Lisa Vaas, an independent author specializing in the field of technology, recently published a report in Naked Security about the potential security risk of mobile phone applications such as KeyMe and KeysDuplicated in the US. This software enables a person to send a picture of a key via their mobile phone to a central office that then create a digital impression of the key. The key can then, in turn be reproduced at a self service key cutting kiosk at a hardware store.
The principle of these applications is to help honest home owners who find themselves locked out of their own property to get back in. However, if all that is needed is a photograph of a key to produce an identical replica, in theory anybody can gain a copy of your house key.
KeyMe assure their customers on the security page of the website that only the key owner can obtain a copy of the key as a photograph of both sides of the key is required, which must be lay flat on a white piece of paper and email and credit card verification would also be necessary to negate a sale and therefore copy of the key being produced.
Unfortunately it would be seem, this isn’t always the case though. Andy Greenberg from the website Wired managed to obtain a copy of his neighbour’s key with little difficulty.
“It claims keys can only be scanned when removed from the keychain (Not so; I left my neighbor’s on his ring) and must be scanned on both sides against a white background from 4 inches away. None of that posed a problem making my stairwell creep-scans.”
When asking KeysDuplicated about the chance of the software being misused, their CEO Ali Rahimi believed that it was more likely for someone with ill intent would either use a key gauge or clay copy of a key to gain unlawful entry to a property. Mr Rahimi stated
“A person with nefarious intent is more likely to choose these methods over Keys Duplicated because:
A credit card is required to ship the key, so in case of fraud, identity can be traced back. We’ll cooperate with law enforcement inquiries in case of fraud (though nothing like that has ever come up).
We don’t accept flyby pictures of keys. The key pictures must be high quality, and we need pictures of both the front and back. This way, if your keys are lying on the table, a passerby can’t take a quick snapshot”
However when Mr Greenberg attempted to gain a copy of his neighbour’s key for the purpose of testing the software he says
” I have no idea how to do either of those things,(using a key gauge or making a clay copy) and I nonetheless found breaking into my neighbor’s house with a smartphone scan to be pretty idiot-proof”
Although more widely available in the US, similar services (key cutting from a photograph, unmanned key cutting kiosks) are available in the UK already. Consequently, we would like to offer the following advice to help you protect the security of your home/place of work.
- Treat your keys like you would your online passwords.
- Always keep your keys out of sight when out in public.
- Don’t publish photographs of your keys online.
- Store keys out of sight at home
- Don’t store photographs with your keys in them on any kind of mobile device.
- Don’t write your address on your keyring!
If you need any further advice then please do not hesitate to contact us.
For our North London office in Muswell Hill call 020 8883 1555 or our East London office in Enfield call 020 8364 2000.
With thanks to Garrett Coakley for the use of the photograph.