This article is marked as 'retired'. The information here may be out of date, incomplete, and/or incorrect.
Matt Blaze of AT&T labs published an interesting research paper detailing a troubling fundamental weakness in master-keyed lock systems. These are the type of locks where each lock accepts a unique individual key, as well as a “master” key which can open any lock in the set (not specific to Master brand locks). This weakness allows any person with access to a non-master key in the set to very easily fabricate a copy of the master key.
One needs very little skill to exploit this weakness, and it leaves behind no evidence. It can be accomplished with nothing more than a couple blank keys and a metal file, and the attack can be carried out incrementally over a period of time. But it requires no more than a few minutes in total.
The security implications of this simple attack are very serious, since these locks are often used in government offices, schools, and businesses as well as some residential facilities such as apartments, dormitories, and condos. Originally the findings were quietly provided to the lock, law enforcement, and security communities, but since details starting circulating in the underground world, AT&T labs thought it best to make the information public, so institutions using master-keyed locks can become aware of the vulnerability, and take whatever countermeasures they see fit, if any.
From the paper: