Wed, 10 May 2006
Lock bumping
I always enjoyed reading Surely You're Joking, Mr. Feynman!, including the part about Feynman's hobby of lock-picking. As with computer security, I believe that for any massively deployed security technology (including the locks), security-through-obscurity is not a way to go, because the black hats have a big headstart there. Today a friend of mine sent me an interesting set of links about a new (or maybe not so new?) lock-picking technique, called lock bumping.
Firstly, here is a video from some Dutch TV, describing the lock bumping, and then there is a paper on lock bumping (PDF), written by people from Toool - The Open Organization Of Lock Pickers. The method itself is pretty interesting - it needs just a regular key with the deepest possible set of cuts.
I wonder whether the lock in my house is vulnerable to this attack - it is not listed by Toool as vulnerable, but who knows? I want to try this myself, but I am short of time these days ...
Anyway, this paper reminds me of the "Master Keyed Lock Vulnerability" paper, and I think the full disclosure is slowly taking off even in this area, which is a good news.