Pictures that Defeat Key Locks

We’re at LayerOne this weekend and one of the talks we were excited about didn’t disappoint. [Jos Weyers] presented Showing Keys in Public — What Could Possibly Go Wrong? The premise is that pictures of keys, in most cases, are as good as the keys themselves. And that pictures of keys keep getting published.

[Jos] spoke a bit about new services that offer things like 3D scanning and storage of your key for printing when you get locked out, or apps that ask you to take a picture of your key and they’ll mail you a duplicate. Obviously this isn’t the best of ideas; you’re giving away your passwords. And finding a locksmith is easier than findind a 3D printer. But it’s the media gaffs with important keys that intrigues us.

We’ve already seen the proof of concept for taking covert images to perfectly duplicate a key. But these examples are not so covert. One example is a police officer carrying around handcuff keys on a belt clip. Pose for a picture and that key design is now available to all. But news stories about compromised keys are the biggest offenders.

subway-keysA master key for the NYC Subway was compromised and available for sale. The news coverage not only shows a picture at the top of the story of a man holding up the key straight on, but this image of it on a subway map which can be used to determine scale. This key, which is still published openly on the news story linked above, opens 468 doors to the subway system and these are more than just the ones that get you onto the platform for free. We were unable to determine if these locks have been changed, but the sheer number of them has us thinking that it’s unlikely.

firemans-keysWorse, was the availability of fire-department master keys which open lock boxes outside of every building. A locksmith used to cut the original keys went out of business and sold off all their stock. These keys were being sold for $150, which is bad enough. But the news coverage showed each key on a white background, straight on, with annotations of where each type of key will work.

Other examples include video news stories about credit card skimmers installed in gas pumps — that coverage showed the key used to open the pump housing. There was also an example of speed camera control cabinet keys being shown by a reporter.

key-photo-duplication-layerone[Jos’] example of doing the right thing is to use a “prop” key for news stories. Here he is posing with a key after the talk. Unfortunately this is my own house key, but I’m the one taking pictures and I have blurred the teeth for my own security. However, I was shocked during image editing at the quality of the outline in the image — taken at 6000×4000 with no intent to make something that would serve as a source for a copy. It still came out remarkably clear.

Some locks are stronger than others, but they’re all meaningless if we’re giving away the keys.

See You at LayerOne this Weekend

LayerOne, the first level of security. [Brian Benchoff] and I are excited to take part in our first LayerOne conference this Saturday and Sunday in Monrovia California.

Anyone in the Los Angeles area this weekend needs to get out of whatever they have planned and try out this conference that has a soul. Get the idea of a mega-con out of your head and envision a concord of highly skilled and fascinating hackers gathering to talk all things computer security. Speakers will cover topics like researching 0day exploits, copying keys from pictures taken in public, ddos attacks, social engineering, and more.

It’s not just talks, there is a ton of hands-on at LayerOne as well. I plan to finally try my hand at lock picking. Yep, I’ve covered it multiple times and we’ve even had a session led by [Datagram] at the Hackaday 10th Anniversary but I’ve never found time to give it a roll. Of course electronics are my game and [Brian] and I will both be spending a fair amount of time in the hardware hacking village. We’ll have a bunch of dev boards along with us if you want to try out an architecture with which you’re unfamiliar. This year’s LayerOne badges are sponsored by Supplyframe; we’ll have something in store for the best badge hacks we see during the weekend.

See you there!

$50k in Play: 20 Bulbdial Clock Kits

For this week we’re veering away from our habit of giving away things to help with your build and giving away something fun. 20 Hackaday Prize entries will receive a Bulbdial Clock kit. Getting into the running is easy, start your project on Hackaday.io and make sure you officially submit it to the Hackaday Prize. Get it in by next Wednesday to be considered for this week’s prizes, and you’ll also be in the running each week after that as we work our way through $50,000 in prizes this summer before giving away the big stuff like a Trip into Space and $100,000 in cash.

The Bulbdial Clock has been a favorite of ours for years. Developed by Hackaday Prize Judges [Windell] and [Lenore] at Evil Mad Scientist Labs, it uses three rings of colored LEDs to cast shadows as clock hands. It’s a fun solder kit that will take time to assemble. In keeping with that ideal, your best bet at scoring one this week is to post a new project log showing off the solder work you’ve done on your prototype. If you don’t have one soldered yet, that’s okay too. Just post a new project log that talks about the component assembly you’ll be working on. This would be a great time to finally draw up a basic schematic, right?

Last Week’s 40 Winners of $50 Shapeways Gift Cards

50k-in-play-shapeways-blogview

Congratulations to these 40 projects who were selected as winners from last week. You will receive a $50 gift card from Shapeways so that you can get your custom parts 3D printed. We were on the lookout for projects that we thought would benefit most from custom parts. Some of these are far along in their development, some have just started, but all of them are awesome so browse the list and make sure to skull and follow the ones you like!

Each project creator will find info on redeeming their prize as a message on Hackaday.io.


The 2015 Hackaday Prize is sponsored by:

Hackaday BAMF Meetup Reaches Critical Mass and Overflows Awesome

I love the Hackaday crowd. Despite a long day standing at a booth or crawling the fairgrounds as a spectator, everyone still made it on Saturday night to the 2nd Annual Hackaday BAMF meetup and made it one for the annals of hacker history. Just look at that crowd… I see a couple of Hackaday Prize Judges, a friend I met in Germany (who I actually found out I first met at this same event last year), and many many more great people. I don’t want to spoil the fun so check out the full size over on [Rich Hogben’s] photo log and see how many you can identify.

We started this gathering last year as a come-as-you-are and bring-what-you’re-proud-of after party to Bay Area Maker Fair. We don’t rent out the bar — O’Neil’s Irish Pub in San Mateo — but we had a handshake agreement for drink tickets (thank you to Supplyframe for buying the first round for everyone) with the bartenders. The place feels like the perfect size, and before long we were packed into every available space. The ramp to the restroom area in the back was a gauntlet of conversation — enough room to walk by but you felt like you were interrupting people talking to those across from them.

The amount of hardware on hand was spectacular. Taking pictures of it was tough in the tight quarters. I got a look at the first prototype of the Pebble smart strap. I really enjoyed seeing OSHChip (pictured above) which is an ARM Cortex-M0 chip and BLE rolled into a DIP-16 form factor. [Sophi’s] HeartBeat Boombox was a big hit; it uses the heartrate and blood oxygen sensors seen above to drive a drumbeat. Those blinky glasses should look familiar. [Garrett Mace] and his colleague [Jason] were on hand. These Macetech glasses are from a couple of years back but don’t worry, they were sporting the newest RGB flavor which I’m told will have black solder mask and integrated controller among other tasty goodies.

Perhaps the best way to tell the success of the night is that there were a lot of friends in the room that I never realized were even there. The next day I met up with [Sarah Petkus] and [Mark Koch] and was surprised to find they had been at the Hackaday meetup and I missed them. The same thing happened when I looked at [Rich’s] album from the night and saw [Trey German] was there too. I wasn’t hiding and I wasn’t stuck in one conversation, it was just that kind of a party that makes the room feel like a TARDIS but somehow the night doesn’t last forever.

It’s hard to imagine BAMF without this Saturday gathering. If you missed it this year, add it to your calendar for next.

[Sophi Kravitz] on Ask an Engineer Tonight

Whew, your Wednesday night entertainment is all sorted out. Mark it in your calendar, [Sophi Kravitz] will be appearing on Adafruit’s Ask an Engineer at 8pm EDT (UTC -4).

Of course she’ll be talking about The Hackaday Prize with all of the incredible entries so far and the amazing opportunities waiting for you as THP continues through the summer. But [Sophi’s] life experience runs far-and-deep and so will the conversation. She is an Electronics Engineer, an Artist, and a huge part of the Hackaday crew. This year she landed a grant to bring one of her projects to life for Burning Man (and to document the process which we’re really excited about). She’s brewing up a new project involving Quadcopters and the technology [Alan Yates] has been working on for Valve. And [Sophi] frequently works on projects like Breathe that delight us with her creativity.

But hey, we better leave some of it for the show. The live link is above, here’s the Adafruit page as well.

Continue reading “[Sophi Kravitz] on Ask an Engineer Tonight”

Interview with the Creators of CHIP, a $9 Single-Board Computer

Single-board computing is hot on the DIY scene right now and riding that knife edge is C.H.I.P., a project currently in crowd-funding which prices the base unit at just $9. I was happy to run into the crew from Next/Thing Company who developed C.H.I.P. They were happy because, well, the project’s reception has been like a supernova. Right now they’re at about $1.5M of their original $50k goal. We spoke about running Linux on the board, what connectors and pinout headers are available, as well as the various peripheral hardware they have ready for the board.

Continue reading “Interview with the Creators of CHIP, a $9 Single-Board Computer”

Tin Spider is 13-foot Rideable Strandbeest

Arguably our best find at Bay Area Maker Faire this year was the Tin Spider built by [Scott Parenteau]. He constructed the 13-foot tall vehicle to take with him on his very first trip to Burning Man back in 2012. There’s very little information available online so we were excited that [Scott] spent some time speaking with us on Saturday.

Continue reading “Tin Spider is 13-foot Rideable Strandbeest”