It's all Newton's fault
January 4, 2006 2:11 PM   Subscribe

Lock bumping (pdf). They make it look (63.5 Mb wmv) pretty easy. (via)
posted by sp dinsmoor (24 comments total) 2 users marked this as a favorite
[this is good]
posted by Rothko at 2:26 PM on January 4, 2006

I think Michael saw it on Dave Farber's IP list. Crypto dude and infamous anti-lock expert Matt Blaze had this to say about bumpkeys:
The main advantage to the attacker of the bump key technique
over a pick gun is that it requires no special (or suspicious)
tools: just an ordinary key and a hammer or screwdriver. It also
appears to be a bit easier to master, and bump keys can be
fabricated even for locks that conventional pick guns don't easily
fit (such as dimple key locks). The main disadvantage to
the attacker is that it requires having a separate bump key
(and obtaining a key blank) for each brand of lock.

Is it the end of the world for the many pin tumbler lock
designs that are susceptible to the technique? Well,
that coffin should have quite a few nails in it already, yet
these locks continue to dominate the market in the US and many
other countries. The primary significance of the technique
is that it lowers the bar against many "high security" products
that are widely though to be much more resistant to attack
than they actually are.
For an interesting story of Matt's previous run-in with the locksmith industry, see here.
posted by allan at 2:27 PM on January 4, 2006

Of course, if you'd called it lock picking, I would have waited until I got home to check this out.
posted by boo_radley at 2:28 PM on January 4, 2006

Lock bumping is a specific technique, and is not very new. Tho these links are interesting.
posted by MrBobaFett at 2:52 PM on January 4, 2006

I thought it was some new hair dance.
posted by HTuttle at 2:56 PM on January 4, 2006

I clicked at work (after-hours, mind you) and got - Forbidden: Criminal Skills.
posted by WhiskeyTangoFoxtrot at 3:36 PM on January 4, 2006

I work in a hardware store, and I can tell you what my project for tomorrow is. In the southern US you could open 90% of doors with only 4 bumpkeys. As long as you stay away from those wicked Medico locks, you should be okay. This is one of those things that I am going to waste a lot of time on, but I will never have the eggs to put into practice.
posted by SkinnerSan at 4:03 PM on January 4, 2006

I seem to remember a breakdance troupe in Brooklyn called the Lock Bumpers back around, oh, 1982.

Come to think of it, they did have an endless supply of linoleum to dance on, and were pretty evasive when it came to saying where they got it from.
posted by Astro Zombie at 4:20 PM on January 4, 2006

These guys act like they've done us a solid instead of advancing, in an academic fashion, crimimal knowlege.


now i'm going to try it, of course.
posted by recurve at 4:30 PM on January 4, 2006

Good thing only smart, intelligent and ethical people venture on the internet to find this type of material!

Er... oh crap..
posted by MJ6 at 4:50 PM on January 4, 2006

Locks have always been there just to keep honest people honest. Even if you have the most secure lock in the world, it doesn't stop someone from breaking a window and climbing in. It's that whole weakest-link thing, locks are just one link in the chain that is home security. One could also kick the door in, crawl in through the dog door or if they really want to get in, and have enough time, they could just saw a hole in the wall, or drive a car through the garage door if they don't mind making some noise. I don't pretend that the lock on my door is going to keep someone out who wants to get in, it's just a question of how hard I want to make it for them, and how much I'm willing to spend doing so.

Since I'm not willing to upgrade all my glass windows to lexan, get rid of the doggie door and install steel door frames, it doesn't make much sense to bother with locks that can't be picked. Most run of the mill thieves probably don't pick locks anyway, they just look for an unlocked door or window, or if there are none, break a window.
posted by darkness at 4:54 PM on January 4, 2006

They should keep the vulnerabilities of the system secret. That is what has kept Windows, Deibold voting machines, and Americas airports and aircraft secure....oh wait!!
posted by Megafly at 4:57 PM on January 4, 2006

darkness: Right on.
posted by Freen at 5:15 PM on January 4, 2006

I seem to remember a breakdance troupe in Brooklyn called the Lock Bumpers back around, oh, 1982.

It's too bad they didn't call this lockpicking method Lock Popping...
posted by Debaser626 at 5:30 PM on January 4, 2006

Yeah, it's always very easy to break in to your home through your windows anyways, unless you don't want to leave signs of entry. Burglars don't care about that and just about anyone who does is probably going to be determined enough to pick just about any lock.
That said, in Finland the standard of locks for decades have been the Abloy Rotary disc locks. Even the old Abloy Classic locks cannot be opened with this technique (nor with many others), not to mention the newer locks. And it's not because we're particularly securityminded or anything, it's just that the the rotating disc lock is inherently lot safer and it has just happened to become the standard here.
posted by fred_ashmore at 6:02 PM on January 4, 2006

Debaser626, there really ought to have been some sort of retinal burnout warning on that link. I'll be seeing a green afterimage all night now...

posted by Zinger at 6:06 PM on January 4, 2006

sneering at home security in a thread like this with your lat/long posted a link away? even 7 out of my 9 doberman pinschers think that's dumn, and the HSS panel supercomputer protector bot avatar looks aghast.
now, off to learn a new useless skill! it'll go well with bow-hunting and Olympic diving.
I'm putting the u-lock on the bike tonight anyway, so don't get any ideas.
posted by carsonb at 7:11 PM on January 4, 2006

No wonder my Everquest rogue never gets any buisiness anymore...
posted by Balisong at 7:42 PM on January 4, 2006

Having personally seen Barry "The Key" Wels speak for a lock picking panel at 2600 Magazine's H2K2 and Fifth HOPE conferences, I must say, the man has some serious skills.

Also, I witnessed someone who had never used a bump key in his life repeatedly open a standard 5 pin lock.

That said, fred_ashmore is right, there are far easier ways to gain entry, and this is practically a sport for members of TOOOL.

It might be might be a little tough without the visuals, but audio of his talks can be found here, here and here.
posted by triptychrecords at 8:23 PM on January 4, 2006

Oportunistic burglars ( I think the stats say these are neighborhood teen to 24 year old males ) would look for an open window or door, and if it's not there they'd go away. My experience from working security at an apartment complex is that real burglars just kick the door really hard.
posted by BrotherCaine at 3:26 AM on January 5, 2006

Would go a long way towards explaining why all of the rooms in buildings on campus (using master keys, meaning one blank would fit every lock in the building) keep getting opened with no sign of forced entry.

Of course, we know that master key systems are inherently insecure anyway (pdf).
posted by caution live frogs at 6:29 AM on January 5, 2006

The bump key technique was first introduced to a wider audience at the 21C3 (21st Chaos Communication Congress), held Dec 27-29 2004 in Berlin.

This year's event, 22C3, was a blast too, with four days packed with four parallel tracks of talks. I can highly recommend it.

In 2004 Barry "The Key" Wels made everybody in the 1000+ member audience go "Oh, shit." at some point in his talk, while opening about all locks currently in use, sometimes literally within seconds. Very impressive. And the Todesmagnete he used in another demonstration still get talked about.
posted by LanTao at 10:41 AM on January 5, 2006

Germans are cool!

Toool dude: "It works the same way, but you need a special machine to cut the keys."

Interviewer: "Then you go to a locksmith?"

Toool dude: "Or you buy a machine, depending on your needs."

(From the linked wmv.)
posted by uncanny hengeman at 6:52 PM on January 5, 2006

Er, I meant Dutch people are cool.

(Had a sinking feeling 1 millisecond after hitting 'Post Comment'... what if that wasn't German TV?)
posted by uncanny hengeman at 7:17 PM on January 5, 2006

« Older Steampunk Lives   |   Sharon suffers major stroke Newer »

This thread has been archived and is closed to new comments