Sep 132007
The Medeco M3, the new UL 437 and ANSI 156.30 certified lock (which specify protection from covert entry for 10-15 minutes), can easily have one of its three primary security features bypassed. The feature in question is the new slider mechanism which can be retracted with any piece of wire (including a paperclip) as is shown in this video by Marc Tobias:
YouTube Video
While this bypass technique doesn’t open the lock by itself, it paves the way for existing Medeco attacks including illicit key duplication and bumping.
A detailed written description is also available at:
The Medeco M3 Meets The Perilous Paper Clip
If I’m not mistaken, this little discovery came from the mind of Eric Michaud. We might remember Eric from his development (at least conceptually) of a comb-attack-like bypass for the Multilock Interactive.
I can’t say for absolute certain it was Eric’s thinking that brought this about (and I’m sure he’d confirm it one way or the other – but it was at Defcon in 2006 that, while talking shop in his hotel room, he explained in detail to me how this exploit works.
Seemed odd to me that I couldn’t find any reference or credit to him in the Engadget article.
Thanks for the post though. I think this site is a great resource and has acted as a “highlights” page for the security/locksport world. Keep it up!
Josh