I Can Copy Your Keys With A Smartphone App

In a great article on Wired.com, Andy Greenberg details how he used the smartphone app KeyMe to create a key that allowed him to access his neighbors apartment (with permission of course).  The KeyMe app allows you to store copies of your keys online so in the event you lose or misplace you keys, or lock yourself out, you can have a key made using 3D printing and open the door you need to open.  Sounds great!  All you need to do is take a picture of both sides of your keys, and store them on your KeyMe account.  When you need a key, you can pick them up at a KeyMe kiosk (Currently only Manhattan area) or they will ship them to you.

The Wired article describes how someone who can get physical contact with your key ring can quickly make the necessary pictures to have your keys made and shipped to them.  Now that this cat is out of the bag, you will need to be more careful where you set or store your keys.  Leaving them out of your pocket or purse loose on a table or counter, or even hanging them on a key hook in your home could be problematic if the wrong person happens to be in proximity.

The article is worth the read.  To be fair to KeyMe, the Security page on their web site explains how they protect your keys from being stolen.

Data storage: We keep as little information as possible. We do not store information which could be used to link your key with a location or lock. We don’t know where you live and we don’t want to know.

Verified users and transactions: To use KeyMe, you have to get past security.  To provide the highest level of security for our users, we utilize a strong verification process. Mobile registration requires email verification and kiosk registration requires a fingerprint. Additionally, all transactions are verified with a credit card.

Scanning keys:  Only you can scan your keys.  KeyMe’s key scanning process is designed to strictly prevent any use of flyby pictures. Keys can only be scanned when off of the keychain, placed on a white piece of paper, and taken from 4" away. Furthermore, we require that users scan both sides of the key.

Email notifications:  Real time account activity updates.  Anytime there is key making activity on your account, we send a confirmation email. This keeps you up to date and prevents any fraudulent activity.

imageNevertheless, if someone were to copy your keys to an account of their own, this security would be easily circumvented.  But the fact of the matter is, most locks are easily picked using lock picks or even electric toothbrushes that have been modified for this purpose.  (Not kidding – you can Google it)

So more insecurity in an insecure world. Remember, just because you’re paranoid, it doesn’t mean they’re not out to get you.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.