MIT students who demonstrated how keys for high-security Primus locks can be duplicated by 3D printers have suggested the printers be made illegal.
Presenting at the Defcon hacker show this weekend, Eric Van Albert and David Lawrence released a piece of code that enables anybody to produce a 3D printable software model of any Primus key – the kind used with prison cell locks – despite lock maker Schlage’s attempts to prevent the duplication.
With their software tool and a flatbed scanner, the students were able to create precise copies that they uploaded to 3D printing services i.Materialise and Shapeways, which posted them working copies of the keys in nylon and titanium.
Van Albert said: "In the past if you wanted a Primus key, you had to go through Schlage. Now you just need the information contained in the key, and somewhere to 3D print it.
Lawrence noted: "You can take a high security ‘non-duplicatable’ key and basically take it to a virtual hardware store to get it copied."
The researchers warn that, at the very least, high-security institutions should move to electronic locks that use unique cryptographic keys, which are more difficult to copy.
Van Albert commented: "If we show that mechanical locks are vulnerable to key duplication just by having a handful of numbers you can download off the internet, hopefully they ‘ll be phased out more quickly."
Content from our partners
"Either that, or make 3D printers illegal," added Lawrence.
Lawrence and Van Albert managed to decipher the two distinct codes in the keys – one set of six numbers cut into the top of the key and another set of five in its sidecut – by studying Schlage’s manuals and patents. The codes could then be programmed into their modelling software and reproduced accurately.
Lawrence explained: "All you need is a friend that works there, or to take a picture of their key, or even a picture of the key hanging off their belt. Pirating keys is becoming like pirating movies. Someone still has to get the information in the first place, but then everyone can get a copy."
Once a key has been photographed or scanned, online 3D printing services are not expensive. The MIT students used Shapeways to print working keys in nylon for less than $5 each, and a more durable titanium copy from i.Materialise.com cost $150.
