« Wizbang Tech PS3 Christmas Giveaway - Assignment #5 | Main | The Vista Era Begins »

Nearly Every Lock You Have Is Now Worthless

You may have seen some of the stories about there being lock picking or "Lock Bumping" videos all over YouTube and Google video. You have probably seen it framed as a debate over whether the videos should be allowed to remain on the internet.

That's the wrong way to frame the story. The important part of the story is that unless you are a locksmith -and a paranoid locksmith- the front door lock that you locked before you went to sleep last night is probably worthless.

Basically every door lock has the same type of lock:

keybumpcutaway.jpg

When you insert the key, the little groves (bittings) in the key raise the pins up a measured amount until they line up at the "shear line" and that allows the key to turn. If the pins are too high or too low, (ie: you have the wrong key) the cylinder will not turn.

Each bitting has 10 different potential depths (0-9) and a typical house key has 5 pins. This allows for 100,000 different key combinations. It's not perfect security, but odds are on your side. Or they were.

Lock bumping is a method that had been around for at least a decade or probably more but few people realized how easy or how powerful it was until recently. Once it became known it has been spreading like wildfire on the internet.

To bump a lock, all you need is a "bump key" and something to tap (bump) the key with. (a wooden spoon, the handle of a screwdriver etc) A bump key is simply a key cut so that every bitting is cut to the maximum depth. They can be cut by hand in 5 minutes or less and can used to open a door in seconds. (or you can just buy them on ebay) And you don't need a key blank to start from. Any key that fits thru the keyway can simply be re-cut to a 99999 cut. So if you have an extra key that will go into your neighbor's lock, you can start with that.

The way a bump key works is ingenious in its simplicity. You simply put the key almost all the way in the lock and bump it with something to tap the pins. Once you tap the lower pins, they act like a cue ball on a pool table. The lower pin hits the upper pin moving it up BUT the lower pin stays in the same place. (Damn you, Newton's Third Law)

While the upper pins are above the shear line, the cylinder can be turned.

And if you're thinking that you have "good locks" so it won't work on your house, let me burst your bubble. The more expensive and well made the lock, the better this attack works. On good locks, the pins move easier than on cheap lock and harder steel means the locks is less likely to be damaged while being bumped.

You can read the pdf whitepaper that started it all here and watch one of the better videos here.

Adding to the problem (as if we needed more bad news) is the fact that key bumping doesn't leave a trace and insurance companies are refusing to pay claims because they don't know if you just left the door unlocked. Not even the CSI guys can find who did it.

The question that hasn't been asked yet is what we're going to do now that nearly every lock in the world is worthless. It's a mind boggling question.

This is the first of a series of articles on Wizbang Tech about this story. In the days to come we'll have more information about this story and practical advice on how to secure your home, including a look at the few locks that are immune to this attack.

Update: If you're not concerned after reading this, you might want to spend 1 minute and 13 seconds to watch this:


And if anyone knows that kid's parents, you might want to drop them an email. (BTW- He flubs the URL, I link it above)

  • Currently 4.3/5
  • 1
  • 2
  • 3
  • 4
  • 5
Rating: 4.3/5 (3 votes cast)


Close

Email this entry to:


Your email address:


Message (optional):


TrackBack

Listed below are links to weblogs that reference Nearly Every Lock You Have Is Now Worthless:

» Business of Life linked with Every Lock You Have Is Worthless

Comments (30)

This is frightening. I hope... (Below threshold)
Red Five:

This is frightening. I hope that parts 2 thru X come soon.

Replace with combination lo... (Below threshold)

Replace with combination locks maybe?

Holy crap!... (Below threshold)

Holy crap!

You could always move to N.... (Below threshold)
John S:

You could always move to N.H. where we don't need to lock our doors.

When at home, after locking... (Below threshold)
Matt:

When at home, after locking the door, put a physical barrier to block it. THey make bars that go up under the door knob and lock into the floor, or something similar.

Alarm systems that Police/Security/neighbors will respond to when yo are not home.

Pack of ravenous dogs on the inside of the door.

This has been buzzing aroun... (Below threshold)
Arthur:

This has been buzzing around for a few months. I was disturbed, at first. I've reconsidered and think it's mostly a non-issue. Sure, a crook can break my door locks quickly with this technique. He can also do it with a hammer or crowbar! The only diff is that there's a small chance of insurance troubles.
But let's look at the way crooks work. Why would they bother with this complicated technique when they can do with brute force. Crooks aren't into elegant solutions. They just want to steal something so they can buy drugs!

If an experienced criminal ... (Below threshold)
Not Tony:

If an experienced criminal wants to get in your door, he'll get in.

The key then becomes convincing him to NOT want to get in your door.

Cheapest way to do that is an NRA sticker on your screen door. Even criminals perform cost/benefit analyses in their heads.

The difficulty with this is... (Below threshold)
jpm100:

The difficulty with this isn't about empowering people who Break and Enter already. It's that it empowers amateurs, teenagers, and people who were too chicken to draw attention by busting a door down and getting caught.

This is quiet and leave little to no trace if done right. So it also empowers people who want to enter while you are there or want to enter before you get there and wait for you.

I sure hope that the guy wh... (Below threshold)
USMC Pilot:

I sure hope that the guy who uses this to enter my home doen't have a gun. If he does I'll have to shoot him, but if he doesn't, I can try out my Samari sword.

I've recently biometric dea... (Below threshold)
_Mike_:

I've recently biometric deadbolts for as low as $200. I can't attest to how well the $200 versions currently work though.

..recently seen...... (Below threshold)
_Mike_:

..recently seen...

It's not that big of a deal... (Below threshold)

It's not that big of a deal. Even if they didn't have your key, they can knock a door in with surprising silence. Or enter through a window with complete silence if they have a glass cutter and some tape. If someone wants to get in your house, they can. It's best to accept that you can be burgled when not home, and to have a firearm handy in case you ARE home.

When my friends moved into ... (Below threshold)

When my friends moved into a new apartment I helped organize a locksmith to change the locks, and I found one that installed the latest Abloy lock. They're not impossible to pick, but very hard. They don't use the same type of pins - the key actually rotates pins to different angles, rather than pushing them. When it's time to replace my lock I'm going to get one of them too. They seem to "stick" less often than regular locks too, and there's a system which makes it difficult for others to make unauthorized copies.

How to prevent bump keys fr... (Below threshold)
Headzero:

How to prevent bump keys from functioning...

http://tinyurl.com/an2ny

in direct relation to 'my cold dead hands'

That's why I have a shotgun... (Below threshold)
Mitchell:

That's why I have a shotgun set to a trip wire at every door. And an old M16 in the bedroom.

I have a full set of bump k... (Below threshold)

I have a full set of bump keys that I bought for $25 online, and a set of Kwikset 5 and 6-pin bump keys that I made myself.

It really does work as easy as it looks. I can bump the 6-pin "high security" Kwikset MAX deadbolts I have installed on my house in 2-3 hits.

Considering that 90% of the houses in a middle-class suburb are either Kwikset or Schlage locks, it would be no challenge at all to walk into most of them.

It works with the same principle as those newton's cradles you see on people's desks. You could also say it's a cheap adaptation of the spring loaded "pick guns" that have been around for years. It's actually a very basic application of simple physics.

There are bump-proof locks out there, and bringing attention to the problem is the best way to bring about change. Don't go breaking into people's stuff ... but talking about it should work.

While not totally 'pick-pro... (Below threshold)

While not totally 'pick-proof', the Brahma locks out of the UK have proved to be very resistant. A discussion about picking it can be found here.

I don't worry too much abou... (Below threshold)
Baggi:

I don't worry too much about being burgled. My concern is that my wife is a stay at home mom with our children. If someone has to break in, it gives her warning, perhaps enough to save her from being raped.

If someone came waltzing in after having unlocked the door she might think it was me and relax. She might think it was a family member with a key. By the time she realizes its a rapist, or someone intent on hurting her or the children, it might be too late.

It's time to put in some dead bolts I think.

When he was a kid, my nephe... (Below threshold)
Jay:

When he was a kid, my nephew was interested in being a locksmith. His normal toddler interest in keys turned into an obsession.

In the early eighties I bought him a locksmithing/lockpicking book from Loompanics. This was the primary method discussed for picking what are the primary type of locks, however manual or sophisticated the tools used to do it.

The difference is the degree of dissemination and ease of availability of the information and tools, not the thing itself.

My dad's a locksmith. He a... (Below threshold)
jaboobie:

My dad's a locksmith. He always told me that locks are only good at keeping honest people honest. If someone really wants to steal your stuff, you'll be fighting an uphill battle and likely have to spend more than what the item is worth to get security.

Combination locks aren't mu... (Below threshold)

Combination locks aren't much help. I learned in junior high that if you kick one hard enough, it will open. Many a kid who forgot their locker combination did so with great results (we had to buy our own locks, so they weren't the crappy built-in locks like high school).

ADT and similar security se... (Below threshold)
Joshua:

ADT and similar security services are ubiquitous in my neighborhood so opening a locked door isn't game-set-match for thieves and vandals, necessarily.

Well ok, cool or not so. Bu... (Below threshold)
JohnMc:

Well ok, cool or not so. But quite honestly the best solution is a 1 face interior dead bolt lock on all exterior facing doors. Our home has 2 doors and each has a dead bolt. Those are turned every night before we go to bed. With no key entry bumping does not help.

Sure it does not solve the problem of when you are away. But its better than nothing.

At home, buy and use a hand... (Below threshold)
MunDane:

At home, buy and use a hand set deadbolt. The kind you set inside. They want in, they are now breaking to door down. Solves that problem

Hi. I'm Jay's nephew. This ... (Below threshold)
Ryun:

Hi. I'm Jay's nephew. This whole bump key thing isn't any surprise. After all, I learned how to re-key Chevy ignition lock cylinders just by tinkering with them. The only guide I had was the lockpicking book from Jay and a book on locksmithing that I bought at a local bookstore. This makes me wonder if it would be practical to make household locks that employ a wafer tumbler system instead of a pin. I don't know because I've never seen it, but how good are bump keys for cars?

I have an alarm and a very ... (Below threshold)

I have an alarm and a very good deterrent. She has four legs and very big teeth. When I'm home, she's simply a backup for the doorbell in case it doesn't work.

That is one funny video.</p... (Below threshold)
iceman:

That is one funny video.

Re: house and car protection.

You don't actually need a dog. A "beware of the dog" sign will do. To enhance it you can get a gigantic bowl for the doggie and a big chain. Some people actually put the dog food in bowl during the day and leave it out in the yard or in the window when they go to work. You can use the same food everyday by freezing it at night. Or you can get some plastic food or plastic dog turds from the novelty store.

I used to work with "troubled youth" and one week we hosted some thieves and so I quizzed them on their methods.

"We look for the houses on garbage day that have not taken the cans in. then we break the bathroom window, it is quieter" Would you go into a house with a big dog food bowl and chain in the back yard if you could not see the dog? "No fucking way man, we hate dogs"

For condos or places where dogs are not allowed buy used set of size 16 work boots and cover them with mud and place them outside the door.

A sign, "do not ring bell night shift worker sleeping" will enhance it.

To protect your car you can put a sign in the window, "Caution: Live Snakes, please do not disturb the snakes. For more information www.snakes.com

My car was the only car in Philadelphia to have such a sign and was the only car in Philly not to be broken into, alarms meant nothing. I enhanced it with a snake tent, my real dog's blanket and a bowl of water and bowl of dog food. I would not use the car for a week at a time and normally our cars would be broken into every 6 months. After the sign....people would apologize to me for their kid's basketball that hit the car, "um the snakes won't come out will they?"

the funniest was when I got stopped by a traffic cop for an expired inspection sticker, it took me a moment or two to realize why he was standing 6 feet away from my window.....snakes in a motherfucking car.

I use the sign for my trips to nyc or any city, i live in the suburbs now where the biggest problems is the neighbor stealing out reflectors in the driveway.

Maybe its worthwhile to upg... (Below threshold)
Paul:

Maybe its worthwhile to upgrade to digital locks. They can be hacked, but it would take laptops, research, and other exp tools unlike old tradtional locks. The one I use is the Mykey, I got it from http://www.cydus-solutions.com

There are about 10 differen... (Below threshold)
Bill:

There are about 10 different keys that will open about 90% of the locksets made on the market now. I see all manufactures coming out in the near future with bump proof lock cylinders. We are a supplier of Medeco locks. we have over 7,000 customers on these systems now for security and key control. These locks are "bump Proof" due to elevation and rotation. we have sold these locksets, deadbolts, and cylinders for over 34 years. The deadbolts resist 1,000 lbs of force entry and they also have jimmy proof deadbolts also. A lot of folks say "well if they want in they will get in" The truth is, by interviews, criminals would rather go to the house next door than try to get threw these types of locks, not saying it can't be done, but it won't happen really fast. I know because the police had to use their battering ram more that once to open a customers door and it was a wood frame and wood door. This issue about these keys are now becoming more widely known, thus "Wisdom is Good". Go to our site and there is information about these locks, whomever you buy these from, make sure it is installed to the letter...hope this helps out.

Until they make bump-proof ... (Below threshold)
Duh:

Until they make bump-proof window glass, this whole discussion is kinda moot. I like the "mess with their mind" suggestions, like the NRA signs, sleeping worker signs, etc. Maybe a sign about biohazards or quarantine would work. This assumes that the burglar can read, of course, so the big dog bowl and big chain is probably pretty good.




Advertisments







Archives

Categories