Deviant Ollam runs a physical security penetration testing company called The Core Group; in a flat-out amazing, riveting presentation from the 2017 Wild West Hackin' Fest, Ollam — a master lockpicker — describes how lockpicking is a last resort for the desperate, while the wily and knowledgeable gain access by attacking doors and locks with tools that quickly and undetectably open them.
Ollam's techniques are just laugh-out-loud fantastic to watch: from removing the pins in hinges and lifting doors away from their high-security locks to sliding cheap tools between doors or under them to turn thumb-levers, bypass latches, and turn handles. My favorite were the easy-exit sensors that can be tricked into opening a pair of doors by blowing vape smoke (or squirting water, or releasing a balloon) through the crack down their middle.
But more than anything, Ollam's lecture reminds me of the ground truth that anyone who learns lockpicking comes to: physical security is a predatory scam in which shoddy products are passed off onto naive consumers who have no idea how unfit for purpose they are.
When locksport began, locksmiths were outraged that their long-held "secret" ways of bypassing, tricking and confounding locks had entered the public domain — they accused the information security community of putting the public at risk by publishing the weaknesses in their products (infosec geeks also get accused of this every time they point out the weaknesses in digital products, of course).
But the reality is that "bad guys" know about (and exploit) these vulnerabilities already. The only people in the dark about them are the suckers who buy them and rely on them.
So when Ollam reveals that thousands of American cop cars, fleet cars, and taxis can all be unlocked and started using a shared key that you can literally buy for a few bucks at Home Depot, or that most elevators can be bypassed with a similarly widely available key, or that most file cabinets and other small locks can be opened with a third key, or that most digital entry systems can be bypassed in seconds with a paperclip (or another common physical key), he's doing important (and hilarious!) work.
He's such an engaging speaker and the subject matter is nothing short of fantastic. There are a hundred heist novels in this talk alone. It's definitely my must-watch for the week.
(via Four Short Links)