@@hypomotion Yeah you can tell he's nervous but holy hell his talk is full of great information. He's well researched and able to explain it so it's easily understandable. I really hope he keeps at it, I want to hear more of his work.
The single thing that tremendously improves the security of the Knox box is connection to the intrusion alarm. This way, they can get into the building, but the police will already be notified before you are in the door. I, as a firefighter, don't care in the least if I trigger the intrusion alarm, since the police were dispatched at the same time that I was. However, depending on where you are, police response can be spotty at best. The intruder does know that the sword of Damocles is hanging over their heads once they open the box and the police will be there at some point. If the box has the buttons installed, but not wired, the thief may not be able to be sure if they are dummies or not.
So you confirm the box is useless for firefighters? It's gullible solution for a non existing problem. In Germany they just don't exist and I haven't yet heard of firemen having problems getting access ever. And we have a lot of volunteer firefighters. Everyone knows some, they have all the crazy stories. In my class alone there were 5 volunteer firefighters amongst 30 pupils. They enjoy using the big and heavy gear if an axe isn't enough, there is nothing that makes them need the key to a door or a burgler alarm code... It's ridiculous. I guess Knox Box producers paid a lot of money to get legislation filed that makes their product mandatory and the gullible obey to such laws....
@@TremereTT I don't know how you got that from what I said. The Knox box absolutely has a purpose. I simply said that it's important to connect it to the intruder alarm. Most often, when we respond to an automatic alarm, it is due to a malfunction in the alarm system. If we arrive in response to an automatic alarm and there is smoke or fire showing, we'll get through the door quickly enough. However, if there is no indication that there is a real fire, we do not enjoy destroying property for no reason. The Knox box allows us to gain entry without damage and investigate the problem quickly. Without the Knox box, we are faced with the decision whether to gain entry by forcible means or to wait for the keyholder.
@@TremereTT It's not completely true that this doesn't exist in Germany. But here the key box gets unlocked by your fire alarm system. As soon as there is a fire alarm the box pops open. And your local Fire Station can have a key, should they be alarmed, but the box not opened by the system.
@@maesto No! just not true. I have never ever had to place a key in such a box. And I know noone who did. Also it's not uncommon to change locks of your doors in flats and houses, and no one requires you to put a key into a box for new locks, so I'm sure there is no box. The only such box I have ever seen is in Vacation homes. The owner tells you the code so you can get the keys for the vacation home.
@@johns7734 Yeah, but what is a realistic response time to a alert? Where I live the police usually won't even respond to a security alarm at a private building, is there a different priority for it?
What an excellent speaker, and such amazing information. Knox needs to give this young man some reward for pointing out how pointless their boxes are. Well done :P
Has he told himself in his intro, this issue is well known and has already been discussed before. Cities have already proven that they prefer spending millions to re-key everything after a burglary than getting rid of that utterly broken system. Fire fighters have huge axes exactly for the purpose of breaking doors and windows when they need to. Said doors and windows being already doomed to destruction in the fire. So there is absolutely no valid point in setting up those boxes in the first place. If they have enough time to look for the box and open it before breaking in, this is not an emergency.
@@christianbarnay2499 I think something like this has the potential to save lives, and is a good idea in theory. What if the place on fire has metal doors? The time saved by not having to break down doors would result in less deaths regardless. It's just the current implementation that is bad. Knox has no incentive to improve these, considering that *they* *make* *money* *whenever* *the* *boxes* *are* *replaced.* Some sort of _well-designed_ electronic alternative is probably the way to go, and this has the bonus of requiring a mains connection (so it is much more likely that the tamper alarms would be used)
Oh wow. I read your comment when I was at 10 mins and some change because it started echoing so I scrolled through the comments to see if it stops. Then I read yours. The video continued and then I thought - hey, wasn't the problem that commenter referred to supposed to happen already? It happened just at the moment when I first checked the time. DUM DUM DUM
@@christianbarnay2499 HybridPhoenix mixed up terms. Knox boxes have nothing to do with fire exits. They are to allow firefighters to get inside a locked building to put out a fire. No matter what firefighters need a "backdoor" to get into any locked building.
The handle for the fire exit more often than not are an easy way in. however, they should be alarmed. I saw Bosnian Bill bypassing a lock the other day, claiming the tool he promoted was good because it means the customers do not have to pay as much when they lock themself out. Well, if the lock is so bad anyone can open it without a key or a scratch, that is more upsetting than having to pay for a new door. Explosives and hydraulic tools can be used by firefighter to gain entrance, forcing everyone to leave their front door open just in case there is a fire is not a reasonable solution.
Friendly reminder: If someone says a system is hackproof, and there aren't all kinds of alarms going off in your head, check the alarm system, _someone might have hacked it._
12:30 - m010ch starts talking about details of the lock, and the video starts jerking out chunks of audio and video. I don't know who edited this, they could have just skipped it! This way to partially hinder the explanation is so intriguing!
The first video showing the Medeco key also explained the access code was the same two digits followed by the last four digits of the fighterfighter's SSN.
I know in many cities around my area both the fire department and the police department carry the knox keys on their duty belt, not in a "knox key safe" and if you place an alarm code inside make it a duress code. the thief thinks he's disarmed the alarm only to find out he called the police.
Speaking of public-private-partnership the real question is: which so called "representative"/"politician" was bribed to force this idea of lock boxes into a law? This is ridiculous.
Just an FYI on including your alarm code in the box. Often to facilitate communications, the noise of the alarm can hinder operations. Most home alarms have a Duress Alarm, which is an alternate code to make an attacker think the alarm was disarmed as it then goes silent and sends an emergency under duress code to the alarm company. Put this code inside the box. It can be used by emergency services to silence the local alarm, but does not help an intruder.
But if emergency services show up when you're being burgled, how will you ensure the burglars are properly punished (without getting in trouble yourself)? In the age of anarcho-tyranny, seems better to keep alarm system disconnected, or set to only notify your trusted people group.
@@SamTheEnglishTeacher An alarm is a deterrent. If the noise does not disrupt the burglary, the arrival of law enforcement will. The point is to stop the crime. For burglars getting a slap and back to business, it's time to get hard on crime again and make America Great again.
@@isettech it's becoming evident the last part we're gonna have to do ourselves. Like the back in good old days. Cops are there to protect crooks from us, now quite explicitly. Uvalde being a particularly egregious and well documented example.
Sophomore year of college I was in a prank war with one of my roommates so when he was in the shower I took some photos of his keys modeled them in cad and 3D printed them at work then when he was at class I set alarm clocks to go off at all hours around his room
we have in germany this box to, we call it "FSD or Feuerwehrschlüsseldepot" and they closed with a strong e-magnet if the firealarm triggers the box will open then you need a key with this one you can open the secound door auf the FSD than you can use the Key from the Building, if you forget to put the Key back the firealarm system will be not reset until you put the keys back. the Boxes have a anti Drilling system, when you make a hole in this box it will call the Police
"Only the fire department has the key" seems strange when everyone is aware that if someone has access to a lock it can be reverse engineered countless ways. If you can take it apart/break it its an incredibly easy process, but key impressioning is a lockpicking technique whereby you can create a working key simply by using a blank key in the lock and working on it. If the lock opens with a working key then the technique can't be stopped. The lawmakers don't seem to understand just how easy it is to create a key, and keep forcing through laws to make lockboxes, TSA locks and the like mandatory. Frankly I'm surprised there hasn't been significantly more crime exploiting these rules, they are pretty much offering a free key to every building to anyone with the slightest understanding of locks.
@@Abdega That isn't even needed. What if somebody spends less than half an hour with any lock then sells keys online en-mass. That's something which really has affected other security critical locks already and frankly I'd be surprised if you can't get a bunch of the keys before this talk even happened. You don't even need to disassemble the lock to make a working key.
I have a Knox “fire department only” FDC cap key. They come around online from time to time lmao. They market those caps as being so “high security” and ONLY accessible the fire department. $600 a pair, mandated by hundreds of city ordinances. I despise the Knox company, huge grift on the entirely of America.
The system I'd suggest would be a public/private encryption key system. The "lock" is an unpowered system (it doesn't use a battery or outlet, so it works in a power outage still too, for emergencies). The "key" is powered (provides power to the lock when inserted, sits on a charging port and has a battery basically, if it's low enough power usage it'd basically be a key-fob). All locks ship with a hard coded copy of the public encryption key, the lock uses a pseudorandom value and encrypts it with the public key, then sends this encrypted value to the "key", the "key" can only decrypt this with the private encryption key. A city could use a single public/private key pair, or it could use hundreds of them, the automation of this process would still make it instantaneous for the "key" to figure out the correct private key to use to get in (the random value can be encrypted and passed along with a preagreed value to ensure correct decryption). It will decrypt the random value, perform some pre-agreed arithmetic/algorithm on it (example's sake: divide by 2). Then re-encrypt it with the private key, verifying authenticity and sending this new value back to the "lock" which decrypts it and compares to the expected result. A match allows the lock to be opened. The only point of attack now then is gaining this private encryption keys, which is only stored on the physical "key". Again meaning you can't duplicate it without having the key now. Since the lock is no longer a "negative" of the key. Still leaves key theft as an issue. But if there's a physical object you can give to a firefighter to get into a building, then there's always a physical object you can also steal from a firefighter to get into that same building.
I really like it the way it is here in germany... There is one door that will only open in case of a fire alarm (if the house is on fire and the alarm hasn't gone off, you can make it via key switch). Behind that is a second door with a lock, only the fire department should have the corrosponding key. As a third line, there is a key control system inside so you can't close the thing back up and rearm the alarm when a key is missing...
Most of those buildings should have a automatic fire-alarm system? just put an electromagnet inside the box to keep it closed unless theres an active firealarm (or power fails)
@@villentretenmerth11 but that would alert people like security if a fire alarm is going off they can easily just check the box as protocol the thiefs would have a x amount of time before they get caught which would make it harder
@@fivemeomedia well if you have a private security detail in your house, sure. But somehow I think that's not the case for most people that aren't corporations.
@@villentretenmerth11 those keys are mostly for firefighters to get into big buildings like apartment complexes or big company buildings i dont think private individuals are required to have them in your personal home
miguel He said in the talk that at least one small shop owner was heavily prosecuted for not installing this junk. A few years ago, the similar regulation required a box with a key so simple everybody could make one from the description in the published regulation itself. Lock people simply refer to that key by the digits that are the hardware password, so I'm not quoting that here.
Opening the Knox Box should trigger an alarm (if the alarm hasn't already been triggered by fire etc). That way anyone who managed to access the box this way would be setting off the alarm (pretty good deterrent if you are trying to steal/copy building access keys and dont want anyone to know they have been stolen/copied and change those locks out)
Well, in my school i tried how hard it would be to open a lock - never done it before, used 2 paperclips, still managed to get open one door in a couple of minutes - a really old door that lead to the attic - and what was stored there? Oh right, only the records of all students. Years later at the military we were doing routine checks and the officer in charge noted that the locks would get replaced soon and we need to do a checkup on the keys - so we went through the records, found that several keys vanished from all listings, some keys were with people no longer in the military, oh and right - out of the 5 master-keys to the high security area only 2 were with the officers that were supposed to have them, 2 were missing. Guess were the last one was? In the hands of the recruits doing the cleaning. Yep - the masterkey that lets you enter all high security areas, buildings where you need to go through 2 checkpoints to enter them, were generals had to wait for somebody to check if they are allowed to enter at that specific time - the recruits could just unlock the door them self. Worse yet - the commanders knew and it was intentional - they didn't like the hassle of checking all the time when the recruits came to dispose of the garbage..... oh and tight, the secret documents that needed to get destroyed. Security sometimes is really just a bluff - as long as nobody looks too closely they will not see the giant gaping holes.
@@calvinthegreat69 perhaps that's how it happened. All I know is DEFCON is awesome and I'm happy to see recommended videos from these events. Btw I couln't find anything from LPL on this lock, but he does have videos of picking Medico locks if I recall right.
@@JasperJanssen So? they can break in really quickly if they want to. Having a back door like the original poster said is beyond ridiculous and quite frankly there needs to be a spate of robberies using them.
It's more of an intentional front door. Like the man says, if the house is on fire you are not going to fuss about the burglar alarm going off or some damage to the front door. If you have hard to break security pay for remote opening ability or just set the doors to release when both the fire detectors detect a fire *and* the Knox key is used. I work in the field and most alarm systems can be set to open one/all doors when the fire alarms detect a problem. And a cheap electric strike is under $200 these days, so even the average homeowner who's rich enough to buy an alarm can reasonably have at least one door operated that way.
Because amazingly enough, backdoors can be quite useful. One man's backdoor is another man's entry point or security. Web security is built upon a "backdoor". Most phones these days have a backdoor built in to enable you to wipe it or lock it if it is stolen or lost. Even some cars are starting to have them installed to prevent theft.
The M3 is a damn good system. They can be picked easily enough by some, but I'm not one of those privileged enough with the skill to successfully attack an M3.
maybe I am completely nuts...but why would they not just have a keypad instead of a key? The firefighters would have a special number with a code they have to call and give to an operator, who would then log in what they were opening and give them the code for the locked key at the business/home. The code would only work for say 10 minutes, and then randomize again. Could go even further and have the firefighters have one of those number generator pads used for PC and gaming security (like the WOW locking key) where they have to give the code, that is only good for say 1 minute, to the operator before they would give out the code.
I mean besides building owners not liking that, the fact is commerical buildings are likely to have steel doors. It's not as trivial to break those down. Basically, removing impediments to fighting fires is a Good Thing™
Unless the firefighters in question got a mandated budget that takes into account hydraulic exosuits that is not a vary sane response. All the points at the end of the video were pretty good solutions.
@@MynameisFICTION it's really not that difficult to break down a normal building door. It has hinges that can be broken or it can be just rammed open. Normal building doors aren't made to stand against such forces. The police rams down doors all the time. The person responsible for the fire has to cover the damages or if the person is insured it is covered by the insurance.
@@Robbe1912 I find your scenario way too idealistic.. Even if we make up a number and say it takes 4-7 seconds per door.. thats still per door. it adds up way too quickly in a situation where loss of life is likely from suffocation alone. I want firefighters to have the tools to do their job effectively but where i DO draw the line is a law that is mandating people buy a product from a private company and its not an in house solution.
It's not the first time someone has thought of this.. The thing is, having a key is not necessary, and having a key doesn't mean that there's not other forms of security. One of the key components of a top notch security system is a pre emptive notifications system. So, take the key from the Knox box.. By the time you have the key in your hand, they know you are there. It's only a matter of how fast they are set up to respond.
Right. So those people in the video who used Knox box keys to get into a building and steal packages... Maybe if you tell them this they'll return the packages.
One major improvement would be to explicitly use a number code that passes through a circuit that unlocks a lock, and the circuit could be npossible to invert.
"only firefighters have access to the key" the last time i checked firefighters are people too and people can have bad intentions/ be corrupt. city wide back doors to every commercial building is a bad idea
@@dust7962 Fire fighters are trained to break in fast. They have powerful tools for that exact purpose. And they are legally allowed to do it. So just axe through that F...ing door and don't waste time looking for that box which contains an old key that doesn't fit the lock because nobody thought about it the last time they changed the lock after some crackhead jammed a metal piece in it.
@@dust7962 Secure doors that can resist fire fighters entry gear are very rare and require some paperwork and special procedures to be approved. Usually the setup includes passive and active fire protection measures (insulation, automated extinguishers) and an acknowledgement that fire fighters don't have to get in that area. Those are mostly found in bank vaults and a few military sites.
Thinking about Saflok, electronic would be way to go. If new keys needed to be made, they can be used to disable the prior keys. Just need to go to each lock and insert new key once to rekey them.
All security systems fail at some point. ALL of them. Every one. (15 years of banking experience.) "Nothing is fool proof to a sufficiently talented fool" - Stephen Hawking. "Nothing is hacker proof to a sufficiently talented hacker" - Every Hacker Ever
jfan4reva the best you can hope for is to appropriately scale all aspects of your security to the anticipated threat as justified by the value of the content. For the private owner: If you can’t afford to have insurance on whatever it is, you probably shouldn’t have it.
A good electronic version could use an improved variation of ASSA's CLIQ cylinders, where the key already contains a battery, a microchip and an expiry clock. The emergency services version would use strong public key security, with per key serial numbers and the key becoming useless 10 hours after being presented to the duty Sargent at start of shift. The key signing machine at the firehouse would need to get online with the one of 3 state buildings (in Capitol and a spare city) every day or it can't issue after a week of being offline. At a hurricane sized outages, emergency reactivation codes can be distributed to firehouses by military couriers visiting twice a week. Such a lock would also accept a completely unrelated key code that is unique to the owner and sold with the box. Because CLIQ keys include a traditional mechanical key, they can be cut to fit the old/cheap boxes in the city, so the firemen don't need to guess which key to use, and thieves can't see which boxes have the weaker security.
That’s the first time I’ve heard of a Knox box and key escrow, because I’m not from the USA, but it should have been instantly recognized as the stupidest thing anyone has ever heard of the moment it was proposed! And maybe it was, in other countries.
Ahhh the political world of lobbying for contracts which should be outlawed in my opinion. This is how catastrophic failures happen either to save a few bucks or to reward a lobby who contributed much money to their campaigns. That's how we end up with subpar infrastructure and or situations like this. Not to mention Microsofts situation similar to this. Here is real..... THEY WANT IT UNSECURED ONLY TO APPEAR SECURE. THE SAME WITH PCs ETC. THE SAME PPL WHO ARE SUPPOSED TO SERVE US HAVE ONE LEG IN BOTH THE GOOD AND BAD WORLDS. Just like in the medical fields there isn't any profits in creating cures
You could circumvent this problem with the solution that you 'forgot' to put your key in the box. Or even better put the wrong key in. I don't know if they check the boxes yearly but it seems like they don't. I also don't know why they use it anyway bc who cares about a broken door if your house burns.
Iberia, Liberia?.. now should spend his great intelligence on designing a Knox Box that actually IS as close to 100 % safe as possible. Some really good automation I think is what it would take.
How to solve this problem. Connect the nox box to your fire alarm system. If the box is opened, sound the fire alarm and call the fire department. This makes it like pulling the fire alarm to open a fire door to get in a room. A very loud attack.
Firefighters are legally allowed to axe doors and windows in case of emergency. The problem never existed in the first place. Just let firefighters do their job and don't mandate that they waste precious time looking for that box hoping the key inside was updated the last time the lock was replaced.
electronics keys/locks that are open if there is a power failure 'safe off' are not really the solution.... electronic solution may not work altogether in case of fire....
While good in theory, any master key based system is inherently flawed. All the "bad guy" needs to do is get that key and they can break in to every building in the city. If you're going to add such an obvious backdoor, you might as well just not have any locks at all.
Is it better to cut the lock in half like shown in the video, or could you cut the lock from 12 o'clock down to the point where it snaps in half? Then you could sandwich putty in between both pieces of the lock for a physical copy.
Not really possible. First, the pins aren't held in the right position when there's no key inserted. The correct key moves the pins into the correct position to open the lock, and until its inserted the pins are held in a different position, locking the tumbler. Further, if you cut the tumbler in half like that, the pins would no longer be held in place, they'd fall right out, and all of your info about the lock would be lost. Also you'd have to cut the pins as well, further destroying your info.
Could be a removable/swappable core system, similar to what Best does with the majority of their locks. He probably said something about making a master key/removing and replacing the core.
I am surprised more of these aren't tied into alarms of some sort. Given that the only people who need to access these boxes are firefighters (who are presumably only doing it if there is an emergency AND they cant just enter through the door because its open or there is someone there to buzz them in) then there is no reason that opening the Knox Box shouldn't trigger the fire alarm (if it isn't already active via smoke detectors or other systems). Burglars are a lot less likely to do whatever it is they came there to do if there are alarms blaring and they know that the emergency services are on their way.
Every sweep would cost a few million dollars to change hundreds of thousands of boxes. And you can't switch all of them at once. The reason code books were so valuable was that they contained settings for the next weeks or months. Yesterdays setting were typically destroyed after use. So if you have a huge warehouse with 100000+ new locks, what are the odds one of those will go missing?
Isn't the main problem that once a key gets lost by the fire station the whole system is screwed? The only solution, in my opinion, is that a person who has access to the building has to hand over the key in an emergency. Although this is a slow process that can and will go wrong. I have no other Idea how one could otherwise ensure that one lost Key won't screw up. (The only other way would be an electronic system which can deactivate keys, which would need all the locks to be connected to each other...)
@@portlocks2051 That is missing the entire point of this video. Once it’s out, all that needs to happen is for someone to take a photograph of the key.
How does the owner access the box to place/replace his keys? It did not appear to be a master key system, and if you had your personal key with it then you could have gotten the keyway from that.
"why are intentional back doors a thing?" first fire escapes are great, and neighborhoods are even designed with multiple exits to emulate the multiple exits of buildings. seccond, firemen can carry firearms to get in nearly anywhere. instead of having keys, one could have a starter pistol which if held right next to a lock would have a similar effect to shooting it. intentional backdoors exist because motive about access is all about time. locks don't exist to keep people out but to cost them time for emergency personel to arrive. fire marshals don't need to be delayed.
then they should probably bash the door in. it would likely be quicker than a firefighter trying to open a door with a key in a lock that might be rusted or the keys missing from the box. its just dumb altogether for such a wide usecase
If you're ballsy enough you can actually grab a Medeco key tight in your hand and punch something... like accidentally snatch it while falling and imprint your hand then take a pic of that. Keys have limited numbers of stops and the spin-pins have rather loose tolerances. No need to keep playdoh.
They don't need to be thieves. Just normal humans who can lose a key in the middle of intense action. A fire department lost 850 keys over several years.
@@keyboard_toucher not the same lock used in the boxes yet it is interchangeable and uses the exact same keyway profile the only reason I bring this up is because instead of paying 750 bucks for the box you can pay forty bucks for the lock to get the same results I don't know this man's research and how he came to the conclusion that he did I'm just saying it could have been cheaper just to buy this I've been looking at locks and locksport UA-cam for a long time that's the only reason I know that medical uses the same profile for pretty much all of their locks the major difference from this particular camlock and the one in the Knox box is that there is I bet more hardening of the as well as corrosion resistance
In germany such boxes mostly come with tamper alert. We also use city-wide keys that are stored in the fire department. It's far away from perfect, but better than nothing.
fearlessTobi Und was hat das mit dem Kommentar oder dem Video zu tun? Meine Fresse, gibt es keinen Ort mehr, an dem man nicht von Links oder Rechts mit Politik zugeschissen wird, obwohl das komplett am Thema vorbei ist?
Well, it's just a lot easier to not have a knox box. Aren't Fire Fighters supposed to have Battering Rams, Fire Axes and that shit... How fucking hard is it to just bust down the door. Who needs a key, if the house is on fire, a non-destructive entry seems pretty dumb, after all, it would only delay entry and as such increase the time until the fire could be put out...
I don't think there is one Defcon that exists without some guy fucking the sound track up... Do you guys want a sound engineer? Someone who knows WTF they are doing?
That system is so ungodly stupid. If my building is on fire just break the fucking door. Replacing that door is a small price to pay to prevent the building from burning down or thieves easily doing a B&E with a Key.
When your first defcon talk gets nuked for a year and it's legality is questioned by the authorities, _you're a welcome addition to the speakers._
When the talk is so good and so damaging, even Defcon quarantines it for a year to let the manufacturer catch up.
now to figure out if they chopped up the video/audio on purpose to hide stuff, or were just failboats lol
@@frosty9392 It's defcon... of course it was a technical issue on their end, it always is.
I definitely saw this video on youtube a year ago
@@piraka_mistika link?
@@point775volts not sure, it might be gone now.
'A key is just a metal password'
Poetry
18yo.. what a legend! 👏👏👏
This a damn good talk for an 18yo, I'm pretty impressed with how well most of these guys and girls can give a talk like this.
@@hypomotion Yeah you can tell he's nervous but holy hell his talk is full of great information. He's well researched and able to explain it so it's easily understandable. I really hope he keeps at it, I want to hear more of his work.
The single thing that tremendously improves the security of the Knox box is connection to the intrusion alarm. This way, they can get into the building, but the police will already be notified before you are in the door. I, as a firefighter, don't care in the least if I trigger the intrusion alarm, since the police were dispatched at the same time that I was. However, depending on where you are, police response can be spotty at best. The intruder does know that the sword of Damocles is hanging over their heads once they open the box and the police will be there at some point. If the box has the buttons installed, but not wired, the thief may not be able to be sure if they are dummies or not.
So you confirm the box is useless for firefighters?
It's gullible solution for a non existing problem.
In Germany they just don't exist and I haven't yet heard of firemen having problems getting access ever.
And we have a lot of volunteer firefighters. Everyone knows some, they have all the crazy stories. In my class alone there were 5 volunteer firefighters amongst 30 pupils. They enjoy using the big and heavy gear if an axe isn't enough, there is nothing that makes them need the key to a door or a burgler alarm code...
It's ridiculous.
I guess Knox Box producers paid a lot of money to get legislation filed that makes their product mandatory and the gullible obey to such laws....
@@TremereTT I don't know how you got that from what I said. The Knox box absolutely has a purpose. I simply said that it's important to connect it to the intruder alarm.
Most often, when we respond to an automatic alarm, it is due to a malfunction in the alarm system. If we arrive in response to an automatic alarm and there is smoke or fire showing, we'll get through the door quickly enough. However, if there is no indication that there is a real fire, we do not enjoy destroying property for no reason. The Knox box allows us to gain entry without damage and investigate the problem quickly.
Without the Knox box, we are faced with the decision whether to gain entry by forcible means or to wait for the keyholder.
@@TremereTT It's not completely true that this doesn't exist in Germany. But here the key box gets unlocked by your fire alarm system. As soon as there is a fire alarm the box pops open. And your local Fire Station can have a key, should they be alarmed, but the box not opened by the system.
@@maesto No! just not true. I have never ever had to place a key in such a box. And I know noone who did. Also it's not uncommon to change locks of your doors in flats and houses, and no one requires you to put a key into a box for new locks, so I'm sure there is no box.
The only such box I have ever seen is in Vacation homes. The owner tells you the code so you can get the keys for the vacation home.
@@johns7734 Yeah, but what is a realistic response time to a alert? Where I live the police usually won't even respond to a security alarm at a private building, is there a different priority for it?
What an excellent speaker, and such amazing information.
Knox needs to give this young man some reward for pointing out how pointless their boxes are.
Well done :P
They should hire him..
It’s been explained before.
no good deed goes unpunished...
Has he told himself in his intro, this issue is well known and has already been discussed before. Cities have already proven that they prefer spending millions to re-key everything after a burglary than getting rid of that utterly broken system.
Fire fighters have huge axes exactly for the purpose of breaking doors and windows when they need to. Said doors and windows being already doomed to destruction in the fire. So there is absolutely no valid point in setting up those boxes in the first place.
If they have enough time to look for the box and open it before breaking in, this is not an emergency.
@@christianbarnay2499 I think something like this has the potential to save lives, and is a good idea in theory. What if the place on fire has metal doors? The time saved by not having to break down doors would result in less deaths regardless.
It's just the current implementation that is bad. Knox has no incentive to improve these, considering that *they* *make* *money* *whenever* *the* *boxes* *are* *replaced.*
Some sort of _well-designed_ electronic alternative is probably the way to go, and this has the bonus of requiring a mains connection (so it is much more likely that the tamper alarms would be used)
12:28: Knox got the call and hacked the feed.
Knox did not account for hacking a hacking conference.
Oh wow. I read your comment when I was at 10 mins and some change because it started echoing so I scrolled through the comments to see if it stops. Then I read yours.
The video continued and then I thought - hey, wasn't the problem that commenter referred to supposed to happen already?
It happened just at the moment when I first checked the time.
DUM DUM DUM
This is why mandatory backdoors are always wrong, and should be resisted/sabotaged by all means necessary.
Fire exits are mandatory backdoors. They definitely save lives.
@@HybridPhoenix08 Properly installed fire exits only allow getting out. A burglar would need inside help to enter.
@@christianbarnay2499 HybridPhoenix mixed up terms. Knox boxes have nothing to do with fire exits. They are to allow firefighters to get inside a locked building to put out a fire. No matter what firefighters need a "backdoor" to get into any locked building.
@@HybridPhoenix08 Backdoors are entry points. Fire exits, as the name implies, are EXITS.
The handle for the fire exit more often than not are an easy way in. however, they should be alarmed.
I saw Bosnian Bill bypassing a lock the other day, claiming the tool he promoted was good because it means the customers do not have to pay as much when they lock themself out. Well, if the lock is so bad anyone can open it without a key or a scratch, that is more upsetting than having to pay for a new door.
Explosives and hydraulic tools can be used by firefighter to gain entrance, forcing everyone to leave their front door open just in case there is a fire is not a reasonable solution.
Friendly reminder: If someone says a system is hackproof, and there aren't all kinds of alarms going off in your head, check the alarm system, _someone might have hacked it._
Well, I just laugh and consider the system unfit for use. No need to be alarmed, they just stated they have huge security problems.
The system cant be hacked if we never put in passwords; think about it.
whenever a company says somethink like that I feel like some hackers out there see it as a challenge and hack it when they otherwise wouldnt have lol
I am in the wrong industry. You guys are awesome. Keep exploiting the systems so we can continue to improve.
12:30 - m010ch starts talking about details of the lock, and the video starts jerking out chunks of audio and video.
I don't know who edited this, they could have just skipped it! This way to partially hinder the explanation is so intriguing!
The first video showing the Medeco key also explained the access code was the same two digits followed by the last four digits of the fighterfighter's SSN.
I know in many cities around my area both the fire department and the police department carry the knox keys on their duty belt, not in a "knox key safe" and if you place an alarm code inside make it a duress code. the thief thinks he's disarmed the alarm only to find out he called the police.
"I'm Johnny Knoxville and this is Building Security"
Speaking of public-private-partnership the real question is: which so called "representative"/"politician" was bribed to force this idea of lock boxes into a law? This is ridiculous.
"I didn't really want to mess with mine so I bought some *very* similar locks" :)
Just an FYI on including your alarm code in the box. Often to facilitate communications, the noise of the alarm can hinder operations. Most home alarms have a Duress Alarm, which is an alternate code to make an attacker think the alarm was disarmed as it then goes silent and sends an emergency under duress code to the alarm company. Put this code inside the box. It can be used by emergency services to silence the local alarm, but does not help an intruder.
But if emergency services show up when you're being burgled, how will you ensure the burglars are properly punished (without getting in trouble yourself)? In the age of anarcho-tyranny, seems better to keep alarm system disconnected, or set to only notify your trusted people group.
@@SamTheEnglishTeacher An alarm is a deterrent. If the noise does not disrupt the burglary, the arrival of law enforcement will. The point is to stop the crime. For burglars getting a slap and back to business, it's time to get hard on crime again and make America Great again.
@@isettech it's becoming evident the last part we're gonna have to do ourselves. Like the back in good old days. Cops are there to protect crooks from us, now quite explicitly. Uvalde being a particularly egregious and well documented example.
lol. every speaker is surely on a Federal Watchlist. 😎✌
Especially the Defcon China speakers
@@hardcodedsoftware4212 "China speakers" HA!
@@DxBlack He means people that spoke at Defcon China
@@DxBlack Damn me and my forgetfulness when it comes to punctuation!
At least you didn't say they're afraid of being sent to Gitmo...
I've read lock pins many times to determine the key needed. This often blows people's minds.
Sophomore year of college I was in a prank war with one of my roommates so when he was in the shower I took some photos of his keys modeled them in cad and 3D printed them at work then when he was at class I set alarm clocks to go off at all hours around his room
Duress codes can be placed inside the box to automatically alert a monitoring facility to send law enforcement.
we have in germany this box to, we call it "FSD or Feuerwehrschlüsseldepot" and they closed with a strong e-magnet if the firealarm triggers the box will open then you need a key with this one you can open the secound door auf the FSD than you can use the Key from the Building, if you forget to put the Key back the firealarm system will be not reset until you put the keys back. the Boxes have a anti Drilling system, when you make a hole in this box it will call the Police
"Only the fire department has the key" seems strange when everyone is aware that if someone has access to a lock it can be reverse engineered countless ways. If you can take it apart/break it its an incredibly easy process, but key impressioning is a lockpicking technique whereby you can create a working key simply by using a blank key in the lock and working on it. If the lock opens with a working key then the technique can't be stopped. The lawmakers don't seem to understand just how easy it is to create a key, and keep forcing through laws to make lockboxes, TSA locks and the like mandatory. Frankly I'm surprised there hasn't been significantly more crime exploiting these rules, they are pretty much offering a free key to every building to anyone with the slightest understanding of locks.
Or, heck what if a firefighter just took key home or dropped it one day?
Boom! Compromised
@@Abdega That isn't even needed. What if somebody spends less than half an hour with any lock then sells keys online en-mass. That's something which really has affected other security critical locks already and frankly I'd be surprised if you can't get a bunch of the keys before this talk even happened. You don't even need to disassemble the lock to make a working key.
I have a Knox “fire department only” FDC cap key. They come around online from time to time lmao. They market those caps as being so “high security” and ONLY accessible the fire department. $600 a pair, mandated by hundreds of city ordinances. I despise the Knox company, huge grift on the entirely of America.
Seriously, how hard would have it been to put a couple baffles over that drain hole lmao
Or cast a surround shielding the switch with a slight inset into the closed door.
Here in South Africa, there is no such thing.
No one would comply with a law like that anyway.
It's not like they can't just walk in armed to the teeth and murder everyone without repercussions, anyways.
The system I'd suggest would be a public/private encryption key system. The "lock" is an unpowered system (it doesn't use a battery or outlet, so it works in a power outage still too, for emergencies). The "key" is powered (provides power to the lock when inserted, sits on a charging port and has a battery basically, if it's low enough power usage it'd basically be a key-fob). All locks ship with a hard coded copy of the public encryption key, the lock uses a pseudorandom value and encrypts it with the public key, then sends this encrypted value to the "key", the "key" can only decrypt this with the private encryption key. A city could use a single public/private key pair, or it could use hundreds of them, the automation of this process would still make it instantaneous for the "key" to figure out the correct private key to use to get in (the random value can be encrypted and passed along with a preagreed value to ensure correct decryption). It will decrypt the random value, perform some pre-agreed arithmetic/algorithm on it (example's sake: divide by 2). Then re-encrypt it with the private key, verifying authenticity and sending this new value back to the "lock" which decrypts it and compares to the expected result. A match allows the lock to be opened. The only point of attack now then is gaining this private encryption keys, which is only stored on the physical "key". Again meaning you can't duplicate it without having the key now. Since the lock is no longer a "negative" of the key. Still leaves key theft as an issue. But if there's a physical object you can give to a firefighter to get into a building, then there's always a physical object you can also steal from a firefighter to get into that same building.
Have a look at the Knox website. You've described the new eKeys pretty well.
@@portlocks2051 I feel ripped off, lmao
I really like it the way it is here in germany... There is one door that will only open in case of a fire alarm (if the house is on fire and the alarm hasn't gone off, you can make it via key switch). Behind that is a second door with a lock, only the fire department should have the corrosponding key. As a third line, there is a key control system inside so you can't close the thing back up and rearm the alarm when a key is missing...
Most of those buildings should have a automatic fire-alarm system? just put an electromagnet inside the box to keep it closed unless theres an active firealarm (or power fails)
Well that would simplify the break in to just some wire cutters and in some areas a shovel to cut the power.
@@villentretenmerth11 but that would alert people like security if a fire alarm is going off they can easily just check the box as protocol the thiefs would have a x amount of time before they get caught which would make it harder
@@fivemeomedia well if you have a private security detail in your house, sure. But somehow I think that's not the case for most people that aren't corporations.
@@villentretenmerth11 those keys are mostly for firefighters to get into big buildings like apartment complexes or big company buildings i dont think private individuals are required to have them in your personal home
miguel He said in the talk that at least one small shop owner was heavily prosecuted for not installing this junk. A few years ago, the similar regulation required a box with a key so simple everybody could make one from the description in the published regulation itself. Lock people simply refer to that key by the digits that are the hardware password, so I'm not quoting that here.
12:10 "It was shown to be very secure, asl long as the attacker does'nt has access to a paper clip or something similar" LMAO
I've never heard of these. But the talk reminds me of the easterhegg talk about general keys for safety locks for camping vehicles.
Keep it up! Only 18!!! Very impressive
Opening the Knox Box should trigger an alarm (if the alarm hasn't already been triggered by fire etc).
That way anyone who managed to access the box this way would be setting off the alarm (pretty good deterrent if you are trying to steal/copy building access keys and dont want anyone to know they have been stolen/copied and change those locks out)
Jonathan Wilson look at 8:37, it looks like it already has a switch just for that
this is the correct take.
Well, in my school i tried how hard it would be to open a lock - never done it before, used 2 paperclips, still managed to get open one door in a couple of minutes - a really old door that lead to the attic - and what was stored there? Oh right, only the records of all students.
Years later at the military we were doing routine checks and the officer in charge noted that the locks would get replaced soon and we need to do a checkup on the keys - so we went through the records, found that several keys vanished from all listings, some keys were with people no longer in the military, oh and right - out of the 5 master-keys to the high security area only 2 were with the officers that were supposed to have them, 2 were missing. Guess were the last one was?
In the hands of the recruits doing the cleaning. Yep - the masterkey that lets you enter all high security areas, buildings where you need to go through 2 checkpoints to enter them, were generals had to wait for somebody to check if they are allowed to enter at that specific time - the recruits could just unlock the door them self.
Worse yet - the commanders knew and it was intentional - they didn't like the hassle of checking all the time when the recruits came to dispose of the garbage..... oh and tight, the secret documents that needed to get destroyed.
Security sometimes is really just a bluff - as long as nobody looks too closely they will not see the giant gaping holes.
Human laziness is the single largest security risk.
Damn dude. You know your stuff anyways. I wonder if LockPickingLawyer could pick the Knox Box.... Off to do a search now, peace
I had the exact same thought. Wonder if his channel is how this ended up in my recommendations?
@@calvinthegreat69 perhaps that's how it happened. All I know is DEFCON is awesome and I'm happy to see recommended videos from these events. Btw I couln't find anything from LPL on this lock, but he does have videos of picking Medico locks if I recall right.
If he could, he probably wouldn't advertise it, being aware of ALL the damn crime a person could get up to with City or Statewide Skeleton Key.
Why are intentional backdoors still a thing, WTF
because the state wants it.
213423 134242 because firefighters do, in fact, need a solution to this problem.
@@JasperJanssen So? they can break in really quickly if they want to. Having a back door like the original poster said is beyond ridiculous and quite frankly there needs to be a spate of robberies using them.
It's more of an intentional front door. Like the man says, if the house is on fire you are not going to fuss about the burglar alarm going off or some damage to the front door. If you have hard to break security pay for remote opening ability or just set the doors to release when both the fire detectors detect a fire *and* the Knox key is used. I work in the field and most alarm systems can be set to open one/all doors when the fire alarms detect a problem. And a cheap electric strike is under $200 these days, so even the average homeowner who's rich enough to buy an alarm can reasonably have at least one door operated that way.
Because amazingly enough, backdoors can be quite useful.
One man's backdoor is another man's entry point or security.
Web security is built upon a "backdoor".
Most phones these days have a backdoor built in to enable you to wipe it or lock it if it is stolen or lost.
Even some cars are starting to have them installed to prevent theft.
Regarding the shops theft alarm goes off.... there might be other systems connected like automated doorlocks, fog systems, roll gates etc.etc.
The M3 is a damn good system. They can be picked easily enough by some, but I'm not one of those privileged enough with the skill to successfully attack an M3.
maybe I am completely nuts...but why would they not just have a keypad instead of a key? The firefighters would have a special number with a code they have to call and give to an operator, who would then log in what they were opening and give them the code for the locked key at the business/home. The code would only work for say 10 minutes, and then randomize again.
Could go even further and have the firefighters have one of those number generator pads used for PC and gaming security (like the WOW locking key) where they have to give the code, that is only good for say 1 minute, to the operator before they would give out the code.
Complexity is the enemy of security. While your idea is excellent on paper, it introduces a lot of new potential points of failure.
Absolutely great talk! I was very very impressed!
how about the fire department just uses an axe to break down a door when a fire is inside the building. now you can get rid of those keys alltogether.
Building owners don't like having the door broken every time Linda in 302 forgets her pot on the stove.
I mean besides building owners not liking that, the fact is commerical buildings are likely to have steel doors. It's not as trivial to break those down.
Basically, removing impediments to fighting fires is a Good Thing™
Unless the firefighters in question got a mandated budget that takes into account hydraulic exosuits
that is not a vary sane response.
All the points at the end of the video were pretty good solutions.
@@MynameisFICTION it's really not that difficult to break down a normal building door. It has hinges that can be broken or it can be just rammed open. Normal building doors aren't made to stand against such forces. The police rams down doors all the time. The person responsible for the fire has to cover the damages or if the person is insured it is covered by the insurance.
@@Robbe1912 I find your scenario way too idealistic.. Even if we make up a number and say it takes 4-7 seconds per door.. thats still per door. it adds up way too quickly in a situation where loss of life is likely from suffocation alone. I want firefighters to have the tools to do their job effectively but where i DO draw the line is a law that is mandating people buy a product from a private company and its not an in house solution.
Now I want to learn more about my Knox Boxes at work.. Didn't know they were using wifi
2020: "I reprogrammed my Knox Box with an arbitrary code injection exploit via WiFi and installed Doom. So now I use it as a server."
@@MrSonny6155 ohh. Don't tempt me..
Hey I mean, the whole would be a better place if it works. Or worse. Maybe actually worse...
100% hack proof, guys. Trust me no hacking this box, it is impossible. No way to hack the box!
The year is 20XX, we are still waiting for the development of a commercial physical public encryption key.
Why not use chips, like car keys?
It's not the first time someone has thought of this.. The thing is, having a key is not necessary, and having a key doesn't mean that there's not other forms of security. One of the key components of a top notch security system is a pre emptive notifications system. So, take the key from the Knox box.. By the time you have the key in your hand, they know you are there. It's only a matter of how fast they are set up to respond.
Right. So those people in the video who used Knox box keys to get into a building and steal packages... Maybe if you tell them this they'll return the packages.
One major improvement would be to explicitly use a number code that passes through a circuit that unlocks a lock, and the circuit could be npossible to invert.
"only firefighters have access to the key"
the last time i checked firefighters are people too and people can have bad intentions/ be corrupt. city wide back doors to every commercial building is a bad idea
Bad idea until an emergency. Needed in some capacity.
@@dust7962 Fire fighters are trained to break in fast. They have powerful tools for that exact purpose. And they are legally allowed to do it.
So just axe through that F...ing door and don't waste time looking for that box which contains an old key that doesn't fit the lock because nobody thought about it the last time they changed the lock after some crackhead jammed a metal piece in it.
@@christianbarnay2499 what happens if there's a secure door inside meant to resist forced entry? Can't exactly brute Force your way in everytime.
@@dust7962 Secure doors that can resist fire fighters entry gear are very rare and require some paperwork and special procedures to be approved. Usually the setup includes passive and active fire protection measures (insulation, automated extinguishers) and an acknowledgement that fire fighters don't have to get in that area.
Those are mostly found in bank vaults and a few military sites.
That one dislike has to be knoxbox
I would dislike it for the fucking lip smacking into the mic
Excellent "key takeaways" :) Great talk!
Thinking about Saflok, electronic would be way to go. If new keys needed to be made, they can be used to disable the prior keys. Just need to go to each lock and insert new key once to rekey them.
What is needed is a constantly changing key EG a one time password that has an expiry of long enough to be safe but short enough to be secure.
All security systems fail at some point. ALL of them. Every one. (15 years of banking experience.)
"Nothing is fool proof to a sufficiently talented fool" - Stephen Hawking.
"Nothing is hacker proof to a sufficiently talented hacker" - Every Hacker Ever
jfan4reva the best you can hope for is to appropriately scale all aspects of your security to the anticipated threat as justified by the value of the content. For the private owner: If you can’t afford to have insurance on whatever it is, you probably shouldn’t have it.
"It cannot be hacked"
That's a challenge, not a statement of fact.
Awesome talk dude, one year later
A good electronic version could use an improved variation of ASSA's CLIQ cylinders, where the key already contains a battery, a microchip and an expiry clock. The emergency services version would use strong public key security, with per key serial numbers and the key becoming useless 10 hours after being presented to the duty Sargent at start of shift. The key signing machine at the firehouse would need to get online with the one of 3 state buildings (in Capitol and a spare city) every day or it can't issue after a week of being offline. At a hurricane sized outages, emergency reactivation codes can be distributed to firehouses by military couriers visiting twice a week. Such a lock would also accept a completely unrelated key code that is unique to the owner and sold with the box. Because CLIQ keys include a traditional mechanical key, they can be cut to fit the old/cheap boxes in the city, so the firemen don't need to guess which key to use, and thieves can't see which boxes have the weaker security.
Cliq (and the Medeco XTs) are not generally suited to outdoor conditions where these live. And more complexity = more potential points of failure.
That’s the first time I’ve heard of a Knox box and key escrow, because I’m not from the USA, but it should have been instantly recognized as the stupidest thing anyone has ever heard of the moment it was proposed! And maybe it was, in other countries.
The statistics don't agree with you. Knox Boxes have saved thousands of lives, and have only been compromised a handful of times.
great talk, love that the audio is decent!
Ahhh the political world of lobbying for contracts which should be outlawed in my opinion. This is how catastrophic failures happen either to save a few bucks or to reward a lobby who contributed much money to their campaigns. That's how we end up with subpar infrastructure and or situations like this. Not to mention Microsofts situation similar to this. Here is real..... THEY WANT IT UNSECURED ONLY TO APPEAR SECURE. THE SAME WITH PCs ETC. THE SAME PPL WHO ARE SUPPOSED TO SERVE US HAVE ONE LEG IN BOTH THE GOOD AND BAD WORLDS.
Just like in the medical fields there isn't any profits in creating cures
Why not install the box, for code compliance, leave it permanently open, with a message "use your axe on the glass door" or something?
wait...you have to install something like that, or you get arrested ? 3:13
What a Shithole...
You could circumvent this problem with the solution that you 'forgot' to put your key in the box. Or even better put the wrong key in.
I don't know if they check the boxes yearly but it seems like they don't.
I also don't know why they use it anyway bc who cares about a broken door if your house burns.
It’s part of fire code there...
Depends on how rugged the door is. A key is almost always faster.
Yoh this is a sick talk, flip bro is smart!
9:35 What happened to the audio?
"this isn't a huge issue" absolute fucking mad lad
Iberia, Liberia?.. now should spend his great intelligence on designing a Knox Box that actually IS as close to 100 % safe as possible. Some really good automation I think is what it would take.
How to solve this problem. Connect the nox box to your fire alarm system. If the box is opened, sound the fire alarm and call the fire department. This makes it like pulling the fire alarm to open a fire door to get in a room. A very loud attack.
Nvm i see now its a option allready -_-
Firefighters are legally allowed to axe doors and windows in case of emergency. The problem never existed in the first place. Just let firefighters do their job and don't mandate that they waste precious time looking for that box hoping the key inside was updated the last time the lock was replaced.
Sponsored by Shapeways™
electronics keys/locks that are open if there is a power failure 'safe off' are not really the solution....
electronic solution may not work altogether in case of fire....
While good in theory, any master key based system is inherently flawed. All the "bad guy" needs to do is get that key and they can break in to every building in the city.
If you're going to add such an obvious backdoor, you might as well just not have any locks at all.
I mean, at least they're making it... Slightly inconvenient?
Much, much, much more expensive, but hey, at least it's inconvenient!
Is it better to cut the lock in half like shown in the video, or could you cut the lock from 12 o'clock down to the point where it snaps in half? Then you could sandwich putty in between both pieces of the lock for a physical copy.
Not really possible. First, the pins aren't held in the right position when there's no key inserted. The correct key moves the pins into the correct position to open the lock, and until its inserted the pins are held in a different position, locking the tumbler.
Further, if you cut the tumbler in half like that, the pins would no longer be held in place, they'd fall right out, and all of your info about the lock would be lost.
Also you'd have to cut the pins as well, further destroying your info.
Whats with the echoey audio at 10 minutes.
Mic battery prolly went out so we got the camera mic for a bit until they got it fixed. Thats my guess
Idk but it goes away after a minute thankfully
Nine minutes before the audio fucks up. Is that a high score?
12:24 somethings up
Could be a removable/swappable core system, similar to what Best does with the majority of their locks. He probably said something about making a master key/removing and replacing the core.
I am surprised more of these aren't tied into alarms of some sort. Given that the only people who need to access these boxes are firefighters (who are presumably only doing it if there is an emergency AND they cant just enter through the door because its open or there is someone there to buzz them in) then there is no reason that opening the Knox Box shouldn't trigger the fire alarm (if it isn't already active via smoke detectors or other systems). Burglars are a lot less likely to do whatever it is they came there to do if there are alarms blaring and they know that the emergency services are on their way.
It's laziness and/or cost on the part of the installers. Most Knox Boxes are sold with tamper switches.
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." ~ Richard Saunders
never understood why they don't just alarm the lock boxes. If it's really the fire department no problem.
Lockpickinglawyer would probably unlock it with his bare hands
They could offer a service where they switch out locks like crypto codes were switched on a regular basis during ww2.
Every sweep would cost a few million dollars to change hundreds of thousands of boxes. And you can't switch all of them at once.
The reason code books were so valuable was that they contained settings for the next weeks or months. Yesterdays setting were typically destroyed after use.
So if you have a huge warehouse with 100000+ new locks, what are the odds one of those will go missing?
Isn't the main problem that once a key gets lost by the fire station the whole system is screwed?
The only solution, in my opinion, is that a person who has access to the building has to hand over the key in an emergency. Although this is a slow process that can and will go wrong.
I have no other Idea how one could otherwise ensure that one lost Key won't screw up. (The only other way would be an electronic system which can deactivate keys, which would need all the locks to be connected to each other...)
Have a look at the Knox KeySecure on their website. It's an audited system for keeping the keys out of unauthorized hands.
@@portlocks2051 That is missing the entire point of this video. Once it’s out, all that needs to happen is for someone to take a photograph of the key.
8:01 they should have used asymmetrical encryption...
I would love to see a physical Diffie-Hellman key, lol.
How does the owner access the box to place/replace his keys? It did not appear to be a master key system, and if you had your personal key with it then you could have gotten the keyway from that.
You call the fire department, and they come out and open it for you to access the keys inside.
@@marccerisier So each time a crackhead jams some metal piece inside the lock you have to call the fire station. Talk about wasting everybody's time.
Installation is recommended at 8' elevation on the building, out of the reach of most crackheads.
"why are intentional back doors a thing?"
first fire escapes are great, and neighborhoods are even designed with multiple exits to emulate the multiple exits of buildings.
seccond, firemen can carry firearms to get in nearly anywhere. instead of having keys, one could have a starter pistol which if held right next to a lock would have a similar effect to shooting it.
intentional backdoors exist because motive about access is all about time. locks don't exist to keep people out but to cost them time for emergency personel to arrive. fire marshals don't need to be delayed.
then they should probably bash the door in. it would likely be quicker than a firefighter trying to open a door with a key in a lock that might be rusted or the keys missing from the box. its just dumb altogether for such a wide usecase
Awesome. Putting that
9:36 Talking about duplication.
Scary - but very cool. Thx!
Ad for Shapeways?
Thanks
If you're ballsy enough you can actually grab a Medeco key tight in your hand and punch something... like accidentally snatch it while falling and imprint your hand then take a pic of that. Keys have limited numbers of stops and the spin-pins have rather loose tolerances. No need to keep playdoh.
yeah dude just shove it up against a clear patch of skin on your belly and run to the toilet for a quick photo
what about put a dummy key in the box?
I suspect there will be fire inspections from time to time and if they key does not fit, you are put in jail.
What if firefighters are thieves?
They don't need to be thieves. Just normal humans who can lose a key in the middle of intense action. A fire department lost 850 keys over several years.
Great talk dude (:
Oh that reminds me of a joke
Knox Knox.......
I mean we could have just bought a medico lock that comes with medeco key with the same key way
no you could not have
@@keyboard_toucher www.ultimatesecuritydevices.com/High-security-medeco-cam-lock-kit-with-length-and-keys-options_p_478.html?gclid=CjwKCAjw-7LrBRB6EiwAhh1yXx5zlOcY2S7iuHcr0CrccbygZ8OoNhxT6H27SYv-IScU6G5Pxbc4VhoCZvoQAvD_BwE
@@lordmalice6713 nice find. is this the same lock that they use in their boxes?
@@keyboard_toucher not the same lock used in the boxes yet it is interchangeable and uses the exact same keyway profile the only reason I bring this up is because instead of paying 750 bucks for the box you can pay forty bucks for the lock to get the same results I don't know this man's research and how he came to the conclusion that he did I'm just saying it could have been cheaper just to buy this I've been looking at locks and locksport UA-cam for a long time that's the only reason I know that medical uses the same profile for pretty much all of their locks the major difference from this particular camlock and the one in the Knox box is that there is I bet more hardening of the as well as corrosion resistance
The point is when you buy the box, you get it keyed the same as every other box in your [area].
@lockpickinglawyer
Wants to know your location.
@@bmmmchichibmmm ?
#whoyougonnacall
Honestly I'm sure he's already done this but wouldn't post it.
In germany such boxes mostly come with tamper alert. We also use city-wide keys that are stored in the fire department. It's far away from perfect, but better than nothing.
Und jetzt werdet bitte noch die Afd wieder los
fearlessTobi
Und was hat das mit dem Kommentar oder dem Video zu tun? Meine Fresse, gibt es keinen Ort mehr, an dem man nicht von Links oder Rechts mit Politik zugeschissen wird, obwohl das komplett am Thema vorbei ist?
Well, it's just a lot easier to not have a knox box. Aren't Fire Fighters supposed to have Battering Rams, Fire Axes and that shit... How fucking hard is it to just bust down the door. Who needs a key, if the house is on fire, a non-destructive entry seems pretty dumb, after all, it would only delay entry and as such increase the time until the fire could be put out...
artificial intelligence 2000 yapanda TDPM (Trans Dermal Pulse Modulation) ... Where keys are programmed into your skin through a dermal transmitter.
shapeways like this video
I don't think there is one Defcon that exists without some guy fucking the sound track up...
Do you guys want a sound engineer? Someone who knows WTF they are doing?
this talk is almost a copy of a defcon talk from a few years ago
That system is so ungodly stupid. If my building is on fire just break the fucking door. Replacing that door is a small price to pay to prevent the building from burning down or thieves easily doing a B&E with a Key.
clicked on the video thinking about people who cant hear but still interesting.