm not convinced it's such a cut and dry story. Landlords, superintendents, porters, elevator operators and doormen can be as sketchy as tenants (like me, ha ha). Disgruntled porters get sick of taking the garbage to the curb and unclogging yet another toilet for someone, quit without notice, and "lose" keys all the time.
it turns our you need a fancy laser cutter to do this. melting brass reflects infrared everywhere, which can destroy everything within sight. one solution is to use a different frequency, which costs more. i run keysduplicated.com, and we long ago settled on CNC mills instead of laser cutters to make our keys. they're cheaper, slightly more reliable, and much faster.
Hey! Just a note to say I love what you've done at keysduplicated. When you first launched Shloosl I had dozens of people email and tweet me expecting that I would be horrified. Instead, I tried to explain that convenience has to live in concert with security. If you can provide people a solution that is nearly as convenient as keeping a key under the doormat, but far safer on an individual bases? I think that's a huge win.
Congrats on your success thus far, wishing you the best!
Is this type of key common in the US?
A few years back I bought a lockpicking set, and locks like these are incredibly easy to open without much training.
In Switzerland we have KABA locks pretty much everywhere. I don't know but I think they're much harder to pick and I guess you can't reconstruct them out of a photo because you don't know the depth of the holes.
Also you need the key and lock the door from the outside with it, so you can't really lock yourself out. Doors that snap lock are incredibly rare here.
The US is an odd place for locks. Locks here pander mostly to convenience and cost, not security. So high security keys like those are rare here.
One reason is the way we build houses. It's easy to break into our houses through their windows or from their back door, so it makes little sense to secure their front doors with fancy locks. Instead, we rely on alarms, guard dogs, our neighbors, or guns. Compare our exposed apartments here to those in, say, Paris, which have barred windows, or to houses in the middle east, which are walled off from the street.
Here is some sales data from KeysDuplicated.com that you might find interesting (we're in the same business as keyme, though we mostly operate in the background, as a service provider to other businesses): about 45% of our US orders are standard Schlage keys, which are relatively easy to pick. About 25% of our US orders are Kwikset keys, which are absolutely trivial to pick. About 90% of the requests we receive from the Middle East are mind-bogglingly complex and would take hours to pick. Our French orders are somewhere in the middle.
Anyway, to answer a question that might have been lurking in your comment: those dimple keys aren't any more difficult to duplicate by photo than other keys. The image analysis is similar, and cutting them on our machines is straightforward. They're just hard to pick. And in case you were going to ask, we don't copy them at KeysDuplicated because that usually goes against the intent of the owner of the key.
I worked as an apprentice locksmith from the middle of high school until I graduated college - we always told people, standard locks should be looked at only as a way to inconvenience a person from breaking in. If someone really wants to break into your house, they are going to; it's only a matter of how long it takes them to get in, and through what method. Granted, it was at this point they would ask about security systems, which we also installed - but the general principal still stands.
>If someone really wants to break into your house, they are going to
That's the basic principle of security. Be it crypto, physical security or anything else.
You're always just buying time. So the question is how much time do you want to buy.
If you can kick down the door in 2 seconds you just have a very low security margin. Compare this with crypto where you measure security margins in years.
I'm just a bit baffled that it's that low for apartments in the US.
You probably couldn't kick down most doors here. Well at least I couldn't.
Obviously, lock safety tend to go hand in hand with other forms of safety. My experience is that houses and apartments in the US seem relatively easy to break into. Here in Stockholm (Sweden), I've never ever seen an apartment door that opens inwards (and most are steel enforced), and street-facing bottom floor windows have steel bars usually.
Yes, at the very least in Apartments in the US. Every apartment I've lived in (in several states/both coasts) has had the simple style keys. IANAL (i am not a locksmith), however.
Homeowners obviously have more choice in the locks they use, though.
KABA is really uncommon for residential units in the US. But you probably could optically measure the key, since the dimple's diameter shows the depth.
It's always seemed like a safety hazard to me with interior-locking doors. When I stayed with a friend in Paris, I was locked inside their flat when they left early for work.
Yes, everywhere I've ever lived or visited in the US. And very few hardware stores stock anything but those basic types of locks. Even the somewhat more secure Medco locks are virtually never seen, and cost several times more to buy.
I would say they're right to use relatively simple locks too. I've known several people who have had their homes broken into through kicking down doors or breaking windows. I've never even heard of a break-in by picking a lock. Why make everybody's locks much more expensive and harder to duplicate when lockpicking attacks are virtually nonexistent in the real world?
They've been testing the market in 7-11's around NYC. They had a kiosk setup in my local 7-11, and had some salespeople promoting the service for a few months.
I have no idea how many people they signed up ... but the salespeople and the kiosk are now gone. Anybody, from the neighborhood, that signed up expecting to be able to go back to that kiosk to print a replacement key are out of luck.
I actually got locked out a week ago and went back to one of their kiosks. I didn't see any of the salespeople from before either, but I was able to access my key with my fingerprint and email. You can still get your key made if you've registered before.
You expect more than 1 comment for a 9 minute old account? People join HackerNews, often because they finally have something to say in a comment thread.
Sounds like a pretty novel idea. Until you lose your phone, your key.me account is hacked or any of a number of other things cause your data to get into the wrong hands.
I'm not saying a physical key is perfect or doesn't have most of the same issues (lost, theft, etc.), but why create a larger attack surface through a medium you have potentially less control of?
Assuming you don't have an address tied to your account, the risk can be mitigated somewhat. If you KeyMe account is hacked or phone is lost, it's similar to losing the physical key itself-- the thief doesn't really know what the key goes to.
But, if the KeyMe user database is hacked along with personal information (billing address), then it becomes an issue.
Also, if you lose your phone and have emergency contact information (or can lookup the address associated with the phone number), then the thief also knows where to go.
Hopefully everyone has a locked phone, but if they have a stolen phone and have gotten past the lock it is not hard to figure out someones home address on their phone by looking around apps and looking at the contacts.
No production ready, complete hack, but it does work. The vision side is an interesting problem. This was a while back and i was dealing with older cameras. I should imagine with modern phone cameras it's a pretty simple problem.
Oh, man! I saw this a while back and was very excited about it. I have a project I've been working on off and on in my spare time that I'd love to talk to you about if you'd be up for a conversation.
My wife and I are looking into coded door locks (infant at home and the wife is afraid of locking herself out and the baby in) and found there's a $219 dollar door lock you can open with your phone. May make more sense then this solution.
I assume OP is looking for an existing product, not one that might ship when the moons of Jupiter align.
In all seriousness though, I've been waiting for my Lockitron for almost a year now, and others have been waiting for much longer. At this point, there's no way I can recommend Lockitron to anybody as anything more than a cool concept.
They sent me an email telling me my unit "shipped" last July and would arrive July 14-20th. 3 months later it still wasn't here so I sent an email, and the response was basically, "Uh... we expected to ship it to you at that time, but really we have no idea when we can actually ship it."
1 year after preorder they had to process the amazon payments preorders or amazon would void them. So here I am almost 2 years since I preordered a product that I've paid for, and they can't even give me an expected ship date.
Of course they continue to send marketing emails/self congratulatory accomplishments about software updates and hardware fixes for a product that doesn't exist.
But have never been upfront about that fact that it would likely take them 3 years to enter the market. Most of their email blasts are about them being right around the corner
Seriously? I expected the same thing I expect with most Kickstarter/similar projects (and those make you pay up front): there will be delays, there will be periods where you're more in the dark than you'd like to be, and it's gonna be a while before you have a product in your hands.
So, if your home is out of energy you're locked out? I don't know how common that is in USA. But where I live, you'd be trapped under an hours-long storm while waiting for the power to come back during rain season.
Not something to get if you're in a hurry, though. I ordered mine last fall and it was initially supposed to arrive in a couple of months, but it's been bumped back repeatedly and now they're saying May delivery.
Lockitron is almost vaporware at this point. Their site still only shows renderings and I've yet to meet someone who pre-ordered who actually got the product.
This was my thought also. I get locked out maybe once a decade, I really don't see the point in installing an app for that 'problem'. Chances are, by the time I need this service I will have long forgotten about it and go down an alternative commonplace route.
Fascinating, but I don't think I've ever been locked out of my house. CARS, on the other hand, are another story. But in this day of laser-cut keys and computer chips, this app won't be very helpful.
I am more interested in the DUPLICATION service, considering the failure rate of keys I get from Home Depot, etc. (50% at best).
...And don't forget to link with Foursquare account, so we'll know when you're on vacation overseas! Well, I'm obviously kidding, but I don't feel it's wise to share key material just like that.
Guess, an encrypted file that's kept near the lock (like QR code kept at friendly neighbor's place or in your own postbox) which is decrypted and shown to a locksmith only when necessity arises would be a better idea. Unless, well, you forget the passphrase (which has to be strong) to decrypt the key.
(Yep, they may kept data encrypted, and they probably do, but one has to trust on their word for that.)
I think I'd rather go this direction: https://lockitron.com/ ... having my physical key info backed up in my phone sounds fine, but I think I'd rather avoid physical keys anyway, if possible. Despite the somewhat obvious fear of hacking/etc, I still think digital security is much more secure than your average lock. You can get a bump key for something like $1 online.
If having a physical key image stored elsewhere is a concern, then a keyless combo lock is probably the simpler alternative. You just remember your key code (hopefully) and don't need to carry anything besides your memory.
Well, if I have to use a regular key, then there's no benefit to having a an electronic lock.
And yes, I suggested a "keyless" code lock in case you lose the key ;)
In an emergency condition, the simplest action (the one with the fewest steps, protocols or devices) you can take to recover completely is the best action. Losing your key and phone while being chased by muggers (for example) is just such an emergency. If you have enough faculties to remember your key code, you can still enter your home even if you're naked.
I like to think of services like KeyMe, which I do think is a fantastic idea, as an extra nicety during non-emergencies.
The point is that you use your phone most of the time, but keep a key with you as backup. More convenience, less risk.
Being able to get into my house immediately even after losing both phone and keys is not a priority for me. If I'm being chased by a criminal near my own house after losing my keys and phone, I'll just shout until the neighbors come out.
Losing your phone is an issue, yes - much like losing your keys with a conventional lock. Suddenly deciding I don't want a smartphone anymore would probably be a life event radical enough to justify replacing my smartphone-dependent lock, and is furiously unlikely to happen.
I've looked at Kevo but their digital upsell model where they attempt to charge you for additional virtual "keys" turned me off completely. It's probably not a major problem, since it comes with 7 and you can reassign them, but the fact that they implemented such a system at all made me immediately look elsewhere.
Maybe the future of TaskRabbit becomes like Amazon. That is, you still sell a fair few services (products) but where you really make money is as an umbrella for all of these one use services that are starting up. Just go to TaskRabbit to search for "pick up my dry cleaning. Send me a gluten free meal. Lost my key please replace" and they route and take a cut to these services.
With all the high quality optics on the market, what is stopping you from taking a picture of a key that belongs to somebody else? I am also somewhat surprised there is no legislature that prevents locksmiths from duplicating keys without physical copy being present.
Otherwise this is pretty awesome idea, that unfortunately highlights that it is high time our locks got more secure.
Both Keyme and Keysduplicated.com makes sure you have pictures of both the front and back of the key, so you can't just do a fly by picture of keys on a table. They also have your CC and mailing address, which is more traceable than just going to the hardware store.
That's always been as effective a safeguard as "Do Not Copy This File." This app doesn't meaningfully change the risks associated with that.
Physical possession of a key for more than 5 seconds means you own the lock it is associated with, at will. (Or, these days, a photograph will work.) The Grand Old Order of Locksmiths likes to pretend there's a long tradition of professional norms which makes this impossible, and thus it is safe to give someone a key but treat their access to the lock as revocable, but that's mostly hokum. It's a shared secret between the key and the lock which happens to have a physical encoding. If somebody sees the encoding, the secret isn't a secret anymore. The mystique of the locksmith is that the encoding is more esoteric than "this is my password", but that's not actually a very strong security guarantee if you expose it to adversarial action.
Relatedly, most locks can be defeated by a bright 8 year old with tools which cost less than $100. This is also one of the things which the Grand Old Order of Locksmiths would have you believe is totally unpossible, because that would require someone to have illegal possession of lockpicking tools and forbidden knowledge, like a) a can of compressed air and b) a 46-second Youtube video.
This is all true, but the Grand Old Order of Locksmiths hasn't evolved this line of patter for no reason. Many people of my acquaintance are terrified of the possibility of burglars, even though home intrusions are very rare. Boosting people's confidence meaningfully improves their lives, even if 50% of the confidence boost is pure placebo effect.
And physical locks do accomplish some things. They often require aspiring thieves to choose between speed and subtlety: Kicking open a door is fast but loud, picking a deadbolt is quieter but consumes a bit of time, and obviously both are slower and more obvious than opening an unlocked door.
Physical locks protect against "misunderstandings". If you pass through a locked door and you don't have a key, you'll have a hard time convincing a cop or a judge that you were just making a mistake, or that "I saw the door standing open and was trying to investigate."
Similarly, the "do not copy this key" message is not intended to be binding on locksmiths. It's a tiny contract between the landlord and the tenant, so if the tenant makes fifty copies of the key and hands them out at local bars, the landlord has clearer grounds for complaint.
Finally, locks guard against crimes of opportunity. Not all of the world's aspiring thieves bother to learn lockpicking. Not all of them are sober enough to be very smart. And, as criminologists are fond of pointing out, a large percentage of crimes are committed by people the victim already knows, and there's a big social and psychological gap between "wandering into my cousin's house, seeing fifty bucks, and pocketing it" and "breaking down my cousin's door to look for fifty bucks."
I guess the remaining question is if a member of the "Grand Old Order of Locksmiths" would normally generate a new key from an image of a key. The KeyMe people think they would if they were "following instructions we display on your phone". So it sounds like the process has been made simpler and is now being encouraged.
That mark is only a request of a given locksmith. People have been putting pieces of tape, grinding or just going to Home Depot where the attendants don't check, forever.
I thought about making an app like this and open sourcing it for the hell of it. It wouldn't be too difficult to limit the scanning (read: image recognition) to just 5 notch Kwikset and Schlage (standard/ residential) keys and outputting the key's code to the user.
I have a Kwikset pushbutton combo deadbolt. I can use either my key, a button combo, or my ZWave-enabled home security system via my phone to unlock the front door. Cost around $150 and took 10 minutes to install.
This will scale much more quickly and has a better use case if applied to a multi-person scenario indeed - where there is a need for one to grant someone else physical access. Considering how many physical locks there still are, despite the increasing usage of all the "smart locks" (biometric, mobile-connected etc.), this can really be useful to the masses.
I'm sure they could, but that makes attacks only slightly more difficult.
It's fairly trivial to look at common key blanks and visually identify the bitting (the "combination" of cut heights necessary to move the tumblers in the lock to the shear line). Sometimes the key has the bitting stamped right on it, numerically, too.
So, I pickpocket the key of $stupid_colleague at work. Then, I deliver it to KeyMe to copy it... and place the keys back e.g. at the coffee machine, so that $stupid_colleague finds them again (or I do a reverse pickpocket).
Later that night, or when I know the guy is on vacation, I empty his house.
The speed, the fact that I can supply the photos via an app so I basically need only a minute with the keys (e.g. when the colleague is on the toilet and leaves the keys on the desk), and the fact that there are no eyewitnesses.
A store clerk might be telling me to wait a bit for the key to duplicate, but in reality call the cops on me; there are cameras in hardware shops which can identify me and the bundle of keys and also there are other customers in the store.
You can get a high quality wrist-impression of a key in a couple of seconds if left alone with keys. You can even learn to sight read keys quite trivially. I don't think its so much the speed you are talking about as, perhaps, the accessibility of technique. I mean, if you can get a clean photo of a key, you can reproduce it. It's a physical object, its just metal. One of the first keys I ever made was from an old saw blade & just based on memory. Worked the very first time.
So, I don't think these services really change the game at all, but perhaps provide a new level of information to the general public?
http://www.mul-t-lock.com/
And, guess what I tried: grinding off the "DO NOT DUPLICATE" instructions with an angle grinder, and getting copies made anyway.
I walk into the hardware store, and ask the clerk for a copy. The guy glances at it, and gives me a funny look, and says:
Pause and a long look... ...long pause. I look at the key prices, and a Mul-T-Lock copy is priced at $5. The guy's obviously inflating the price of the copy as an implicit bribe to do something he's not supposed to do. Fuck it. Let's see where this goes.5 minutes later and I have a copy that works perfectly.
Next week, the super changes the lock on the front door, distributes new keys to all tenants and tells us that the master was reported stolen.