Student 3d-print American ‘firefighter keys’ for homes and business premises
While software-level security usually predominates at conferences, there is an occasional focus on physical security. In this case for the so-called Knox Box, which is used in the US to store a key for the fire brigade on the outside of a building.
Presenting himself as a physical security enthusiast, 18-year-old m010ch_ discussed these ‘lockers’ in his first Def Con presentation. Normally they are initiated with a shot, which because of its age only contained water. He started his presentation with an explanation of the Knox Box phenomenon. These are boxes on the outside of a building in which homeowners or managers of business premises keep a key, so that the fire brigade can enter in the event of a fire. Sometimes these would be mandatory. According to the student, not all keys that the fire service has for these cabinets are unique, sometimes there is one key for an entire neighborhood and sometimes even for an entire state.
You can already see where this form of key escrow goes wrong. That’s what m010ch_ thought too and decided to see if it is possible to get hold of the ‘masterkey’, with all the consequences that entails. He found out that it is not possible to buy a key, but you can buy a Knox Box. This was then fairly easy to take apart, so that he got hold of the lock. By sawing this with a hacksaw, he got an idea of the profile of the key and had a so-called blank in his hands. He then took the pins out of the lock to measure them. He used the OpenSCAD software to create a full 3d model of the key. According to the student, 3D printing via multi-jet fusion worked best.
With the printed key, he was able to open other Knox Boxes as well, which for obvious reasons is not intended. He added that it is not even necessary to buy such a box yourself, because sometimes they are also attached to fences from which they can be easily removed. His recommendation is therefore to completely forget this way of storing keys. His material can be found on GitHub.