You got me wondering about other ways to scan, such as sonically. I'll bet that right now any kind of sonic scan would be crude and rough - but how long before signal processing can be cleaned up to make it good enough to guesstimate the lengths of the pin segments?
Especially if the scan included analyzing against known lock types? This is the sort of problem for which the Internet is ideal: An optical scan to narrow down lock makers and models, load custom signal processing configurations for those likely locks, perform a sonic scan of the lock and collect reflections, distortions, etc., and use the custom config to ease the decoding: Wah-la! A picture of the inside of the lock, with pin segment lengths.
Then print 5-10 likely keys on the spot.
Picking a lock requires a suspicious body posture and special tools.
Scanning a lock this way just requires you be close enough to the door. Checking your messages? Patting your pockets to make sure you have everything? Leaning your bag against the door on your knee to make sure you have everything? Many plausible scenarios for staying close enough long enough, and the tools are COTS, common.
Or maybe I "deliver" a "package" to your door, lean it against the door (UPS and others do this all the time), and the top of the package contains the scanning tools. I come back later (seconds, minutes?) after realizing I've made a mistake and take the package back.
The more I think about it, the more I cannot help but wonder if the physical lock of the future will not need a proof-of-authorization mechanism to vet the keyholder - at which point we eliminate the keyhole entirely and move to direct identification of authorized entrants.
And then of course watch for 0-day vulnerabilities in THAT technology.
Especially if the scan included analyzing against known lock types? This is the sort of problem for which the Internet is ideal: An optical scan to narrow down lock makers and models, load custom signal processing configurations for those likely locks, perform a sonic scan of the lock and collect reflections, distortions, etc., and use the custom config to ease the decoding: Wah-la! A picture of the inside of the lock, with pin segment lengths.
Then print 5-10 likely keys on the spot.
Picking a lock requires a suspicious body posture and special tools.
Scanning a lock this way just requires you be close enough to the door. Checking your messages? Patting your pockets to make sure you have everything? Leaning your bag against the door on your knee to make sure you have everything? Many plausible scenarios for staying close enough long enough, and the tools are COTS, common.
Or maybe I "deliver" a "package" to your door, lean it against the door (UPS and others do this all the time), and the top of the package contains the scanning tools. I come back later (seconds, minutes?) after realizing I've made a mistake and take the package back.
The more I think about it, the more I cannot help but wonder if the physical lock of the future will not need a proof-of-authorization mechanism to vet the keyholder - at which point we eliminate the keyhole entirely and move to direct identification of authorized entrants.
And then of course watch for 0-day vulnerabilities in THAT technology.