How did they do it? Used an iphone to take a picture of the key and then upload the pic to a key generating website or key making kiosk. Voila! Key to the home!
When I broke into my neighbor’s home earlier this week, I didn’t use any cat burglar skills. I don’t know how to pick locks. I’m not even sure how to use a crowbar. It turns out all anyone needs to invade a friend’s apartment is an off switch for their conscience and an iPhone.
This was done politely: I even warned him the day before. My neighbor lives on the second floor of a Brooklyn walk-up, so when I came to his front door he tossed me a pair of keys rather than walk down the stairs to let me in. I opened the door, climbed the stairs, and handed his keys back to him. We chatted about our weekends. I drank a glass of water. Then I let him know that I would be back soon to gain unauthorized access to his home.
Less than an hour later, I owned a key to his front door.
What I didn’t tell my neighbor was that I spent about 30 seconds in the stairwell scanning his keys with software that would let me reproduce them with no specialized skills whatsoever. The iPhone app I used wasn’t intended for anything so nefarious: KeyMe was designed to let anyone photograph their keys and upload them to the company’s servers. From there, they can be 3-D printed and mail-ordered in a variety of novelty shapes, from a bottle opener to Kanye West’s head. Or they can be cut from blanks at one of KeyMe’s five kiosks in the New York City area.
I copied my neighbor’s keys at a KeyMe kiosk about a mile from his house, inside a Rite Aid drugstore. After logging in on a fingerprint scanner and choosing my neighbor’s keys from all the keys I’d uploaded, I watched on the machine’s screen as a grandfatherly cartoon figure with a white mustache and spectacles cut them. Seconds later the keys dropped into a box at the front of the kiosk, still warm to the touch. The next morning I let myself into my neighbor’s apartment and interrupted him reading a book about the German battleship Bismarck.
Services like KeyMe, along with competitors like KeysDuplicated and the Belgian Keysave, promise to forever solve the problem of lockouts and lost keys using clever combinations of smartphone scans, automated key-cutting machines and 3D-printing. Like a “forgot my password” function for physical security, they let you upload your coded chunks of metal to the cloud, where you can access and duplicate them, or even email them to a friend staying at your place.
Such services also enable jerks like me to steal your keys any time they get a moment alone with them. Leave your ring of cut-brass secrets unattended on your desk at work, at a bar table while you buy another round, or in a hotel room, and any stranger—or friend—can upload your keys to their online collection. The trick is far easier than having them copied at a hardware store. KeyMe says it will even duplicate keys marked “do not duplicate,” including some high-security keys sold by Medeco, Mul-T-lock and Schlage. Parking valets suddenly require a ludicrous level of trust: KeyMe already allows some car keys to be scanned and mail-ordered; KeysDuplicated says that feature is on the way.
New York-based KeyMe reassures users on its website that “only you can scan your keys” and its “scanning process is designed to strictly prevent any use of flyby pictures.” It claims keys can only be scanned when removed from the keychain (Not so; I left my neighbor’s on his ring) and must be scanned on both sides against a white background from 4 inches away. None of that posed a problem making my stairwell creep-scans.
KeysDuplicated, based in San Francisco, doesn’t make any claims about requiring close-ups for its keyshots. But its CEO Ali Rahimi wrote in a statement to WIRED that “we’re not a convenient service for anyone who wants to copy keys
surreptitiously.” The company’s site argues thieves have always been able to measure keys with a key gauge or imprint them in clay to create duplicates. But I have no idea how to do either of those things, and I nonetheless found breaking into my neighbor’s house with a smartphone scan to be pretty idiot-proof.
When I spoke with KeyMe founder and CEO Greg Marsh, he offered another argument: Digitally reproducing keys is safer than other methods because it leaves a digital trail with KeyMe’s account information, credit card records, and its kiosk fingerprint scanners. “We have all this accountability and data that doesn’t exist when you make keys with traditional methods,” Marsh says. “If a key was found to be used maliciously, we have a clear path to find out who was responsible.”