Security researchers have developed a technique for copying house keys using only a picture of a key.

The approach - developed by computer scientists at UC San Diego - requires no physical access to keys and only a relatively low resolution picture for the software to work. Boffins at the university said they developed the approach in order to nail the false belief that keys are inherently secure.

In one demo, the computers scientists took camera phone pictures of a residential key to pull out the information needed to create identical copies using image-recognition software. A second exercise featured the use of a 5in telephoto lens to take pictures of a key from 200 feet away.

The keys analysed had a series of five or six cuts, spaced regularly. The San Diego team developed software (dubbed Sneakey) that was capable of analysing photos from nearly any angle to measure the depth of each cut, the so-called bitting code. This, alongside knowledge of the brand and type of key, is enough to make a duplicate.

Adjusting for a wide range of different possible angles and distances between the camera and the target key created headaches for the researchers. They got around this problem by matching control points from a reference image onto the equivalent points in the target image.

"We built our key duplication software system to show people that their keys are not inherently secret," said Stefan Savage, a computer science professor from UC San Diego’s Jacobs School of Engineering. "Perhaps this was once a reasonable assumption, but advances in digital imaging and optics have made it easy to duplicate someone’s keys from a distance without them even noticing."

Savage added that some locksmiths have been able to copy keys by sight from high-resolution pics. The development of better image processing software makes it possible to extract the necessary data with far less expertise. The researchers carried out the exercise using Yale keys and its not clear how effective the approach would be using other types of keys.

Professor Savage presented the student-led research at the ACM’s Conference on Communications and Computer Security 2008 in Alexandria, Virginia on Thursday (30 October). ®