Lock picking and security disclosure

Slate is running an interesting article about taking new security approaches to lock vulnerabilities. In the past, lock makers such as Medeco have been able to quietly update their product lines to strengthen their security, but as movements such as Locksport International gain popularity and lock picking videos on YouTube become dime a dozen, lock makers can no longer rely on security through obscurity. It’s no question that an increased interest in this field helps lock manufacturers to create more secure products, but because patching these flaws often means changing critical features of the lock, it becomes a very expensive game of cat-and-mouse.

Traditional lock picking has employed the use of picksets, like the credit card sized set given out sold at The Last HOPE, but more recent methods of lock hacking have used bump keys or even magnets. However, as manufacturers make their locks less susceptible to picking and bumping, not even high-security locks will ward off someone determined enough to create a copy of the key, either by observing the original or using impressioning, as [Barry Wels] covered in a recent talk at HOPE 2008.

Ring of the Devil electric lock exploit

[Barry] got his hands on an interesting electronic lock pick. The ‘Ring of the Devil’ is made of aluminum and has four magnets inside. By rotating it against an electric lock, (like the one in our RGB keypad lock How-To) the magnetic force can cause the electric motor inside the lock to turn and unlock. More details and commentary are on [Barry]‘s site.

Locksport International visual picking guide

[Chronos] let me know that Locksport International released a new visual lock picking guide. The MIT guide is a classic, but not nearly as easy on the eyes. This one covers all the basics and it reads like a comic book.