Exploiting Key Space Vulnerabilities in the Physical World

The presentation discusses vulnerabilities in physical key systems and how attackers can exploit them using information theory. The speaker introduces software tools to analyze and decode locks and keys, and explains the economics and practicality of brute forcing all possible keys. The presentation also covers techniques such as impressioning, key-to-like systems, and lock disassembly to gather information. The speaker introduces master keying systems and demonstrates how to derive master keys for multiple low-level keys. The presentation concludes with a discussion of possible solutions and vulnerabilities uncovered in high-security systems like Medeco, Abloy, and Mul-T-Lock.

• Physical key systems can be vulnerable to attacks using information theory
• Software tools can be used to analyze and decode locks and keys
• Brute forcing all possible keys is not always practical or economical
• Techniques such as impressioning, key-to-like systems, and lock disassembly can be used to gather information
• Master keying systems can be used to derive master keys for multiple low-level keys
• High-security systems like Medeco, Abloy, and Mul-T-Lock have vulnerabilities that can be exploited

The speaker encourages the audience to look at their key rings and understand how the keys work beyond just the shapes of metal. They explain how every little bit of information about a system can be used to defeat it, and demonstrate how to create a working key for a lock using various techniques. The speaker also releases software tools to make the process easier for those who may not be as comfortable with math and problem-solving.

Imagine being able to get together with a few of your co-workers, look at your office keys and derive a building master key. Or you may not have any working key at all: you could impression the lock, or use one of the many ways we’ll present in this talk to put together little bits of information from a lock to create a working key. We apply information theory - the concept behind the “entropy” of a password - in an easy to understand way to show how every little bit of information about a system can be used to defeat it. The audience will be able to pull any key out of their pocket and understand how it works and how an attacker can create it covertly, and open whatever lock it is for, or even a lock it isn’t for, that shares the same system. We’ll explain how to produce either a single final key, or a set small enough to economically brute force - and release a software tool to let anyone quickly try out all possibilities in an easy-to-visualize way. Finally, we will discuss possible solutions to these problems and introduce vulnerabilities our research has uncovered in high-security systems like Medeco, Abloy, and Mul-T-Lock - including releasing a set of only 159 possible top level master key codes for certain large Medeco mastered systems.