Lock picking and security disclosure

Slate is running an interesting article about taking new security approaches to lock vulnerabilities. In the past, lock makers such as Medeco have been able to quietly update their product lines to strengthen their security, but as movements such as Locksport International gain popularity and lock picking videos on YouTube become dime a dozen, lock makers can no longer rely on security through obscurity. It’s no question that an increased interest in this field helps lock manufacturers to create more secure products, but because patching these flaws often means changing critical features of the lock, it becomes a very expensive game of cat-and-mouse.

Traditional lock picking has employed the use of picksets, like the credit card sized set given out sold at The Last HOPE, but more recent methods of lock hacking have used bump keys or even magnets. However, as manufacturers make their locks less susceptible to picking and bumping, not even high-security locks will ward off someone determined enough to create a copy of the key, either by observing the original or using impressioning, as [Barry Wels] covered in a recent talk at HOPE 2008.

Bump key experiments

[Barry] took one of his blog readers comments to heart and started wondering just what happens when you bump a lock. As suggested, he made a cut away lock core and started experimenting. [Barry] doesn’t have a high speed camera, so he tried some alternatives like filling the chambers with grease to indicate pin movement. Master Lock put together a nice video demo of lock bumping (in order to sell their new bump stop gear).


Get every new post delivered to your Inbox.

Join 91,428 other followers