Hack a Day » medeco

Marc Weber Tobias vs Medeco

Eliot — Fri, 22 May 2009 23:39:49 +0000

This month’s Wired magazine has an extensive profile of [Marc Weber Tobias]. He’s a professional lock picker that delights in coming up with new techniques for taking on high security locks. In recent years, he’s run afoul of the US’s premier high security lock manufacturer, Medeco, by publishing Open in Thirty Seconds with [Tobias Bluzmanis]. Medeco still denies that this is even possible. Wired decided to to test the team by purchasing six new cylinders and timing them. Each one was open in under nine minutes. You can see a video of this on Wired’s site.

Last fall we covered a decoding attack against Medeco locks by [Jon King].

[via blackbag]

Posted in lockpicking hacks, news, security hacks

Medeco high security lock picking

Eliot — Tue, 29 Jul 2008 14:40:00 +0000

Despite, Hack a Day seeming to be fairly lock heavy lately, we’ve yet to cover a major story from The Last HOPE. At the conference, [Jon King] talked about vulnerabilities in Medeco locks and presented his Medecoder tool. Medeco is really what makes this story interesting; unlike the EU, the US has very few high security lock manufacturers. You pretty much have to use Medeco and it’s found in many government agencies.

The Medeco locks have a vertical row of six pins arranged like most pin tumbler locks. Unlike your average lock, the rotation of the pins is important. When the key is placed in the lock, it not only moves the pins to the correct height, it also rotates them to the correct orientation. A sidebar blocks the cylinder unless the pins are rotated properly. Each pin has three possible orientations. They’re biaxial as well, which means the pin’s offset point allows for three more possible positions.

[Jon King]‘s Medecoder tool helps deal with the sidebar issue. Each pin in the lock has a groove running up the side. When the pins are in the correct orientation, these grooves are all perpendicular to the lock body and the sidebar can slide into place. [Jon]‘s Medecoder tool is a thin piece of wire with a sliding scale to help you position these grooves correctly.

To pick the lock, you first set all the pins to the correct height. Then, using the Medecoder you find each pin’s individual groove. All Medeco locks have the pins at the same distance from the lock face. The scale on Medecoder indicates where the pin currently is and where the pin should be. You can see [Jon] using this technique to open a lock onstage at The Last HOPE in under three minutes.

This pin vulnerability has been known in Medeco locks since 1974. With the recent release of the Medecoder, Medeco has started manufacturing ARX pins again. ARX pins don’t have the groove cut all the way to the keyway, so they can’t be manipulated by the tool. As we mentioned earlier, unlike software companies, physical security companies have no perceived obligation to patch their install base… even if they’ve known it was broken in some form for 30 years.

The latest issue of NDE has just been released and features a full write up on the Medecoder. It also details the different kinds of ARX pins that have been developed.

[photo: blackbag]

Lock picking and security disclosure

rossfairgrieve — Tue, 29 Jul 2008 01:40:00 +0000

Slate is running an interesting article about taking new security approaches to lock vulnerabilities. In the past, lock makers such as Medeco have been able to quietly update their product lines to strengthen their security, but as movements such as Locksport International gain popularity and lock picking videos on YouTube become dime a dozen, lock makers can no longer rely on security through obscurity. It’s no question that an increased interest in this field helps lock manufacturers to create more secure products, but because patching these flaws often means changing critical features of the lock, it becomes a very expensive game of cat-and-mouse.

Traditional lock picking has employed the use of picksets, like the credit card sized set ~~given out~~ sold at The Last HOPE, but more recent methods of lock hacking have used bump keys or even magnets. However, as manufacturers make their locks less susceptible to picking and bumping, not even high-security locks will ward off someone determined enough to create a copy of the key, either by observing the original or using impressioning, as [Barry Wels] covered in a recent talk at HOPE 2008.