Reconsidering physical key secrecy: teleduplication via optical decoding

Data from over 200 Pen Tests Shows Most Common Vulnerabilities. Learn more now.

Researchers from the University of San Diego (Benjamin Laxton, Kai Wang and Stefan Savage) developed Sneakey, a system that correctly decoded keys from an image that was taken from the rooftop of a four floor building. In this case the image was taken from 195 feet. This demonstration shows that a motivated attacker can covertly steal a victim’s keys without fear of detection. The Sneakey system provides a compelling example of how digital computing techniques can breach the security of even physical analog systems in the real-world.

The access control provided by a physical lock is based on the assumption that the information content of the corresponding key is private – that duplication should require either possession of the key or a priori knowledge of how it was cut. However, the ever-increasing capabilities and prevalence of digital imaging technologies present a fundamental challenge to this privacy assumption.

Using modest imaging equipment and standard computer vision algorithms, we demonstrate the effectiveness of physical key teleduplication – extracting a key’s complete and precise bitting code at a distance via optical decoding and then cutting precise duplicates. In this paper, researchers describe their prototype system, Sneakey, and evaluate its effectiveness, in both laboratory and real-world settings, using the most popular residential key types in the U.S.