A hacker has demonstrated exactly why you should avoid posting pictures of your house keys on social media.
In the modern world, social media is often viewed as an essential tool for shaping how others perceive us. A 2025 study published in Behavioral Sciences concluded that people tend to share major life updates online for three main reasons: maintaining relationships, expressing their identity, and seeking social affirmation from their networks.
The purchase of a first home is a prime example of the type of life update frequently shared on platforms such as Facebook and Instagram, often accompanied by a photograph of the proud new homeowner holding up a set of keys to their new property.
However, in an era of advanced computing and 3D-printing technology, posts like these may be ill-advised.
Evan Ottinger is a Virginia-based red team operator in the cybersecurity industry. In other words, he is an ethical hacker who simulates real-world attacks to test an organization’s defenses.
“I perform adversarial emulations for clients,” Ottinger told Newsweek. “These are usually covert operations and involve hacking their networks and occasionally breaking into their buildings. At the end of an operation, I write a report detailing what I did, how I did it, and provide recommendations for the client.”
Ottinger has worked as a software engineer at several companies and served in the United States Marine Corps for five years. He said he sees people posting photos of keys outside newly purchased properties online “all the time.”
“Interestingly, I’ve seen this from everyday folks and celebrities alike,” he said.
Learning the Technique
In 2024, Ottinger attended a Red Team Alliance event focused on covert methods of entry. The course was taught by Deviant Ollam, an author and physical security expert known for documenting techniques used to attack physical locks, including impressioning, master-key exploitation, skeleton keys, and lock bumping.
“Ollam taught us several methods to decode, originate, and copy keys, including using overlays,” Ottinger said. “3D printing was discussed in the course.”
The training inspired Ottinger to test the techniques for himself.
From Photo to Working Key
Starting with a photograph of a set of keys, Ottinger set out to see whether he could create a copy.
He began by using Ollam’s key-decoding overlays, which are freely available online. These transparent templates can be placed over a photograph of a key to help determine its cut depths and bitting code, making them a key-analysis tool rather than a lock-opening tool. By aligning the overlay with a key image, users can compare the cuts against reference markings for a particular keyway and infer the key’s code from those measurements.
He then fed that information into Ervanalb’s Keygen, a CAD tool capable of generating a precise digital model of a physical key using its measurements and code.
Next came the image-processing and alignment stage. Ottinger used the GNU Image Manipulation Program (GIMP)—an open-source graphics editor that can manipulate images, measure objects, adjust perspective, and work with layers and overlays—to extract measurements from the key photograph and refine the digital model.
Printing the Key
All that remained was to print the key on a Bambu X1C 3D printer using PLA filament.
“With the exception of the printer, all of these tools are free and open source,” Ottinger said. “That means anyone can use them. And while I used a 3D printer, they’re not required. Keys can also be cut and filed by hand, or with commercial key cutters.”
Ottinger admitted that there was a point during the experiment when he thought: “There’s no way this works, right?”
But it did.
He said that within the hacking community, this would be considered a relatively “trivial” attack.
“For a practiced individual, it takes about 10 to 15 minutes from downloading the image to taking the key out of the printer,” Ottinger said.
A Chilling Realization
For Ottinger, the implications were unsettling.
“Normally, surreptitious entry—think lock-picking—leaves behind forensic evidence that can be discovered and analyzed later,” he said. “Using a key is covert. It doesn’t leave any of this evidence behind and looks normal to passersby. This is the sort of attack that would keep me up at night as a defender.”
Ultimately, Ottinger hopes people take one key lesson from his experiment and the video documenting the process: treat your keys the same way you would treat your passwords.
“They’re not something you want to display publicly,” he said. “The systems we take for granted when securing our homes and businesses aren’t magical. It’s possible for people to learn how they work and leverage that knowledge for malicious purposes.”
He added that, when it comes to security—whether digital or physical—it is no longer enough to rely on a single layer of protection.
“A layered defense, such as adding cameras and alarm systems, makes a home or business a harder target for adversaries to compromise,” he said.
Contact Newsweek editors on this story: Rebecca Flood and Emma Lee-Sang
Click Here For The Original Source.
