Now here’s something real to keep you awake at night. Just about any tumbler lock can be defeated with a worn down key and a couple of light taps by the average person with no special training. Watch and be horrified:
The really scary part is that this isn’t anything new. It’s been known about for quite some time, but hadn’t really been much of a problem until recently. There’s an excellent article about bump keying at Engadget that goes into detail on the theory behind it and the security threat it poses. Here’s a small excerpt:
Security against covert entry can be measured by what I refer to as the 3T-2R rule. All locks can be gauged by this standard, and all standards organization, UL included, essentially employ the same formula. Simply stated, it relates to the amount of time, the sophistication of the tools and the amount of training that is required to open the lock. Then, the reliability and repeatability of the process must be assured. The lower the requirements for the 3Ts, then the greater the threat to security. The problem is compounded if the reliability and repeatability of the process of compromising the lock is relatively high.
Bumping poses a serious security threat because the training to bump open a lock is minimal to non-existent. This was evidenced by three separate experiences that I had: a reporter that interviewed me in a recent television story, a correspondent for Newsweek, and the eleven year old at DEFCON were all shown the basic technique of bumping, and within a couple of minutes each was able to open five and six pin cylinders. The tools required are readily available. I have opened thousands of locks using screwdriver handles, a plastic mallet, and even wooden sticks.
Fortunately this flaw isn’t universal and there will soon be a Part 2 to the article at Engadget that will discuss which locks are and aren’t secure against bump keying. I’ll probably post a link to it once it’s available.