3D printing the key to escaping handcuffs

handcuff key 3D printed

Two 3D-printed, one laser-cut copy of handcuff keys. (Credit: Forbes)

You may recall our story of gangsters using 3D printers to create ATM skimmers. Now we hear there is another way for criminals to use 3D printing: by printing copies of high security handcuff keys.

I haven’t seen a report of someone actually escaping handcuffs with a 3D printed key yet, nor have I read a report of anyone being arrested with the copied keys (if that is even against the law), but the CAD files to print the keys are out there now, created by a hacker that goes by the name of Ray. He says he’s done it as a public service, to alert high-security handcuff makers of their Achilles heal.

In a meeting of the Hackers On Planet Earth (HOPE) conference in New York, German hacker and security consultant “Ray” demonstrated the new security concern by opening handcuffs built by the German firm Bonowi and the English manufacturer Chubb. Both of these firms try to control distribution of their keys only to authorized buyers.

You might wonder why this is an issue at all, given that each lock as its own unique key. Problem is, all handcuffs from the same manufacturer model have the same key, a master key so to speak. With one key, you can open any of the handcuffs. Now that’s a problem. Anyone arrested, if he had a key in his back pocket, could slip away.

Ray bought his original Chubb key from eBay, and the more rare Bonowi key through an unnamed source. Then, with some precise measurements, he was able to create the CAD design and subsequently print copies of the keys in Plexiglass on his friend’s laser cutter and also in ABS on a Repman 3D printer. As anyone reading this blog knows, both are widely available.

It didn’t take long for someone to pick up on this and start selling the keys. A lockpick vendor is already selling the Chubb keys the HOPE conference for $4 each. What’s next? Ray says he will upload the files to 3D model repository, Thingiverse, soon.

Lest you think that Ray is a bad guy, he says he is doing this to alert the handcuff manufacturers of their vulnerabilities. As much as I’m no fan of hackers, I think I believe him since he also said that he will not post the CAD models of Bonowi or Clejuso handcuffs online, because those keys are harder to get a hold of, and making these available could pose serious security issues. He says he’s already accomplished his goal of sending a wakeup call to the manufacturers.

It sounds to me like the handcuff industry has reached the moment that they must rethink the whole idea of a physical key. It does seem a bit archaic now doesn’t it, anyway?

Source: Forbes