Stupid Evil Bastard: “Bump keying” can open most any tumbler lock.

“Bump keying” can open most any tumbler lock.

Posted by Les on Thursday, August 24, 2006 at 03:08 PM. Read 1917 times. Tags: technology

Now here’s something real to keep you awake at night. Just about any tumbler lock can be defeated with a worn down key and a couple of light taps by the average person with no special training. Watch and be horrified:

The really scary part is that this isn’t anything new. It’s been known about for quite some time, but hadn’t really been much of a problem until recently. There’s an excellent article about bump keying at Engadget that goes into detail on the theory behind it and the security threat it poses. Here’s a small excerpt:

Security against covert entry can be measured by what I refer to as the 3T-2R rule. All locks can be gauged by this standard, and all standards organization, UL included, essentially employ the same formula. Simply stated, it relates to the amount of time, the sophistication of the tools and the amount of training that is required to open the lock. Then, the reliability and repeatability of the process must be assured. The lower the requirements for the 3Ts, then the greater the threat to security. The problem is compounded if the reliability and repeatability of the process of compromising the lock is relatively high.

Bumping poses a serious security threat because the training to bump open a lock is minimal to non-existent. This was evidenced by three separate experiences that I had: a reporter that interviewed me in a recent television story, a correspondent for Newsweek, and the eleven year old at DEFCON were all shown the basic technique of bumping, and within a couple of minutes each was able to open five and six pin cylinders. The tools required are readily available. I have opened thousands of locks using screwdriver handles, a plastic mallet, and even wooden sticks.

Fortunately this flaw isn’t universal and there will soon be a Part 2 to the article at Engadget that will discuss which locks are and aren’t secure against bump keying. I’ll probably post a link to it once it’s available.

Permalink · 6 Comments · · · · · · · · · ·

Comments:

Page 1 of 1 pages

E.T

Posted on 08/24/2006 at 04:26 PM

Well, it should have been clear for long that those tumbler pin locks have never been secure…

But no problem here in Finland, in all my life I’ve never seen such lock used in anything more “important than toy” because Abloy has been making more secure locks for nearly hundred years.
(and those stay operational for decades despite of hars climate)

http://www.digg.com/mods/Simple_Key_Mod_Makes_Most_All_Current_Locks_Obsolete

LuckyJohn19

Posted on 08/24/2006 at 06:08 PM

I’ve never been mechanical - mechanics are like the gods to me, all holding secrets and mysteries - just like coincidences.
A mate sent me this overnight. Wooo.

Signature

I’ve discovered that it all boils down to brain wiring: your brain is wired to worship magic or it isn’t, either it’s wired to utilize logic or it isn’t, either it’s analytical of myths or it isn’t.

Moloch

Posted on 08/24/2006 at 08:19 PM

I have access to a key cutter, and an array of blank keys.

Malicious thoughts abound....

Signature

Beware the beast man, for he is the Devil’s pawn. Alone among God’s primates, he kills for sport or lust or greed. Yea, he will murder his brother to possess his brother’s land. Let him not breed in great numbers, for he will make a desert of his home, and yours. Shun him, for he is the harbinger of death.

Frac

Posted on 08/24/2006 at 10:33 PM

Locks always have been for honest people. There is an interesting technique for creating a “master key” too.

It needs one key for each tumbler (key tooth), a known key, and a file. You start with the known key (like a key that opens just one office where the master would open them all).

Cut a duplicate of it, except make the only last “tooth” full-height. Cut another duplicate, making the only second-to-last full height. You end up with, say, seven different keys each with one “tooth” full height but otherwise matching the original.

Take the first key, try the lock. If it opens, you know the last tooth on the master is full height. If it doesn’t work, file the long tooth down just a bit and try again. Make sure you “skip” the tooth size that matches the original key… you already know that tooth spot is for the original key, not the master.

Repeat this process for your set of keys. Once done, your master key can be cut using the tooth-height from each duplicate that you were filing down.

With practice, you know how much to file each time and the whole process doesn’t take more that about five minutes.

This works because these simple “locks with master key” have two shear lines for each tumbler instead of one. (Shear line picture)

Signature

Nihil curo de ista tua stulta superstitione.

jeffercine

Posted on 08/30/2006 at 03:13 PM

in my younger days of repo-ing cars, i learned a few tricks of the trade. one trick with 80’s ford’s was you could take a blank ford key, blacken it with a lighter, instert it in the keyhole, and wiggle it around. the tumbler would leave a mark at each spot. you file it down a bit and repeat the process on each tumbler section until no more marks were made in those spots. also, even though a fords were double-sided, only one side was needed in order to turn the key. so instead of breaking the lock out, you could just make a key!

good times. good times. that is until i had a gun pointed at me and was told i wasn’t repoing their car. i quit that day.

Signature