Master keys easy to make.
January 23, 2003 5:44 PM   Subscribe

Anyone with access to a lock and key can easily create a master key. An AT&T Labs researcher has discovered that most master-key lock systems are vulnerable. NY Times (reg. req'd) reports that the technique is known, but not widely known. For instance, it does not appear in the ubiquitous document formerly known as the MIT Guide to Lockpicking. The AT&T Labs-Research paper is troubling some security experts, one of whom said that the "technique could open doors worldwide for criminals and terrorists." Because publishing the paper "could lead to an increase in thefts and other crimes, it presented an ethical quandary" for the researcher (Matt Blaze) and AT&T Labs-Research.
posted by found missing (27 comments total) 3 users marked this as a favorite

Any other former locksmiths in the house? Does this unnamed process sound like the simple technique of impressioning? (I admit I'm tired, cranky, and I didn't read the whole thing yet.) The file/blank-key bit is a tipoff, as well as this:

The technique involves a series of simple "probes" of a lock (typically less than fifty) which reveal successively more information about the master key.

Of course, you can impression a key for most locks if you have the proper blank--impressioning does not require a master system for it to work.
posted by Shane at 6:16 PM on January 23, 2003

The "decoding" bit doesn't jive, though. No "decoding" necessary to impression.
posted by Shane at 6:24 PM on January 23, 2003

um, yeah, and let's not forget how easy it is just to kick in a door a lot of the time. I think at least a small bit of sensationalism is being pushed here.
posted by angry modem at 6:53 PM on January 23, 2003

This technique has been an open secret for decades. At best, the AT&T researcher refined it a bit.
posted by dws at 6:53 PM on January 23, 2003

They did this on the A-Team once.
posted by Optamystic at 7:00 PM on January 23, 2003

Sure it wasn't Superman 3?
posted by Potsy at 7:07 PM on January 23, 2003

No, Shane, the idea is simple but has nothing to do with impressioning: since the master key lifts each pin to a second shear point, just get as many blanks as there are pins, leave a different position unfiled on each blank while filing the others to match the non-master key you have, and then repeatedly test and file each unfiled position until you've found the other working bit depth for each pin. Then file one more blank to hit all the master bit depths.
posted by nicwolff at 7:25 PM on January 23, 2003

I did this in high school once. Got into all the lockers. Got in trouble too.
posted by pekar wood at 7:25 PM on January 23, 2003

Upon further reflection, I guess those were all keyed alike (with combinations for the kids to use). The Loompanics lockpicking book I saw in the mid eighties had a version of this technique, Schlage locks were especially weak. Our school used Schlage locks.
posted by pekar wood at 7:33 PM on January 23, 2003

Criminals and terrorists, eh? Good thing they brought this up, I was about to think rationally or something.
posted by ODiV at 7:39 PM on January 23, 2003

Thanks, nicwolff, that makes perfect sense. I guess most locksmiths add a second pin to each hole for the regular (non-master) key. So the master works off the shallowest keycuts, while the other key works off the deepest. So, you know you're filing the cut to the master pin first.

Of course, it doesn't have to be this way--but almost always is. If the opposite were true and the master cuts were deepest, it would take more time, but would still work, right? I'm too tired for this. The guy who taught me could impression almost anything in ten minutes, which is why that sprang to mind. Picking is brainless, impressioning is a skill.

Pekar, did Loompanics rule in the 80s and early 90s or what? It's not the same anymore. What's funny about Schlage: Yes, they are cheap. But this always made it tougher for me to pick them with the traditional method, as the components (plug and cylinder) are so sloppy. A good lock with a tight fit was always easier to open (providing it didn't have spindles or mushrooms in it).

posted by Shane at 8:04 PM on January 23, 2003

Fascinating how many locksmiths dwell on Metafilter.
posted by ParisParamus at 8:17 PM on January 23, 2003

first off, blanks are not that easy to come by. Second, this is not quite impressioning but close. The time to file down each shear point would be tedious and only easy to someone whom has done it. I filed my first key at 12. Simple lock but none the less tedious.

I heard of an impression method that requires smoke and a small file for the mark.

besides a real pro would not need a master key nor take the trouble to file one. In most cases, it is easier to obtain the original and copy it oneself.

Shane, picking is not brainless but easy to a skilled person. I found impressioning easier to learn. But one should just use warded locks or tubular locks...of course those can be drilled out in about 5 seconds....and i don't care what anyone says, wafer locks are hard.
posted by clavdivs at 8:19 PM on January 23, 2003

You must be talented, clavdivs. It took me an hour to impression my first, and I must have danced a jig when the lock clicked open (and the key didn't break)! Yeah, they could make every lock pickproof easily and cheaply, but then locksmiths would have it tougher, right?

blanks are not that easy to come by.

Yeah, some high-security lock companies sell the locksmith his own keyway and matching blanks, so no one but that locksmith can buy blanks that fit those locks. Of course, I've always suspected the lockmaker cheats a little, like, 'I'll sell a distinct keyway to a guy in America and the same keyway to a person in the UK'--how would they ever find out?

But hardened steel pins are tough to drill thru. All that metal just binds up around the drill bit. But you only see those pins in expensive high-security locks, anyway.
posted by Shane at 8:30 PM on January 23, 2003

It's no wonder this method isn't talked about much. Why would a locksmith even use it? If someone loses the only copy of a master key, the smith should:

a) have his own copy (if he set up the lock)

b) have a record of his master keys so he can just cut a new one (if he set up the lock)

c) if he doesn't have a copy or a record, use a non-master key, take the lock apart, and just look at the pin sizes (much quicker than this filing method)

Locksmiths would rarely use this filing method--it's almost purely a thief's trick.
posted by Shane at 8:52 PM on January 23, 2003

This is a thief's trick - I think that the point is that it's a lot easier than most people (including building security managers) might suspect.

It looks like all someone needs to get a copy of your master key is access to a lock and a key that opens it (even a janitorial closet will do), a key grinder, and a bit of time. They don't have to do anything suspicious with the lock (other than occasionally try keys that don't work). Even with perfect control over all existing copies of the master key and all locks, you can still get completely compromised and not have any idea.

Is this a huge problem? Dunno. No security system is perfect. But if I was trying to decide between the convenience of having one master key and the risk of having that key stolen, I'd really like to know about this.
posted by jaek at 12:01 AM on January 24, 2003

Based on the description of this technique, it probably doesn't work against Abloy locks. Most, if not all, locks here (in Finland) are Abloy locks. Most important locks are Abloy Exec/Disklock Pro locks.
posted by rosmo at 2:06 AM on January 24, 2003

Most key blanks can be bought online, including hard-to-find "do not copy under penalty of death" university keys. Just gotta know who manufactures the lock.

The other thing about this system is that it is only practical on places that actually use master keyed tumblers. So while schools, large commercial locations, and large apartment blocks are likely, the random house at the end of your street is not (and you need at least one working key to begin with).

And rosmo, actually Abloy locks work on a similar principle, except that there's rotation involved, and instead of pin-tumbler, where there's a physical limit placed on corresponding pins (no pin can be greater than 4 units difference from the next), it's a disk-tumbler (where each cylinder is independent and can be set to any length). Since Abloy locks can be both Master Keyed and Grand Master Keyed, the principle is the same, except the problem is that you won't be able to "just file off" a bit here and there until you get it right. Abloy locks are a truly brilliant design -- the pins don't have springs, so there's no counter-force, (which makes them both hard to pick and resistant to wear).
posted by Civil_Disobedient at 3:40 AM on January 24, 2003

there's a discussion of the abloy mechanism and much other interesting related stuff here.

i couldn't find info on master keys with abloy, but i assume that they would be implemented by adding an additional notch to each disk. in that case the same attack would work (the author of the paper emphasises that the attack is possible because the pins are independent - this is true of the abloy disks too). the only reason i can see for saying that abloy would be more secure is that it might be harder to grind the abloy keys (although i would have thought a suitable jig would be easy to make).
posted by andrew cooke at 3:55 AM on January 24, 2003

oh. or what Civil_Disobedient said
posted by andrew cooke at 3:56 AM on January 24, 2003

i usually ring the doorbell.
posted by sgt.serenity at 5:33 AM on January 24, 2003

This brings up off topic memories. Back in engineering school it had somehow come to be that the IEEE society acquired a copy of the master key for the engineering building. It was passed down from president to president to president. Most professors even knew about it, it was sort of a running joke and yet the locks were never changed. A few labs with expensive equipment were locked down harder, often with Cybex locks (electronic locks with a series of 5 push buttons). These were really easy to get past if you watched people fumble them a few times as they entered the lab. You could easily pick up a couple of the digits which left you with a very small number of key combinations to try out.

In grad school I even managed to get a couple of copies of extra special master keys courtesy of a janitor that loaned it to me and a locksmith that wasn't at all suspicious of a wad of tape over the spot where it would've been stamped "DO NOT DUPLICATE". I think people didn't really abuse the gaping hole in security so they just ignored it.

This eventually changed to card access systems when we got a new Dean of Engineering. Oddly enough the person who finally clamped down on the security problems was a thief. She stole entire budgets and syphoned them into her personal lab.
posted by substrate at 5:43 AM on January 24, 2003

Yeah, on second look at the issue, Abloy locks are pickable with this method as well. The new Exec/Disclock types of locks are a bit odd looking though (square keys with grooves in boths sides, but identical cylinder offsets), but apparently there is a decoding device for them as well.

(goes off to order Abloy blank keys...)
posted by rosmo at 6:25 AM on January 24, 2003

Still, this has to be an "inside" job. Someone who already has access to a key that opens some of the doors in a building (or campus, etc) is making a key that opens all of the doors.

It's not so much of a security risk, mostly because, heck!--master keys always eventually get copied and passed around anyway. My high school master key was available to, um, certain students...

This is an ingenious trick, though!
posted by Shane at 7:14 AM on January 24, 2003

I found most master keys are easy to come by...Back when I worked at Ace Hardware, we had people come in all the time with "DO NOT DUPLICATE" on the keys...very easy to reproduce, unless hightech (the worst is when someone came in with a $50 duplicate key and I was the one who had to do it...always nervous...or those damn keys with a chip that the people don't bother to tell me....grrrrrrr). Our manager would also completely change out the cylinder's pins for people if they so desired (why they didn't buy a new lock, who knows).
posted by jmd82 at 10:29 AM on January 24, 2003

On Abloy Grand/Master Keying - for those interested.

BEST Key Blanks - the most commonly used university dormroom keys, for sale
posted by Civil_Disobedient at 11:53 AM on January 24, 2003

Interestingly, the page andrew cooke linked to above has a post that described this "new" method concisely — in 1987! Scroll down about half-way or search for "1137".
posted by nicwolff at 6:38 PM on January 24, 2003

« Older Posters for Peace...  |  Tickling the ivories... Newer »

This thread has been archived and is closed to new comments