A Xileqi Primus key printed using a 3D printer
On August 5, according to foreign media reports, two students from the Massachusetts Institute of Technology (MIT) in the United States released a set of 3D printing program codes at an international hacking conference. These codes target the high-security Primus keys produced by lock manufacturer Xileqi (Schlage), rendering their claim of "unreplicable" keys obsolete.
Below is a summary of the article:
When the well-known American lock manufacturer Xileqi (Schlage) engraved the words "do not copy" on all the keys of its highly secure Primus locks, they hoped to add another layer of protection, even though these keys were already beyond the capabilities of locksmiths currently available on the market. However, a group of hackers issued a direct challenge to Xileqi.
At the largest global hacker conference (Def Con hacking convention) held last Saturday, David Lawrence and Eric Van Albert, electrical engineering students from MIT, released a set of application program codes. These codes allow anyone to develop a 3D printing software model for Primus keys. With a desktop scanner and relevant software tools at hand, users can upload precise models to the websites of 3D printing startups Shapeways and i.Materialise. After printing according to the customer's requirements, these two companies will mail the replica of the key to the customer, with materials ranging from nylon to titanium.
Eric Van Albert, aged 21, said: "In the past, if you needed a Primus key, you had to find Xileqi. Now, you just need to obtain the information contained in the key, then find a 3D printing service to print it out."
David Lawrence, aged 20, added: "You can have a highly secure 'unreplicable' Primus key, then go to a physical hardware store to get it copied."
Xileqi advertises that the Primus series of keys are mainly used in situations requiring high security levels. Occasions mentioned in the company's marketing materials include government agencies, healthcare institutions, and correctional facilities. This security originates from the unique model of the Primus keys. Primus keys have two sets of teeth tracks, one on the top of the key and the other on the side, each corresponding to an independent lock mechanism inside the lock. As one of the world's most famous lock-picking experts, Marc Weber Tobias has also written that he uses Primus locks in his own home.
The software tools developed by Lawrence and Van Albert are not intended to allow users to arbitrarily open any of the above locks, but rather to help people replicate a key that was previously difficult to copy. However, these two students simultaneously pointed out that there are other ways to replicate a key without necessarily using programming codes. Other researchers have also demonstrated that a key can be effectively replicated through a picture, even if the picture was taken hundreds of feet away.
Cracking the intricate teeth tracks
After studying Xileqi's product manuals and patents, Lawrence and Van Albert learned how to crack the two sets of teeth tracks on the Primus keys, then incorporated the keys into modeling software until they were finally able to accurately replicate them.
Lawrence pointed out: "Just by having a friend who works at Xileqi, or a picture of a Xileqi key, or even a picture of someone's Xileqi keychain around their waist, you can replicate a key. Replicating a key is like copying a movie; someone must first obtain the key's information, then everyone else can get a copy."
Once a key has been photographed or scanned, the cost of 3D printing through an online service is relatively low. These two MIT students stated that they would not use a home 3D printer to print keys, but instead spend less than $5 to have Shapeways print a nylon key, while a titanium metal key printed by i.Materialise.com costs $150.
Xileqi did not comment on this matter.
Need to prevent network leaks
Although Lawrence and Van Albert focused on Primus locks, they pointed out that 3D-printed keys are not limited to one lock manufacturer. Lawrence said: "The message we want to convey is that you can use 3D technology to print any highly secure key. It doesn't take much effort. In the future, almost any key model you can think of will appear on the internet."
Lawrence and Van Albert also cited an example: Last fall, The New York Post published a picture of a New York City fire elevator master key, which could open many distribution boxes, fire elevators, and subway station gates in New York City. Although The New York Post's intention was to remind electricians and firefighters holding these keys not to let them fall into the wrong hands, the clear details of the key in the picture could be drawn into a model and then printed using a 3D printer or directly copied by locksmiths. The New York Post quickly realized this possibility and deleted this image from its website, but before that, the image had been widely shared on the internet.
Lawrence pointed out: "Once you can print a New York City fire elevator key, the damage cannot be undone. These files are very difficult to completely erase from the internet."
Electronic locks are more secure
However, Lawrence and Van Albert were not the first to attempt using 3D technology to print keys. In 2011, Apple engineer Nirav Patella developed a program that allowed anyone to incorporate the parameter information of a key into a 3D printing model. However, Patella's software could only handle ordinary keys.
Last year at the HOPE hacker conference held in New York, a German lock-picking expert named "Ray" demonstrated how he used 3D technology to print and laser-cut high-security handcuff keys. Such keys facilitate police officers opening handcuffs locked by other officers. However, this made such keys extremely easy to replicate, and once someone carries a replica, they can easily open the handcuffs.
Regarding the 3D printing issue of Xileqi keys, Lawrence and Van Albert did not provide any solutions. They believe that in the era of 3D printing, the concept of "unreplicable" keys may have become outdated, and security companies should shift towards developing electronic locks that use unique password keys, which are difficult to replicate.