1 of 2
3D Printed Keys
MIT students have created exact copies of Schlage Primus keys, which were previously difficult to replicate, with a 3D printer.
2 of 2
The 3D Printed housing to the Mactan charging unit, which places a trojan virus onto any iPhone or iPad.
When security companies, whether that be virus software, credit card protection or even lock manufacturers, tell the world that their product is practically impenetrable it merely sets them up for a rather massive fall. If you put yourself out there as "unhackable" then those affable ladies and gentlemen of the hackersphere will almost certainly prove you wrong.
At conferences in Las Vegas over the weekend there has been two separate security foibles exposed with the use of 3D printing; both the presumed virus free Apple iOS and high security lock maker Schlage have been the victim of hack-attacks.
In the past, as displayed in this advertising campaign, Apple’s reputation for having virus free and high-level security products precedes them. The iPhone’s iOS has been previously relatively impossible to attack with viruses unless it has been Jailbroken. However researchers Billy Lau, Yeongjin Jang and Chengyu Song from the Georgia Institute of Technology demonstrated how their 3D printed, modified charger forced a change in Apple’s latest iOS.
The pair are able to put a Trojan onto an iPhone or iPad that is invisible to the end-user but could be used to dial premium phone lines or buy apps without the users knowledge.
The researchers demonstrated their worryingly seemless system to CBS at the Blackhat Cyber-Security Conference in Caesar’s Palace, Las Vegas. The user may plug his/her phone into a public charger and not notice any difference but the wire is running to the 3D printed Mactans box - inside which contains a micro-computer that then sends the virus direct to your phone. Fortunately the pair are not the malicious sort and they have contacted Apple with their findings. It seems Apple have acted fairly swiftly to contain the vulnerability by implementing a feature on iOS7 Beta that asks the user whether it trusts the 3rd party charger.
Slightly more disturbing to some and a much more potent demo of 3D printing’s capabilities was on display at the overlapping and contrasting Def Con hacker conference down the strip at the Rio Hotel. MIT students David Lawrence and Eric Van Albert showed how 3D printing could allow anyone to replicate a Schlage key for their high-security Primus locks used in Government offices, medical and detention centres.
The Primus lock and key system, which is beyond the replication capabilities of a normal hardware store key maker, are tightly controlled by Schlage and bear the words “Do not duplicate” across the top. They are considered to be one of the hardest locks to pick in the world. With the use of a normal 2D scanner, their software code – the software deciphers the digits on each key - and the use of a 3D printing service like Shapeways the pair have managed to duplicate working Primus lock keys.
“In the past if you wanted a Primus key, you had to go through Schlage. Now you just need the information contained in the key, and somewhere to 3D-print it,” 21-year-old Van Albert told Forbes. “You can take a high security ‘non-duplicatable’ key and basically take it to a virtual hardware store to get it copied,” adds 20-year-old Lawrence.
Though the pair have not tried their models on a home 3D printer, it is not unfeasible that these high-security keys could be manufactured that way, we recently featured a story on a gent who has 3D printed a working car-key at home. “Our message is that you can do this for any high-security key,” says Lawrence. “It didn’t take that much work. In the future there will be models available online for almost any kind of key you’re looking for.”
The pair said that their software, which they do plan to release, should serve as a warning to high-security facilities that with 3D printing, the days of non-duplicable keys are over.