Hide those keys. A quick camera phone picture could unlock your doors.
Scientists in California have developed a software algorithm that automatically creates a physical key based solely on a picture of one, regardless of angle or distance. The project, called Sneakey, was meant to warn people about the dangers of haphazardly placing keys in the open or posting images of them online.
"People will post pictures with their credit cards but with the name and number greyed out," said Stefan Savage, a professor at the University of California, San Diego who helped develop the software. "They should have the same sensitivity with their keys."
When Savage and his students searched online photo sharing Web sites, like Flickr, they easily found thousands of photos of keys with enough definition to replicate. A more social person could simply use their cell phone camera to snap a quick picture of stray keys on a table top.
For a more dramatic demonstration, the researchers set up a camera with a zoom lens 200 feet away. Using those photos, they created a working key 80 percent on their first try. Within three attempts they opened every lock.
Three attempts could take less than five minutes. The replication process is very easy. Once the researchers have the image it takes the software roughly 30 seconds to decode the ridges and grooves on the key. If the angle is off or the lighting is tricky it takes the computer take a little longer.
The longest part of the process, about one whole minute, is cutting the key.
"I think that this work would be really easy for someone else to reproduce," said Savage of his work. "Someone familiar with signal processing, mat lab, and image transformation could do it in two days if they are good."
Keys, as the researchers demonstrated, are actually fairly easy to decode. A majority of keys marketed to consumers are basically just four to six different numbers. Each number corresponds to a ridge or valley in the key. When inserted into a lock, the ridges and valleys lines up a series of small pins that lets the lock turn.
"The premise is that a key holds some kind of secret that lets you unlock something," said Savage. "But it's a very funny secret, its a secret that can easily be seen."
Creating a new key is easy enough that some locksmiths and security experts do it by sight alone. The locks the UCSD team broke were some of the most common in the country.
Marc Weber Tobias, an attorney and security expert who has been picking locks since he was a boy, says the UCSD project does a good job of underscoring the insecurity of conventional cylinder locks. But the idea of someone standing up to a mile away with high resolution camera and stealing keys with a shutter is small compared to the next generation of video cameras being installed.
"The real issue is the new digital video cameras shooting at 30 frames a second," said Tobias. "There are millions and millions of these cameras everywhere." If someone got their hands on sensitive parts of the video they could easily duplicate key sets.
Locksmiths, and the UCSD scientists won't use their talents or technology for ill-gotten gains. But not everyone is so ethical, and experts urge people to take physical security more seriously.
"This isn't the biggest security threat that you might face," said Savage. "But you should only take your keys out when you are going to use them."