At this year's Defcon Lock Picking Village, Ioactive's Mike Davis will present a method for cracking high-security locks made by Dormakaba Holding, a Swiss company. The locks are used in very high-stake applications, from security ATMs to Air Force One, as well as guarding classified and sensitive materials on US military bases. Read the rest
Deviant Ollam runs a physical security penetration testing company called The Core Group; in a flat-out amazing, riveting presentation from the 2017 Wild West Hackin' Fest, Ollam -- a master lockpicker -- describes how lockpicking is a last resort for the desperate, while the wily and knowledgeable gain access by attacking doors and locks with tools that quickly and undetectably open them. Read the rest
Fingerprint locks are catastrophically awful, part LXVII: the software security on the crowdfunded Tapplock "is basically nonexistent" -- the lock broadcasts its own unlock code over Bluetooth, and if you send it back to the lock, it pops open. Read the rest
The Vingcard Vision locks are RFID-based hotel locks; at this week's Infiltrate conference in Miami, Tomi Tuominen and Timo Hirvonen from F-Secure will present a method for combining a $300 Proxmark RFID tool with any discarded key from a given hotel to derive the master keys that allow them to unlock every room in the hotel, a process that takes less than 60 seconds. Read the rest
Sparrows Lockpicks (previously) has just released an extremely clever practice lock called "The Revolver" that makes four locks out of a single core: "Pinning configuration starts with Standard pins at 12 o'clock (Marked with a small arrow) and then moves clockwise to Spool, Serrated and finally Mushroom pins. The end result is a lock that gets progressively harder to pick open." Read the rest
It's been nearly a decade since the first proof-of-concept demos showing that keys could be reproduced on 3D printers from distant, angled photos surfaced, and six years since the first parametric Openscad models that could turn easy key-measurements into working house-keys appeared. Read the rest
Snap a picture of a key and Key Me will turn it into a working metal key: just a reminder that locks probably aren't as secure you imagine. (via Schneier) Read the rest
SOG make excellent knives: I know because I had many of them confiscated by the nascent TSA in the early days of the Global War on Terror, that liminal moment when I was still kidding myself that I would remember to empty my pockets of useful tools before boarding a flight. Read the rest
Michael from Sparrows Lockpicks (previously) writes, "I am releasing the Gridlock today, a automotive lock teaching tool." Read the rest
Today, organizations like The Open Organisation of Lockpickers Worldwide support locksport with tools, educational materials, training and organized events, but in the Victorian era, locksmiths competed at expositions to show off their talents and show off the weaknesses of their competitors' wares. Read the rest
All over the world, couples have caught a memetic virus that causes them to festoon fences, trees, railings and other objects with padlocks that represent the love between them. Read the rest
If you've ever locked yourself out of your home and googled for a locksmith, you've seen that it's virtually impossible to reach a real local locksmith. Read the rest
Canadian locksport supplier Sparrows makes some of the best advanced picks in the world, but they're also the rank beginner's best friend. Read the rest
Watch this video on The Scene.
The TSA mandates that all checked luggage must be locked with a deliberately flawed lock that can be opened with one of a handful of skeleton keys that are supposed to be kept secret. It's been more than a year since the TSA allowed a newspaper photographer to print a high-rez photo of its universal luggage-lock keys, allowing any moderately skilled locksmith to create her own set. Ars Technica downloaded a set of key STL files from Github, printed them on a consumer 3D printer, and showed that they could gain entry to any luggage.
It's a model for what happens with any kind of law-enforcement/public safety back door: the universal keys leak and there's no way to re-key all those locks out there in the field. The FBI and UK security services are calling for backdoors in all crypto -- the code we use to protect everything from pacemakers to bank accounts. This is as neat an illustration of why that's a bad idea as you could ask for. Read the rest
The image above, published in 2014 in this Herald.net story and credited to The Washington Post, showed the keying patterns for all of the TSA-complaint "Travel Sentry" luggage locks. Read the rest
High-end locks rely on their unique key-shapes to prevent "bumping" (opening a lock by inserting a key-blank and hitting it with a hammer, causing the pins to fly up), but you can make a template for a bump key by photographing the keyhole and modelling it in software. Read the rest
