Key in DoorFor most people, keys are simple yet magical objects: They grant access to places you belong and keep you out of places you don’t. But did you know that anyone could easily make a copy of a key from a simple picture? Suddenly, something as ordinary as a key becomes a security risk. Through the eyes of a penetration tester, keys represent more than just access; they are vulnerabilities waiting to be exploited.

In today’s blog, we will explain how a malicious actor could physically intrude one of your offices undetected and how you should protect yourself against this unexpected attack vector. The same process could also be used by one of our Ethical Hacking security experts during a physical assessment. More details on this towards the end of the article.

Step 1: OSINT

The first step is to find a picture of a key. A malicious actor would typically look for pictures on the company website and on social media, like Facebook, Twitter, LinkedIn or even YouTube.  As we have seen numerous times in the past, people love to post pictures of their keys when they just signed a lease or a mortgage. Keys can also often be found in the background or attached to a belt or a lanyard. Finding pictures like this is, unfortunately, very easy.

In this example, the business had their front door keys shown in a B-roll during the opening of a news report they were interviewed in.

News Story Key

Figure 1. News report clip showing a key being inserted into a lock.

Step 2: Decoding

Once a picture of a key is found, the second step is to identify and decode the key. Decoding a key means measuring the height distance of each “valley,” which are the cuts made to a key, and extracting the corresponding bitting code by looking at the measurement chart applicable to the key. For a typical key, we normally have 5 or 6 positions to look for, which will result in a bitting code of 5 or 6 digits.


Figure 2. Key Close-up Clearly Showcasing 5 Positions.

In this example, the key is an SC1 from Schlage, which is a very common key in North America. Once we have found the measurement chart for SC1 keys, we can start decoding the key. We could also have used one of the several tools found online to help us with the decoding process.


Figure 3. SC1 Key with Decoding Chart Overlayed.

Using the chart, we can decode the key, from bow to tip (right to left in this picture), which yields the code 6-5-4-1-4.

Step 3: Cutting

Once the bitting code is obtained, we can cut the key. We could do it ourselves with a key blank, a file and a caliper. We could also try to 3D print the key ourselves by using one of the several key generator tools. Or, we could simply walk into a locksmith shop and ask them to produce the key instead.

In our example, this is what we decided to do, as it is the simplest and most reliable method. So, we went to visit our local locksmith and left with a freshly cut key ready to be used!

KEYBLOGFIG4

Figure 4. Snazzy New Key!

Step 4: Intruding

Once the new key has been cut, the fourth and last step is to use the key! Our malicious actor is now ready to intrude into the office at a moment’s notice. And since the malicious actor has the key, who will question their presence?

In our example, we tried the newly cut key with the presence of the business owner, which successfully demonstrated this attack vector.

Figure 5. Video clip successfully demonstrating the working key.

Conclusion

You now understand how easy it is to make a copy of a key. If you had one thing that you should remember from this blog post: Do not share pictures keys online! After all, keys are like passwords: They should never be shared with anyone!

Are you worried now that you know how easy it is to copy a key? Our Ethical Hacking team can help you evaluate the physical security posture of your business. Whether you have a store, an office, a warehouse, in one or more locations, our team can help you draw a detailed picture of your current situation and make recommendations that will allow you to improve your security posture. Contact us today!

Author: Patricia Gagnon-Renaud

GoSecure Titan® Managed Extended Detection & Response (MXDR)​

GoSecure Titan® Managed Extended Detection & Response (MXDR)​ Foundation

GoSecure Titan® Vulnerability Management as a Service (VMaaS)

GoSecure Titan® Managed Security Information & Event Monitoring (Managed SIEM)

GoSecure Titan® Managed Perimeter Defense​ (MPD)

GoSecure Titan® Inbox Detection and Response (IDR)

GoSecure Titan® Secure Email Gateway (SEG)

GoSecure Titan® Threat Modeler

GoSecure Titan® Identity

GoSecure Titan® Platform

GoSecure Professional Security Services

Incident Response Services

Security Maturity Assessment

Privacy Services

PCI DSS Services

Penetration Testing Services​

Security Operations

MicrosoftLogo

GoSecure MXDR for Microsoft

Comprehensive visibility and response within your Microsoft security environment

USE CASES

Cyber Risks

Risk-Based Security Measures

Sensitive Data Security

Safeguard sensitive information

Private Equity Firms

Make informed decisions

Cybersecurity Compliance

Fulfill regulatory obligations

Cyber Insurance

A valuable risk management strategy

Ransomware

Combat ransomware with innovative security

Zero-Day Attacks

Halt zero-day exploits with advanced protection

Consolidate, Evolve & Thrive

Get ahead and win the race with the GoSecure Titan® Platform

24/7 MXDR FOUNDATION

GoSecure Titan® Endpoint Detection and Response (EDR)

GoSecure Titan® Next Generation Antivirus (NGAV)

GoSecure Titan® Security Information & Event Monitoring (SIEM)

GoSecure Titan® Inbox Detection and Reponse (IDR)

GoSecure Titan® Intelligence

OUR SOC

Proactive Defense, 24/7

ABOUT GOSECURE

GoSecure is a recognized cybersecurity leader and innovator, pioneering the integration of endpoint, network, and email threat detection into a single Managed Extended Detection and Response (MXDR) service. For over 20 years, GoSecure has been helping customers better understand their security gaps and improve their organizational risk and security maturity through MXDR and Professional Services solutions delivered by one of the most trusted and skilled teams in the industry.

EVENT CALENDAR

LATEST PRESS RELEASE

GOSECURE BLOG

SECURITY ADVISORIES

 24/7 Emergency – (888)-287-5858