[baconface]

This still seems like a valid low-tech hacking technique. Simply take photos of anyones keys (easy to do if you are planning it out) and run some software. This seems like a potentially big problem for any facility secured by only lock and key (schools, homes, safety deposit boxes, PO boxes, cars, storage, etc.).

[InclinedPlane]

Any facility secured by only lock and key is vulnerable to anyone with a pickgun or a lock pick set and a little skill anyway. Security isn't reliant on locks, it's reliant on behavior.

[jedbrown]

If you make a fake key, then you can walk in with people all around without looking suspicious. You can even act like the owner whilst in a group of non-conspirators. Even with a great picking kit, it's going to look different to anyone looking somewhat closely.

Depending on the level of physical security surrounding the lock itself, this difference could be as extreme as the difference between knowing the password and having a great rainbow table. In the former case, you can log in as the owner without arousing any suspicion. In the latter case, you have to have some time when nobody is looking (download the hashed password database).

[evilduck]

So get a big bright "ABC Locksmithing" shirt printed up and carry a toolbox while commiting crimes. Odds are good nobody will notice you then. Or just change the lock and come back later for the theft, now that you have a key.

[checker]

I remember my elementary school got robbed. We had to sit in the auditorium for a while until they led us past the crime scene into our classrooms. I still remember a forensics guy picking up one of those plastic barrel juice boxes with tweezers and thinking about how ridiculous he looked. They ended up stealing some video cameras and stuff (back in the day pricey), but the police believed they had some inside information because they seemed to know exactly where to go.

Pretty much anywhere with windows is vulnerable. Break window, reach through, unlock door. I think that's what those robbers did.

[buro9]

But you can get biometric locks if you need to: http://www.brickhousesecurity.com/keyless-entry-lock.html

Of course, then they could chop your finger off.

But then, that lock allows for PIN code + finger... so after they've chopped your finger off, they still won't be able to get entry without the PIN code.

Or they could just beat you until you opened the door. Traditional methods are still the best.

[pbhjpbhj]

>Of course, then they could chop your finger off.

Don't the finger printers have "pulsox" (pulse and oxygen level) sensors in them like those dinky devices they use in hospitals that just clip on your finger.

Threatening to chop their finger off would get most people to open most doors I imagine.

[kevinchen]

Exactly - I fail to see how this is news at all. Anybody with a camera and internet connection could figure this out in a few days.

[phlux]

>I fail to see how this is news at all.

I'd just like to point out both that I forget things some times and other people are new to stuff all the time.

So, while it might not be NEWS - it is always good to keep stuff conscious.

As an example, I was actively training to lock sport some years ago - but havent done anything in a long time (though I still lie to myself and believe I am into it) - but honestly have never thought of using a secret hidden webcam sized CMOS to zoom in on a lock waiting for the key to arrive.

Fuck, that is actually brilliant.

Now - instead of anything - I need to worry about a secret camera pointed at a keypad (rather than lock).

I ONLY use the keypad to enter my apt building.

At my, now previous, office - I have used the keypad to code entry to the door for 10 years.

I was caught by some anon who lived in the building and she interrogated me as to who I worked for, why I used the code, why not a key etc...

She stated "someone could see you entering that code!" - I replied "I'd see them close to me!" - obviously though I am wrong now.

I thought she was a crazy bitch - but thinking of this, now not so much.

In fact - a small device with a cam and a 3G card with periodic pic uploads is perfect and can be built for cheap if not on the market.

Even my new office has keycode access, where when I went for the interview (over by pixar) I found myself trying to spy on workers of the building entering their codes as they returned from lunch...

---

You know what would be an interesting defeat of such attacks: in addition to keycode - you have a timing around the entry. i.e. first keypress, wait 2 seconds, second wait 1, third wait 4....

[cloudwalking]

Or fake key presses.

[phlux]

@cloudwalking At first I thought that fake keypress would not work if you were expected to open the door; meaning youd actually have to perform the correct press to get the door open... But you could conceivably either fake a press before - or do a bunch of presses afterward to fake the sequence... I guess this really needs to be tested - specifically against the ability of the camera/viewer to be able to tell when the 1/4" depression of a key really occurs. I think the take away here, though, is for anyone using a keypad to act like they pressed 10 keys rather than the requisite 4# sequence. Ideally with the 4 numbers non sequntial in your finger movements.

[roel_v]

I've done this for year when entering my pin code for making payments or cash withdrawals. I position my hand so that it obscures all the keys, and then move one finger a tiny bit that does the actual key press, and another finger in an obvious way to make it seem as if I'm pressing another key as the one I'm actually pressing.

[JoeAltmaier]

I go one step further - I consciously think of another number as I enter my PIN, just in case a Telepath is nearby!