Don't Flash Your Keys on Social Media: Photos Can Be Used to 3D-Print Working Duplicates in Minutes
A seemingly innocent photograph of keys held in someone’s hand can pose a serious security risk, as demonstrated by cybersecurity expert Evan Ottinger. The red team specialist, who is regularly hired by companies to simulate real-world attacks and test both digital and physical defenses, revealed that keys visible in social media posts can be turned into working duplicates without any sophisticated criminal laboratory.
People routinely share photos of their keys online, ranging from everyday users to high-profile celebrities. When the key’s profile and bitting (the unique cuts) are clearly visible, these details can be analyzed to reconstruct the exact geometry needed for duplication. Ottinger used open-source key decoding tools combined with a standard graphic editor and a consumer-grade 3D printer to complete the process.
In his experiment, the resulting plastic key proved fully functional and successfully opened the original lock. The researcher admitted he was initially skeptical, thinking “this can’t actually work,” yet the method proved reliable. For someone with the right skills and tools, the entire workflow—from downloading a social media image to producing a usable key—can be completed in roughly 10-15 minutes.
Unlike conventional lockpicking, this technique leaves no visible marks or evidence of tampering on the lock. To any observer, including security cameras or passersby, the person simply appears to be using their own legitimate key. This stealthy nature makes the attack particularly concerning for physical security professionals.
Ottinger advises treating physical keys with the same caution as passwords. Users should avoid posting close-up images, sharing them in stories, or posing with keys for aesthetic posts. The researcher’s findings highlight an often-overlooked intersection between social media habits and real-world physical security risks.