2 min read

Key-cloning app lets you (or a stranger) copy your key with a photo

Filip TRUȚĂ

July 07, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Key-cloning app lets you (or a stranger) copy your key with a photo

It”s Friday, mere hours away from a well-deserved weekend. In that spirit, let”s take a break from topics such as ransomware and encryption keys, and take a look at the old-fashioned kind of keys. Namely at KeyMe, an app + service that allows you to duplicate physical keys by just photographing them.

Despite being marketed as an answer to frustrating lockouts, KeyMe actually makes it ridiculously easy to steal someone”s house keys. It works like this:

With the free app for iOS and Android, users scan a key and send it to KeyMe to have a new one created and mailed to them. The service can save you a trip to the locksmith and let you customize your key with cool designs.

Users must place the key on a white sheet of paper and shoot it from both sides. On request, KeyMe uses the scans to create an exact duplicate which they mail to you, or anyone else making the request. They even do car keys.

“Avoid repeat trips to the locksmith,” reads the company”s website. “Traditional locksmiths manually trace your keys. Our patented technology digitally scans your key and creates a perfect duplicate aligned to factory specifications, guaranteed to work. Your key, only more accurate.”

The service is simple to conduct because of a thing called key bitting, which refers to how the “teeth” on a key are cut and arranged to lift individual pins to a correct height, at which point the lock is opened. The bitting tells a locksmith how to cut a key to make an additional copy.

Each manufacturer offers its own key bitting with unique properties so as to create a wide variety of possible combinations, ensuring that no other key (or at least not many other keys) can open the same lock.

The company says it offers “the most secure way to copy keys,” claiming it does not store information linking your key with a certain lock or location, and that it deletes mailing access once the order has been shipped. Nothing wrong with that.

But even though all transactions are verified with a credit card and email confirmation, that doesn”t prevent a complete stranger from creating their own account, scanning a key that doesn”t belong to them and requesting a copy be sent to their address. Are we missing something?

We can”t help but recall the Washington Post”s blunder in 2015 when the publication, aided by a similarly heedless TSA staffer, posted a close-up of the entire spread of TSA master keys, which allowed lock-pickers to copy the “teeth” pattern and devise their own duplicates.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Meta Pays Out Bounties for Account Takeover and Two-Factor Authentication Bypass Exploits Meta Pays Out Bounties for Account Takeover and Two-Factor Authentication Bypass Exploits
Silviu STAHIE

January 31, 2023

1 min read
Hackers steal 10 million customer details from JD Sports Hackers steal 10 million customer details from JD Sports
Graham CLULEY

January 30, 2023

2 min read
North Korean Hackers Tried to Launder $100 Million in Crypto Stolen in 2022 North Korean Hackers Tried to Launder $100 Million in Crypto Stolen in 2022
Silviu STAHIE

January 25, 2023

1 min read