Lockpicking just became a whole lot easier. Engineers Jos Weyers and Christian Holler can use 3D printing technology to produce ‘bump’ keys capable of opening millions of locks, without ever having seen the original keys.
Their DIY software Photobump requires only a picture of the lock in question, and couple of pieces of readily available information such as lock’s depth, to design a ‘bump’ key that can pick even the most sophisticated of security locks.
“You don’t need much more to make a bump key,” security consultant Weyers announced as the Hackers On Planet Earth conference in New York City last month. “Basically, if I can see your keyhole, there’s an app for that.”
The technique of bumping has been practiced since at least the 1920’s, and involves inserting a key into a standard lock and using a hammer to then knock the lock’s pins into place. With 3D printing, the game has changed, and now even carefully designed high-security locks can be compromised.
Should aspiring lockpickers have neither a 3D printer nor the requisite know-how, they can theoretically order their ‘bump’ key from 3D printing services like Shapeways or i.Materialise.
Ikon maker Assa Abloy told Wired that 3-D printing bump keys is an expensive, unreliable trick that doesn’t work on some locks whose keys have hidden or moving parts: “We view this as an interesting exercise, but not particularly representative of the real world of covert entry by criminals and burglars.”
Weyers and Holler claim that they aren’t trying to teach thieves how to break and enter, but rather warn lock makers that traditional lock-security is no longer secure. The complex key profiles upon which locksmiths have long relied is “a kind of false sense of security,” according to Holler. “If a protected profile is your only protection, you should be aware that’s no longer enough.
Weyers said that lock makers should be producing more modern locks, with electronic or unprintable parts: “The sky isn’t falling, but the world changes and now people can make stuff. Lock manufacturers know how to make a lock bump-resistant. And they had better.”
They have no plans to publicly release the Photobump software.