This month’s Wired magazine has an extensive profile of [Marc Weber Tobias]. He’s a professional lock picker that delights in coming up with new techniques for taking on high security locks. In recent years, he’s run afoul of the US’s premier high security lock manufacturer, Medeco, by publishing Open in Thirty Seconds with [Tobias Bluzmanis]. Medeco still denies that this is even possible. Wired decided to to test the team by purchasing six new cylinders and timing them. Each one was open in under nine minutes. You can see a video of this on Wired’s site.
Last fall we covered a decoding attack against Medeco locks by [Jon King].
[via blackbag]
That is amazing… Why can’t lock manufacturers hire lock pickers to learn how to improve their product?
Some do. This is the source of his income.
“You can see a video of this on Wired’s site.”
Elliot, why not post a link to the video? I can’t seem to find the article you’re talking about unless you mean this one:
http://www.wired.com/threatlevel/tag/lock-picking/
This guy’s great. I didn’t realize that whole kryptonite lock fiasco was his doing.
http://www.wired.com/video/
@wolf, I remembered it because I read all about him when it happened. I love it.
@ssimon, thanks for the lack of help. I’m certainly not computer illiterate, it was the fact that there are several videos on wired about lock picking that mention Tobias and I don’t know which video Elliot was referring to.
This article was dragged out for six pages, it only needed about 2, but was still a good read. Tobias does exactly what I do to software and I get the same response he did. None.
@Jay: Go to red hat, ibm, or microsoft and try to do things other than the routines laid out by team leaders or execs. You get fired no matter what your skill level. You play nice with exploitable software bugs the most you can get out of it is a reputable trademark and usually not that.
If a person creates something innovative, big firms and companies will try to buy it, and if that doesn’t work they reverse it and try to beat the person to the patent office.
That’s the ideology behind every industry from localized manufacturing up to scientific and defense contracting. It’s dog eat dog.
I could relate this to major innovations in open source software, but I’ll keep it relatively short. most innovations are kidnapped by trademarks even in open source; they obey the economy gods too.
lock picker WHO has run afoul
sorry but that’s a major pet peeve of mine. People deserve to be called people.
I love this lock picking lark! Especially bumping its so easy!
@sum1 the phrase “pet peeve” is a major pet peeve of mine. Particularly since I haven’t heard anyone say “pet” or “peeve” in that sense in any other context. It doesn’t sound clever, just cliche.
У автора очень приятный слог
as a finn, it’s always interesting to see pin tumbler locks [1] such as those in the videos in the article used abroad even in the supposedly high-security applications, when in Finland the norm even in low-end household locks is the simpler yet much more secure disc-tumbler type [2]. this has to do with the fact that abloy company which developed this type of lock back in 1907 is a finnish one [3].
the disc tumbler lock doesn’t have any springs and so can’t be bumped. also the keys are much harder to duplicate, especially the newer ones.
a fun thing that i didn’t now before is that medeco is nowadays owned by assa abloy, yet the company markets the less secure offerings of their lineup for high-security customers.
[1] http://en.wikipedia.org/wiki/Pin_tumbler_lock
[2] http://www.abloyusa.com/operating_principles.htm
[3] http://en.wikipedia.org/wiki/ABLOY
используйте английских идиотов
@hum4n I’m sorry to have bothered you. I wasn’t trying to sound clever. I’ve encountered the phrase “pet peeve” in exactly that context many times, probably more than I’ve encountered the words in other contexts, I don’t see how there’s anything wrong with that. It’s also odd that you say it’s cliche while also saying you’ve never heard it, the 2 are mutually exclusive. Now that that’s over with, on to substantive discussion.
What is wrong with simply using digital locks? That way there is no lock to be picked, you can’t open them unless you completely smash the lock.
@john: 30 bit crypto based passive transponders have been working for the automotive industry for decades. The only thing close to it being attacked in the wild was an algorithmic approach with an array of fpgas and proprietary code by some university researchers. It’s a real time response system between the key and the ASIC in the ECM or BCM of the car, here the asic would be in the door unit.
It’s been done by GM with resistors. Honda actually used them in the prelude in the mid 90s and they never failed.
It’s been done by GM with resistors.
it was a nice attempt, but hardly secure
Abloy products are indeed brilliant, but not so competitively priced in the USA. Given the fact that many hardware pieces require modification to enable abloy cylinders to fit, adds significantly to the end users costs.
The only 100% guaranteed bump proof pin tumbler on the market is Bilock. It is competitively priced, aesthetically pleasing, fits broad ranges of existing hardware negating the need to replace hardware. Effectively reducing the end users cost.
Not to be too cynical but hearing claims like this about Marc Weber Tobias reminds me of a few locksmith conventions where manufacturers of magic “by-pass tools and pick sets “readily demonstrated how easy to pick high security locks open in minutes either in person or on video tape. For God’s sake it is the 21st century, video editing such as cutting, pasting is as smooth as most courts would not allow it as evidence unless a digital camera was in use. Digital video or photography cannot be edited without leaving obvious forensic trails! It is almost like watching infomercials at 4: am on TV about how everybody can make millions of dollars without any educations and experience. I know for fact that these “trade show experts” are pinning the cylinders in advance with two or three pins and Valhalla the lock just opened in three second. Locksmithing is based on the law of physics and science and not on “secrets that can be reviled to the public for $9.99 and implemented without experience and knowledge of the trade. Marc Weber Tobias is an attorney not a locksmith by any stretch of imagination. I could not find any evidence of his self proclaimed “expertise in locksmithing or lock picking on the web. And why is he picking on MEDECO? Why not ASSA or ABLOY or MUL-T-LOCK? I personally know people that claim they can “open” high security locks like Medeco and Mul-T-locks. But I have yet to meet the locksmith on the job where they can demonstrate how to pick high security locks like Medeco and such. Most so called locksmith can’t even pick a standard lock open let alone complex high security locks. Drilling a perfectly good lock open does not make you a locksmith. Neither “picking high security locks open” on a video tape on the internet. When you see a lock installed on a door the first time in your life, and the customer that you charging $130 is waiting for you to pick it open in three minutes then show me what you made of. The major difference of Medeco locks as oppose to conventional pin tumbler locks that Medeco pins are rotated and elevated, either to the right or left or center in various degrees. While conventional pins are only elevated. Now as far as picking Medeco locks open, how on earth would you know the possibilities of the direction and the degree of the angle of rotation, without taking the lock apart? The tolerance is about two thousand of an inch, half the thickness of a US dollar bill. Mathematical possibilities of six pins, each one can rotate three different directions in several degrees. How many thousands of possibilities are we talking about here? There is a difference between professional locksmithing (not residential locksmithing) and internet lock enthusiasts. One caries responsibilities, people’s life and safety depend on. The other is merely a hobbit.
How many of you people who are standing blindly and gloating about Mark Tobias claims about picking Medeco locks, are actual skilled, knowledgeable licensed Locksmith with any real work related experience. Making ridiculous claims about lock picking on videos is not real work related experience. Having graduated on the top of my class from New Jersey School of Locksmithing and worked five years in the field of Institutional Locksmithing. I know facts from fiction, and reading peoples’ (novices) responds to Tobias’s claims makes me smile a little bit. How many breakings have you heard about where sophisticated thieves by passed Medeco locks? Or Tobias is the only one here with brain. Sure let’s knock Medeco; but wait we can offer you a better high security lock that is better. How is Mark Tobias employed by? How is financing all these web sites where Tobias is connected? Has anybody ever witness Tobias opening Medeco locks on somebody’s door. I watched some of Tobias videos and what I find interesting that they did not insert and turn the original key in side of the Medeco cylinder (“before picking”) to let us know that it is actually pinned up. Then they should’ve inserted a key with the same keyway with different cuts showing that the wrong key is not turning the plug. Just to see that there are actual pins inside the plug. Or how about inviting us Professional Locksmiths to these events and let us pin up the Medeco cylinders and cut keys any combinations we choose to. PC it is very easy to pick any lock with only a couple of pins inside. I understand that some of you will be offended by what I’m saying but it is very hard to reason when people don’t even know what they don’t know about what they’re making claims. Locksmithing is not something that you can become proficient of by surfing the web no matter how long you’ve been blogging. How many of you dumped the inside of a mortise lock and put it back together in a half lit damp and cold hallway sitting on the side of the stairs while people walking by and your phone is ringing off the hook in about three minutes? On my web site I will offer any body hundred dollars that can pick open a Medeco lock located on one of my customer’s property in fifteen minutes or less. Then it will be recorded on a digital video camera so editing is going to be impossible without obvious forensic evidence. Good luck every one and good night.