You may have seen some of the stories about there being lock picking or "Lock Bumping" videos all over YouTube and Google video. You have probably seen it framed as a debate over whether the videos should be allowed to remain on the internet.
That's the wrong way to frame the story. The important part of the story is that unless you are a locksmith -and a paranoid locksmith- the front door lock that you locked before you went to sleep last night is probably worthless.
Basically every door lock has the same type of lock:
When you insert the key, the little groves (bittings) in the key raise the pins up a measured amount until they line up at the "shear line" and that allows the key to turn. If the pins are too high or too low, (ie: you have the wrong key) the cylinder will not turn.
Each bitting has 10 different potential depths (0-9) and a typical house key has 5 pins. This allows for 100,000 different key combinations. It's not perfect security, but odds are on your side. Or they were.
Lock bumping is a method that had been around for at least a decade or probably more but few people realized how easy or how powerful it was until recently. Once it became known it has been spreading like wildfire on the internet.
To bump a lock, all you need is a "bump key" and something to tap (bump) the key with. (a wooden spoon, the handle of a screwdriver etc) A bump key is simply a key cut so that every bitting is cut to the maximum depth. They can be cut by hand in 5 minutes or less and can used to open a door in seconds. (or you can just buy them on ebay) And you don't need a key blank to start from. Any key that fits thru the keyway can simply be re-cut to a 99999 cut. So if you have an extra key that will go into your neighbor's lock, you can start with that.
The way a bump key works is ingenious in its simplicity. You simply put the key almost all the way in the lock and bump it with something to tap the pins. Once you tap the lower pins, they act like a cue ball on a pool table. The lower pin hits the upper pin moving it up BUT the lower pin stays in the same place. (Damn you, Newton's Third Law)
While the upper pins are above the shear line, the cylinder can be turned.
And if you're thinking that you have "good locks" so it won't work on your house, let me burst your bubble. The more expensive and well made the lock, the better this attack works. On good locks, the pins move easier than on cheap lock and harder steel means the locks is less likely to be damaged while being bumped.
Adding to the problem (as if we needed more bad news) is the fact that key bumping doesn't leave a trace and insurance companies are refusing to pay claims because they don't know if you just left the door unlocked. Not even the CSI guys can find who did it.
The question that hasn't been asked yet is what we're going to do now that nearly every lock in the world is worthless. It's a mind boggling question.
This is the first of a series of articles on Wizbang Tech about this story. In the days to come we'll have more information about this story and practical advice on how to secure your home, including a look at the few locks that are immune to this attack.
Update: If you're not concerned after reading this, you might want to spend 1 minute and 13 seconds to watch this:
And if anyone knows that kid's parents, you might want to drop them an email. (BTW- He flubs the URL, I link it above)