Reconsidering physical key secrecy: teleduplication via optical decoding

Researchers from the University of San Diego (Benjamin Laxton, Kai Wang and Stefan Savage) developed Sneakey, a system that correctly decoded keys from an image that was taken from the rooftop of a four floor building. In this case the image was taken from 195 feet. This demonstration shows that a motivated attacker can covertly steal a victim’s keys without fear of detection. The Sneakey system provides a compelling example of how digital computing techniques can breach the security of even physical analog systems in the real-world.

The access control provided by a physical lock is based on the assumption that the information content of the corresponding key is private – that duplication should require either possession of the key or a priori knowledge of how it was cut. However, the ever-increasing capabilities and prevalence of digital imaging technologies present a fundamental challenge to this privacy assumption.

Using modest imaging equipment and standard computer vision algorithms, we demonstrate the effectiveness of physical key teleduplication – extracting a key’s complete and precise bitting code at a distance via optical decoding and then cutting precise duplicates. In this paper, researchers describe their prototype system, Sneakey, and evaluate its effectiveness, in both laboratory and real-world settings, using the most popular residential key types in the U.S.