No announcement yet.

Physical Security - Key Reuse

  • Filter
  • Time
  • Show
Clear All
new posts

  • Physical Security - Key Reuse

    A big issue in physical security that any penetration tester has to be aware of is stock locks. When ever enclosures of most kinds are manufactured, a lock and a key may be needed to secure the enclosure and the manufacturers will likely not produce the locks and keys but turn to stock locks. An issue with stock locks is the high level of key reuse. The manufacturer of the locks may not use the full key space and will likely turn to making a large amount of locks that has the same bitting. The advantage is the lower production cost and production time but present a security risk.

    Some items often vulnerable to Key Reuse may be
    • Alarm Systems
    • Drawers
    • Government Cars
    • Industrial Machines
    • Voting Machines
    • Windows
    • Tool Storage Enclosures and Boxes
    • Key Cabinets
    • Safe Boxes
    • Elevators
    • Devices With Key Switches
    • Casino Slot Machines
    • Drug Storage Containers
    • Cash Registers
    This does not only apply to mechanical locks but also locks on safes that have the same default or master codes. Safe default and master codes may even be hardcoded into the firmware controlling the locks and require contacting the vendor that has the capability to change it.
    In any case, it is possible to either buy an item of the same make and brand as the target organization has in place to get a key or default code, or just buy a replacement key on the Internet for a few dollars.

    Some common keys are
    • 501CH, CH751 - Gas pumps, motor homes and RVs, alarm systems, key cabinets, tool boxes, medical cabinets etc.
    • A126 - Gas pumps, fire alarm enclosures, scooters, voting machines etc.
    • 2341 - Arcades and video games etc.
    • CC1 - Golf carts, club cars etc.
    • J200 - Petrol locking caps etc.
    • C415A - Cabinets, drawers, handle locks, jukeboxes etc.
    • FEO-K1 - Elevators
    • EK222, EK333, 2233X - Server racks, digital cabinets, forklifts etc.
    • 16120 - Doorking entry system (DKS)
    • 222343 - Linear entry system
    • KWL53 and variants - Window handles with locks
    Of course there is never a guarantee that any of those key fit any particular lock but the risk is present. This does not mean that an organization has to change all locks but it is important to be aware of the issue so that any given employee is aware of the risk and has the option to not store critical devices or confidential information in an unsafe location. When an organization is installing a key cabinet it is with the intent to keep all the contained keys safe. It does not take much imagination to guess the consequences if an intruder is able to access such a critical cabinet. The key reuse is so common that a large enough key cabinet may actually contain several copies of the key that unlocks the key cabinet, even though they are intended for completely different locks. It is also important to treat an important key out of view and not publish pictures of it. A determined attacker may be able to make out the bitting from a high resolution picture. Lending out that same key also comes with a risk as it does not take long for an attacker to take note of the bitting that makes him capable of making a copy later.
    Another issue regarding key reuse is that for industrial vehicles, vendors some times mention the key bitting in the manual which is often available on the Internet and this will enable an attacker to create or buy a working key for these vehicles. This includes some fork lifts, cranes, bobcats etc.

    An interesting Google Dork could be something like the following: "501CH key filetype:pdf"
    Last edited by Resheph; 07-01-2018, 07:18 AM. Reason: Added DKS to doorking key description
    Certified Security Geek