Thinkpad Dock-Picking

Hackers at the “RaumZeitLabor” hackerspace in Mannheim Germany have noticed that the locking mechanism on the thinkpad mini dock is extremely easy to circumvent. Sold as an additional layer of security, the mechanism itself is not really secured in any way. The button that actuates it is locked by a key, but the latch isn’t secured and can be accessed via a vent on the side. They are using a lockpicking tool in the video, but they say that even a long paperclip would suffice.

We know that no security device is perfect, and if someone really really wants it, they’ll take it, but this seems a bit too easy. Maybe the next version will have a little plastic wall protecting the latch from being actuated manually.  Hopefully if security is your main concern you are using something a little more robust that a dock-lock.

[via the RaumZeitLabor hackerspace (google translated)]

Comments

  1. MrX says:

    So far kensington locks have been pretty reliable..

  2. Alan says:

    I can remove my W500 from the dock by just pulling hard enough.

  3. Nomad says:

    @Alan: you can do pretty much everything with enough force…but that’s not the point.

  4. Alan says:

    @Nomad: It is if it damages no parts. Nobody would ever know it’s nicked. Might as well secure it to your desk with a magnet.

  5. Stevie says:

    Nice hack. The video felt a bit OTT bu I guess you can’t argue that it showed the weakness well enough.

    If I’d bought it for the security feature, I’d now be looking to return it for a refund.

  6. if it could have just as easily been “picked” with a paper clip… then why not use that in the video? I mean wouldn’t that hit the point home just that much harder?

  7. b says:

    This has legitimate uses. A colleague once locked himself into my dock while I was on vacation. I wish he would have done this rather than breaking my docking station.

  8. Matt says:

    The IBM docks have been notoriously lax in security. The dock for the T40 series is a prime example. All a would be thief would need to do is stick a paper clip into the key way and press down on the release button. It takes longer to read this comment than it does to open that dock.

  9. Mr. Coffee says:

    Considering I’ve accidentally done this when I lifted the docked laptop to clean under it… well, yeah

  10. anon says:

    It doesn’t matter if the lock works or not. It shouldn’t be part of any security plan anyway. The data is always going to be more valuable than the hardware. Full disk encryption and encrypted communications should be the concern.

  11. Glenn says:

    They market it as security, so you only need to purchase one Kensington lock. On the face it looks good to a normal non-HR manager who generally makes the purchasing decision, as you can use a Kensington lock to secure the Dock, then the Dock to secure the laptop…

    The best bet is to use Kensington locks on both the dock and the laptop for real security. (The laptop key-hole is still accessible when it’s in the dock.)

  12. anon says:

    The fact that we didn’t use a paper clip in the video is that using a paper clip works, but it is a bit harder to do and less impressive for a video. As you can see, we were pretty fast using the pick tool with a docked ThinkPad, but we were much slower in the side view (the camera was in the way). So I guess it’s all about training.

  13. anon says:

    Kensington locks? Secure?! Oh please.

    Do a video search for “kensington lock toilet paper” to see them opened quite easily using only the cardboard of a toilet paper roll. Been featured on boingboing in 2005.

  14. onyxphase says:

    It’s sad that i had to do this to a T-60 stuck in a dock because someone lost their key.

  15. hammer says:

    Thank you, I have recently been searching for details about this subject matter for ages and yours is the best I have found so far.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 93,803 other followers