NEWS via Help Net Security: The 8th annual Malaysian security conference will feature a lock picking competition sponsored by TOOOL USA.
Jeromie Jackson excellent blog, Harmonizing Regulatory Compliance and Risk Management has a great article about Mr Jackson’s physical penetration test of a data center. After failing to pick the Schlage lock to the data center, the team noticed a window which could be unmounted from the side of the door they were on. After hurdling that barrier, it was just a matter of evading the other security layers until their objective (simply leaving a note, in this case) was accomplished. An excellent overview of how even a layered security system can be compromised if the physical aspects of security are ignored.
Harmonizing Regulatory Compliance and Risk Management
There is a nice, short introduction to lock bumping and home security on safetyhomesecurity.net including some recommended bump resistant locks for home owners. Its a little short on facts and specifics but otherwise gives a good, quick overview of the issue.
The Medeco M3, the new UL 437 and ANSI 156.30 certified lock (which specify protection from covert entry for 10-15 minutes), can easily have one of its three primary security features bypassed. The feature in question is the new slider mechanism which can be retracted with any piece of wire (including a paperclip) as is shown in this video by Marc Tobias:
YouTube Video
While this bypass technique doesn’t open the lock by itself, it paves the way for existing Medeco attacks including illicit key duplication and bumping.
A detailed written description is also available at:
The Medeco M3 Meets The Perilous Paper Clip
Recently there has been a rash of ‘bumping’ (a simple lock opening technique using a specially cut key, see the photo to the right) and lock picking in the news media. Here are links to several of the articles and reports:
YouTube.com, the popular, online amateur video site, hosts more than 24,000 (mostly bad) karaoke videos. However they also have over 200 lock picking videos. Here are snapshots from just a few:
Locksport International (a hobbyist group dedicated to promoting lock picking as a sport) has released a colorful (some say ‘comic book’ styled) guide to lock picking. Actually the guide covers a lot more than just that. It has sections on how locks work, how to disassemble them, how to re-pin the cylinder (change the working key) and even how to make your own lock picks. It also admonishes the reader to strictly follow the lock picker’s credo:
“You may only pick locks that you own, or those to which
you’ve been given explicit permission to pick by the rightful owner”
You can find the entire guide on the LockSport International website at: http://locksport.com/LSIGuide/lsiguide.pdf
On September 11th, 2005, Sportsfreunde der Sperrtechnik (the German lock picking club) sponsored an impressioning contest. Impressioning is the technique of taking a key blank and filing it down to make a working key. This is done by inserting the blank inside the lock, twisting it back and forth, and then filing where marks appears along the upper edge. This year champion was Oliver Diederichsen from the Hamburg Sportsgroup. He successfully made a working key for an ABUS C83 in 6 minutes and 53 seconds. You can watch a video of Mr Diederischsen during the contest here.
To make a copy of key you need a key blank. A key blank is just a piece of metal which is designed to fit into a particular kind of key-way.
Getting key blanks for most locks is easy, you just order one (or a thousand) from any number of manufacturers who make blanks for that particular model of lock. While this system is convenient for locksmiths and contractors, having easy access to key blanks presents a security risk. If someone ‘borrows’ a working key they can easy create a duplicate of it, if a key blank is available.
To prevent this from happening, many high security locks feature ‘patent protected’ keys. Because of the patent, these companies can prevent other firms from manufacturing key blanks and they, in turn, can closely control who can get key blanks for these locks.
However, what if a machine existed which would duplicate the shape of most patent protected keys? Well it does, the Easy Entrie key duplicator is designed to copy the side grooves of almost any key onto standard metal plates so they will fit into various locks. This, in effect, creates a key blank for almost any pin tumbler lock in the world.
The good news is that the Easy Entry can’t cut a ‘overhanging’ groove, which appears on a handful of key designs. These keys are therefore safe from Easy Entrie duplication. Also the Easy Entrie machines currently cost almost $10,000. This effectively places them out of the hands of any hobbyists, but security experts need to be aware that the protection provided by ‘patented’ key-ways is slowly being eroded by advances in key duplicating machines such as the Easy Entrie.
Every year Las Vegas witnesses a strange site (ok, there are a LOT of strange sites in Vegas, just stick with me), thousands of geeks descend on the city for three days of Defcon. Defcon, now it it’s 13th year, features talks by some of the world’s leading hackers (and some hacks, like me 
), as well as, a number of unofficial ‘contests’. One of these is LPCon (LockPickingCon), which is now in it’s third year. LPCon pits dozens of lock pickers, organized into groups of six, against the clock trying to open a standardize lock.
(sorry for the poor quality camera phone shots)
Besides LPCon, there were a number of speeches given on lock picking and physical security. Deviant Ollam and fellow pickers presented an excellent overview of lock picking and some bypass techniques in their talk (the bulk of the presentation is available at http://deviating.net/lockpicking/ ).
(sorry for the poor quality camera phone shots)
A record 67 contestants at LPCon and the large crowds attending the various physical security presentations at Defcon seems to indicate an growing interest in lockpicking and other forms of physical security compromise in the hacker community.