On the last day of DEF CON, I talked to some charity hackers, checked out the lockpicking village, and learned how insecure my router is in the wireless village.
The Open Organization Of Lockpickers (TOOOL) ran the lock picking village at Toorcamp. They gave great workshops on how lock picking works, provided a lot of examples of security flaws in popular locks, and let everyone practice with their locks and tools. Lock picking is a bit addictive, and I spent quite a bit of time at the village.
TOOOL is an international organization that aims to advance the general public knowledge about locks and lockpicking. If you’ve ever wanted to know more about locks, you can check out their list of chapters to see if there’s one in your area, or send them an email to see if there’s other lock picking enthusiasts near you. Their detailed slides that were used for the village are also available.
[Eric] from TOOOL worked on building a lock picking installation called the Labyrinth of Locks. The first prototype of this consists of locks enclosed in 3D printed enclosures, and lit by LEDs. The goal was to string them up in the woods and challenge people to find and pick the locks. MakerBot Industries printed the orange and flower shaped enclosures that the LEDs and locks were mounted into.
This is a first prototype, and [Eric] plans to expand on the idea and use it at other lock picking events he attends. It’s a neat way to mix lock picking and an art installation into an interactive activity.
At this year’s HOPE conference, German competitive lockpicker and security researcher [Ray] gave a talk about escaping high security handcuffs that are probably being used by your local police and other LEOs. He’s doing this with 3D printed and laser cut keys because, you know, security through obscurity never works.
Two years ago, [Ray] gave a talk at HOPE on 3D printing Dutch handcuff keys (you can listen to his conference as an .MP3 here). This time around, [Ray] copied the keys of Bonowi and Chubb handcuffs, very popular brands for American police. After obtaining a key from each of the two brands, [Ray] broke out the calipers and micrometer and designed his own versions that can be printed on a RepRap or Makerbot, or just laser cut from a piece of plastic; the perfect material for sneaking one through a metal detector.
The .DXF and .STL files for the handcuff keys will be available on Thingiverse shortly. We’d suggest watching
this Thingiverse account (nevermind), as they have the files for [Ray]‘s earlier Dutch handcuff key.
The guys from Bloomington’s Fraternal Order of Lock Sport (FOOLS) sure know how to throw a party! At this year’s DerbyCon event down in Louisville, the group put on an awesome event that combined lockpicking and drinking – what could be better?
The Rumble Challenge is lock picking game where six people compete head to head for the best time. Whenever a competitor masters his lock, the competition is paused so that each player has a chance to take a shot from their air-powered shot dispensing machine. Once everyone has imbibed, the next round starts with the competitors picking up where they left off, in an effort to be the next to successfully open his lock.
The game is controlled by an Arduino, which both times the competition and senses when the locks have been opened. The Arduino relays this data to a computer, which uses a projector to display the contestant’s scores on a big screen. As an added bonus, FOOLS member [dosman] added loud rumble motors to the locking mechanisms in order to throw competitors off their game.
The contest sounds like a ton of fun – we’re bummed that we missed it. If you want to see how the game was put together, check out [dosman’s] build log over at the Bloominglabs wiki.
Hackers at the “RaumZeitLabor” hackerspace in Mannheim Germany have noticed that the locking mechanism on the thinkpad mini dock is extremely easy to circumvent. Sold as an additional layer of security, the mechanism itself is not really secured in any way. The button that actuates it is locked by a key, but the latch isn’t secured and can be accessed via a vent on the side. They are using a lockpicking tool in the video, but they say that even a long paperclip would suffice.
We know that no security device is perfect, and if someone really really wants it, they’ll take it, but this seems a bit too easy. Maybe the next version will have a little plastic wall protecting the latch from being actuated manually. Hopefully if security is your main concern you are using something a little more robust that a dock-lock.