Locks only keep honest people out after all.
1 Like
The problem, for a lot of organizations, is both keeping people out, and knowing whether you’ve succeeded. If a dude can make copies of keys for your locks, you are boned.
At the moment this is like the 197th most convenient way to do that, but the other ways mostly aren’t getting better and this way will.
4 Likes
Even if this app were fairly reliable, the attacker still has to send the data to a place where a key cutter exists, cut a blank, then return with the cloned key.
On the other hand, skills and tools possessed by the average TOOOL member are sufficient to pick susceptible locks in a minute or less.
The practicality of this is not yet at a level where it alters the current security afforded by locks. And the only thing likely to alter the balance is if a field-configurable key becomes available.
1 Like
Insofar as this is actually of any use to people looking to break locks for ill - and I kinda doubt that it is, since as others have pointed out, the sort of lock in question here is not terribly difficult to pick, and picking and other low-tech attacks are more practical - we should assume that those people are already aware of such techniques. Publicizing these attacks means those of us who rely on these locks are better informed about the ways they can fail, and lock designers can develop countermeasures.
To quote Alfred Charles Hobbs, “Rogues are very keen in their profession, and know already much more than we can teach them.”
1 Like
Of the technology, no. But of academic security researchers publicly revealing vulnerabilities that attackers are likely to develop regardless, I see that as better than the alternative in the same way that bounties for software bugs allow them to be patched.
That said, this seems like an overly complicated way to obtain keys for locks that would be much easier simply to pick.
1 Like
Um, no, it’s very much on point for the current state of the technology and pointing that out doesn’t preclude the additional point you correctly make that the technology could and probably will improve.
I don’t know which thread you read, but the folks in this thread making the former valid point don’t come across as sneering to me.
Has anyone asked the Lock Picking Lawyer on YouTube if it’s worth the effort?
I assume that the answer here is “because ‘I learned bump keys from youtube’ is not a research project with any hope of producing useful or interesting results or publications”.
More broadly, I doubt that this is a terribly relevant real-world attack in most cases; but the one thing to never forget about technically skilled attacks is that, while the barrier to entry is (sometimes) high they usually both scale well and can be accomplished with thoroughly obfuscated attribution and/or from outside a jurisdiction that cares.
Make the correct changes to a fumbling-with-your-keys-in-the-dark flashlight app and you’ll have thousands of (GPS location stamped, user correlated) recordings of people inserting their keys into locks.
1 Like
I get the impression that LPL would love to find more locks that are even good enough to allow for novel attacks; much less good enough to require them; so he’d be in the “I wish it were” camp.
Great. I’ll be hearing from my rogue asking if they can do this with using their pet bat’s echolocation.
2 Likes
This topic was automatically closed after 5 days. New replies are no longer allowed.
