The presentation discusses vulnerabilities in physical key systems and how attackers can exploit them using information theory. The speaker introduces software tools to analyze and decode locks and keys, and explains the economics and practicality of brute forcing all possible keys. The presentation also covers techniques such as impressioning, key-to-like systems, and lock disassembly to gather information. The speaker introduces master keying systems and demonstrates how to derive master keys for multiple low-level keys. The presentation concludes with a discussion of possible solutions and vulnerabilities uncovered in high-security systems like Medeco, Abloy, and Mul-T-Lock.
- Physical key systems can be vulnerable to attacks using information theory
- Software tools can be used to analyze and decode locks and keys
- Brute forcing all possible keys is not always practical or economical
- Techniques such as impressioning, key-to-like systems, and lock disassembly can be used to gather information
- Master keying systems can be used to derive master keys for multiple low-level keys
- High-security systems like Medeco, Abloy, and Mul-T-Lock have vulnerabilities that can be exploited
The speaker encourages the audience to look at their key rings and understand how the keys work beyond just the shapes of metal. They explain how every little bit of information about a system can be used to defeat it, and demonstrate how to create a working key for a lock using various techniques. The speaker also releases software tools to make the process easier for those who may not be as comfortable with math and problem-solving.