Open An AXA Bike Lock With A Blank Key (Doh)

[Barry] sent in his writeup and video about a serious vulnerability in the AXA bike lock. (One of the most popular locks in the Netherlands.) It turns out that quite a few of them can be opened with a blank key. [Barry] demo’s the hack, and has some comments about the lame efforts of the manufacturer. If you enjoy interesting reading, check out his blog covering lock picking and physical security.

18 thoughts on “Open An AXA Bike Lock With A Blank Key (Doh)

  1. Why did this make it to hack a day?
    thoes locks are just for show anyway.

    From what i remember about my trip to amsterdam – (and it isnt too much) I think they are designed to be held on with plastic zip ties.

    oh well

  2. yeah you can attach them with zip ties, but the lock is still around you’re wheel, so you can cut the ties so the lock is not attached to the frame anymore, but it’s still locked around you’re wheel then

    must study some more english what i said can be said in one sentence i guess..


  3. I was just going to go and get one of those for my bike for quick trips into the shop and stuff! I am in Amsterdam now, and have an Axa bike chain and it is great… but now i am questioning it… They should definitely do a recall and give people proper ones! (They did in the US, with the lock that could be opened with a bic pen, for fear of being sued!)

  4. I live in the netherlands, and it’s cool to see a dutch hack. (sprite_tm also has a lot of good hacks!)

    this bycicle lock (type SL7) is ought to be one of the safest locks around.. they later made a SL9 type which should be even better.
    according to the advert, an older batch of both lock types is vulnerable. i have this lock too, and it scares me! I’m certainly going to try this, because i’ve just lost my key last week..

  5. Ya know… I’d bet this would work on just about any lock. Given the way pins fall, using a blank key is a really easy way to push them all past their separation, and easily apply torque as well. Just twist and pull out slowly, and hope the pins fall onto the edge of the internal cylinder. It’s what most lockpicking is based on anyway.

  6. Excuse my ignorance, but I thought that in the Netherlands people just hopped on any old bike and left it wherever they were going and it was kind of like a large community of “bikes everywhere”, or am I thinking of some sort of program where there were just a bunch of “free” bikes and people would drop them off at their destination for the next person to take it? I do remember something like that, but it might explain why the manufacturer wasn’t too bothered by its security, since bike theft wouldn’t be much of a problem with such a program in place.

  7. #8,
    there was such a programme, the “white bike program”.
    there were hundreds of similar white bikes which were free to lend, but you should return them in some place where they can be seen and reused. i believe it was first mentioned in 1965 in amsterdam. there were serveral try-outs, which weren’t very succesful.
    though, in our national park “de hoge veluwe” there are about 1700 bikes, which are often used.

    these locks are not used for these projects and meant for commercial use. i have one too, and my bike was bought 6 years ago with an SL7 lock. i think this one is vunerable and i might by such key today..

  8. This is just a variation on the Bump Key lock pick method. All the pins are in their most extended position and held there by the tension against the cylinder wall as you twist the key. When you remove the key while turning, the pins fall into place. This works on a number of locks.

  9. They just use very cheap non tested cylinders. The locks were never designed to be high security or hard to pick. Just sad the company used them on these locks when for a few extra dollars could have used a higher security lock cylinder.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.