logo

Please do not Duplicate: Attacking the Knox Box and Other Keyed Alike Systems

Conference:  Defcon 26

2018-08-01

Summary

The presentation discusses the vulnerabilities of the widely used Knox Box and Medeco cam lock to key duplication attacks, and demonstrates how a skilled attacker could obtain a key that would grant them access to thousands of residential and commercial buildings throughout America.
  • Knox Boxes and other rapid entry systems are increasing in popularity for first responders
  • Knox Boxes rely on security and key control provided by various locks to prevent unauthorized access
  • Knox Boxes are required by law in many commercial buildings
  • Knox Boxes have been subject to key duplication attacks, leading to burglaries and thefts
  • Medeco keys are harder to duplicate due to special restricted key blanks, but can still be reproduced with the right tools
  • 3D printing can be used to duplicate keys with precision
  • The lock in the Knox Box contains all the information necessary to reproduce the key
  • The presenter bought a Knox Box and used it to model a key to almost every commercial building in their city
The presenter bought a Knox Box and used it to model a key to almost every commercial building in their city

Abstract

Knox Boxes, along with other rapid entry systems are increasing in popularity, as they allow first responders such as police, fire, and paramedics to quickly gain access to a building in the event of an emergency without having to force entry. These devices rely on the security and key control provided by various locks to prevent unauthorized access to buildings. In this talk, I will focus on vulnerabilities of the widely used Knox Box and Medeco cam lock to key duplication attacks. I will demonstrate how a sufficiently skilled attacker could obtain a key that would grant them access to thousands of residential and commercial buildings throughout America, as well as show off new tools designed to streamline the process of duplicating physical keys using CAD and 3D printing. What could possibly go wrong when someone tries to backdoor an entire city?

Materials:

Tags:

Post a comment

Related work