Slashdot Mirror
Kensington Laptop Locks Not So Secure
eric434 writes "According to a security alert released by Security.Org, the Kensington laptop lock that many of us use and love isn't secure. In fact, it can be opened in 30 seconds after about a minute of practice with a $1 worth of equipment. (A Bic pen, and a pair of scissors. In the interest of giving people some time to stop using the locks, the actual method of opening the lock is left up to the reader.)
To make matters worse, Kensington's 'We'll give you $1500 if someone steals your laptop' guarantee doesn't apply -- because the process of opening the lock doesn't damage the lock or cable." Mind the source, though -- security.org wouldn't mind selling you a book on locks and safes.
well. . I mean I guess it wouldnt matter to me wheather it was a len or a wire cutter. 1500 dollers might cover a good portion of the hardware costs, but usually the information on the drive itself is far more sensitive. What they need is a lock that causes the computer to self distruct.=) it not only protects the programmer, but teaches the thief a good lesson!
How Now Brown Cow
Thing was so insecure that I was playing with it in the airport on a business trip one day and I realized all I had to do was to push the pin inwards and it immediately came off.
I had one of these and they're a waste of $70.
Here's another good one: pick the thing up very very slowly, so it doesn't start screaming, lift it about 10" off the table, then slam it flat on the table, battery down, as hard as you can. The motion sensor will be busted right out and the thing won't peep a sound. If, by some misfortune, it does start beeping, press your thumb real hard against the hole underneath, where the piezo is, to silence it.
These things are crap, honestly. Stay away from it...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
This reminds me of one of my favourite pieces of Australian TV.
I'm sure you are all familiar with steering wheel locks, the most well known in Australia is called a Club Lock.
A magazine called "Choice", which reviews and tests products, reviewed all available steering wheel locks and claimed that the Club Lock could be defeated in less than 30 seconds by someone with no experience at car theft.
The manufacturer responded by modifying and improving the lock mechanism, but the magazine repeated their claim that it could be defeated easily.
This went on for about 4 generations of Club Lock and saw the introduction of a "star shaped" key to making picking the locks "impossible", as well as other developments. But Choice maintained that the Club Lock had not been fixed and anyone could defeat it in under a minute.
A local TV current affairs show filmed a carpark showdown between the manufacturer of the Club Lock and a reporter from the magazine, as the manufacturer prepared to release their latest model and the magazine claimed it would be able to defeat it in less than 30 seconds.
They were screaming at each other in a car park and honestly looked like they were going to hit each other. The manufacturer claimed (in near hysteria) that it was impossible for someone to pick their locks, and that the magazines claims were wrong. The magazine denied this, and so were challenged to demonstrate their claim on TV.
A brand new model Club Lock was placed on a car steering wheel.
The magazine reporter got in the car, grabbed it, and gave it a good hard yank, and it came off easily.
The manufacturer went very very quiet.
The funny thing about this - and the reason I remember it - was that the people who made Club Locks never asked the magazine HOW they'd been defeating their product. They all assumed that the locks had been picked. Practically all the improvements they made to the product over 4 years were in improving the lock mechanism. They never expected that the piece of metal which hooks around the steering wheel was so weak it could be easily bent. They shouldv'e thought laterally.
Anyway it was very funny. Trust me, I still remember it and it was about 15 years ago.
Putting syrup in coffee is some form of blasphemy.
I've worked with steel wire a bit in the past doing chainmail for SCA stuff. Graduated into chainmail jeweler, then just plain jeweler.
:) The tool *is* available, you can probably find it for under $20. Most every hardware store will have one. They're used in construction to do exactly what the name implies; cut bolts :)
The particular wire they use is a strandad high tensile strength steel. The individual strands are probably 12-16 guage, the cable as a whole cladding included might be 4 guage.
To cut 16 guage half-soft steel wire takes a medium sized pair of bolt cutters and a lot of elbow grease. You could PROBABLY worry the cable through with those, but because you can't close the jaws on each individual strand, it's going to be more of a sawing motion.
To get through that cable you'll need a pair of bolt cutters whose jaws are large enough that the entire cable fits between them with no more than a 15-20 degree angle. And the leverage is going to be immense; 2-3 feet at least.
Not exactly a tool you could fit in your pocket
I am disrespectful to dirt! Can you see that I am serious?!
From the Kensington product description page linked in the article:
... ...
D. The laptop was stolen by any means other than violating or breaking the Kensington brand Guaranteed Notebook Replacement MicroSaver Lock.
Guarantees replacement of any locked laptop that's stolen
Sounds pretty specific, huh? ANY locked laptop that's stolen... Which is quite different than what it says when you click the warranty link on the page...
If theft of your laptop computer results from the Kensington Guaranteed Notebook Replacement MicroSaver computer lock being broken or opened by forceful means Kensington Technology Group will pay you the replacement value of your laptop up to US $1,500.00.
It goes on to say:
Kensington Technology Group will NOT be liable if the theft occurred because:
Now... that seems pretty vague to me. Are they talking specifically about the locking device? Or are they talking about the entire thing and calling it the Guaranteed Notebook Replacement MicroSaver Lock because that's the name of the product? Vague vague vague...
sig.
In the Summer 2004 issue of 2600 Magazine there is an article on lock picking with less common types of picks. They talk about how to pick a lock with a pen, bobbe pin, sciccors, and everyones favorite the paperclip.
I knew a radio operator that had an amplifier that used a seprate 1500 volt power supply. The vehicle was locked and the equipment was properly marked Danger High Voltage and Lock out remote power supply before servicing. Because it was properly marked and locked, the judge threw out the manslaughter case against the amature radio operator by the family of the deceased.
You shouldn't try cutting 1.5KV cables with a pocketknife when the supply is still on.
It's not as bad in my car. The Hybrid battery is only 264 volts nominal and the 1KW inverter is 120 volts. I don't recommend messing with either while the power is on. The inverter is on most of the time. I plug the computer into it to charge batteries while on the road. I seldom bother to shut it off since its nominal unloaded draw is just a few mA.
The truth shall set you free!
I have played with one of these locks, and they are not made well. I assume the guts of them are not machined to very close tolerances. Locks that are not machined well are vulnerable to picking much easier.
If you look at the lock, you'll see a center thing that rotates. Open the scissors slightly, put one end into the notch on the center thingy, and the other end somewhere into the circular groove surrounding the center. Inside the groove are tiny pins... Apply a slight turning force on the scissors, and then use the Bic pen to poke each pin until they snap into place. You may have to poke each one multiple times because only one will be able to fall into place at a time, and you won't know which one because each lock has different tolerances due to they quality of manufacturing.
You can actually buy devices that do this all for you through lockpicking sites. However, I think the kensington lock is a bit smaller, and the commercial ones probably will not fit.
In any case, the lock is still a deterrent. I used to work in downtown minneapolis. Around christmas time, laptop thefts in our office would go up dramatically. Theives would get dressed up, and walk into the office like they were supposed to be there, and then just grab one and leave. Because there were people everywhere, spending 30 seconds doing something shady to a laptop lock is probably not something they would want to do. Especially since there were plenty of non-locked machines laying around.
Need Free Juniper/NetScreen Support? JuniperForum
Combination locks are usually just as easy. It took me a couple of hours to work out how to open these Targus Defcon CL locks, but now I can do it in under a minute, with no tools, and find the combination. Or, I can find a digit in 15 seconds and come back later.
These days I get emails in my work when people forget the combination on their locks to come and remove them. It's really easy, and I think if everyone knew it would be barely worthwhile using them.