Slashdot Mirror
Kryptonite U-Lock Security Flaw
An anonymous reader writes "Once upon a time, a magic marker was able to defeat the Key2Audio copy protection scheme of older Sony CDs. Now, it has been shown that a Bic pen can easily open several models of Kryptonite U-locks. Please patch your systems, or install a tracking device on your bikes!"
Sound familiar?
From their home page:
"Canton, MA September 17, 2004 - Kryptonite today announced it will provide free product upgrades for certain locks purchased since September 2002, in response to consumer concerns about tubular cylinder lock technology. Consumers can visit the company's Website (www.kryptonitelock.com) on Wednesday afternoon, September 22, 2004, to learn how they can participate in the security upgrade program."
It could be worse, it could be Monday.
First I thought this story was a dupe, then I realized I was just remembering videos and comments from a previous discussion in the "Steel Bolt Hacking" story.
Lockpick Video one
Lockpick Video two
Lockpick Video three
Lockpick Video four
Lockpick Video five
python -c "x='python -c %sx=%s; print x%%(chr(34),repr(x),chr(34))%s'; print x%(chr(34),repr(x),chr(34))"
I tried it out with my own lock. 30 seconds and it was open. I called the Kryptonite company. At the time they were aware of the problem and are rushing their next generation of cylinders into production.
Interestingly enough, the problem was first reported in Britain in 1992. But it didn't go anywhere. Hurray for the age of fast information dissemination. And fast technology transfer to the bad guys.
The man who never alters his opinion is like the stagnant water and breeds Reptiles of the Mind -- William Blake
This is a flaw in the barrel style key system. I'm hardly a locksmith, but I've tried this on several of my locks and others just to prove the point, and the majority are not kryptonite locks. All of them have opened without more than 30 seconds of effort.
The sick part is the problem has been well known to manufacturers since 1992, and nothing has been done about it.
"Quando Omni Flunkus Moritati" -- Red Green
Actually, the standard u-lock portion of the New York Lock is suceptible to this attack. Fortunately alot of messengers ditch that part and instead use normal flat-keyed padlocks.
Regardless, the worst part of this vulnerability is that it apparently even works against a number of the higher end, $80+ Kryptonite u-lock models. So it's just not a matter of cheap locks.
I would never lock up my 1k+ bike anymore; if it is outside my house I am within arms length of it. I even use sturdy locks on my junk-built singlespeeds, after one of them got stolen.
Tubular locks are usually designed so you have to turn it at least a quarter turn to open it, which would involve picking the lock several times. The Kryptonite they show releases the shackle in an intermediate position -- bad design there. A real tubular lock pick should open those locks; a simple plastic cylinder of the right diameter should not.
[blue] - The Ministry of Information approved this message...
Kryptonite today announced it will provide free product upgrades
From what I have read, the upgrade will replace the lock core with one of a smaller diameter. This isn't really a long term fix - someone will probably discover a different brand of pen that will open the new locks as well.
I have tried the Bic pen on my own Krypto lock - and it's really easy. The strange thing is, this isn't some design flaw with the lock. Everyone (hopefully) knows that all locks can be picked. But, it should be hard, requiring specialized tools and some skill. The Bic pen seems to have just the right magical combination of size, and balance of hard/soft plastic, that it makes an astonishingly effective lock pick. After opening my lock, the pen barrel had divots in it from the pins that looked just like my key. The plastic seems hard enough to push the pins down until they set, but then soft enough to hold the pin in that position.
Also, this isn't exactly breaking news.
Still the best way to beat a U-lock. Aside from a lock with insurance and good documentation there isn't final protection. This as been true since the 80's.
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
caveat - IANAL, but I'm reasonably clued up on consumer law
In the UK, the 1979 Sale of Goods Act says that items must be of 'Fit for Purpose' & 'Of Merchantable Quality' (ie it does what it's meant to without breaking). Your contract is with the shop not the end manufacturer, so you are entitled to walk into wherever you purchased it and demand a replacement or your money back. You needn't get fobbed off with claims such as 'take it up with the manufacturer' as your contract's with the shop. Kryponite can't even put a time limit on it as a lock that's opened using a biro's clearly not 'Fit for Purpose'. Any shop that doesn't comply can be reported to the trading standards authority who take a very dim view of people not complying to said act!
The warranty is only good if the lock is damaged/broken during the theft. If they cut the bike rack, and pick the lock later...no dice. If they pick the lock (BIC pen or whatever), no dice.
No, I'm suggesting it was stolen.
I'm suggesting that this guy had stolen far more than others, and he still wasn't satisfied with the fact the had more shit than most people and still didn't know how to deal with it.
I could have easily unscrewed the case, pulled the bios battery or hit the reset jumpers and looked up the default supervisor password through google. I can't prove it was stolen, its most likely it is, but then again, one can't go around calling the police simply because you think something is stolen.
Trolling? No. Why does every stupid motherfucker on Slashdot claim trolling just because they can't understand what the poster is saying. Its called fucking English. Thats what this forum is written in. Learn it.
Now that too was not a troll. I put it in there so that you can understand the difference between a flame and a troll. Generally used by the same individuals, but in this case it is posted by a separate group.
I have a vending machine to try this on. It is a GIII Royal Vendors unit similar to all machines used by Coca Cola for about the past 10 years (though the faces have changed). First, The tumbler takes a 270 degree turn of the key to unlock. Every time you turn it past a set of pins, you'd have to re-pick the lock. To open this lock, you'd have to pick it proably upwards of 15 times -- Due to the design of the machine, it would be easier to physically pop or drill the cylinder itself. If you just want to steal the money out of it, you can just go through the lexan and use a crowbar to get at the coin changer and overflow box. Accessing the bill changer storage will require the lock to be removed.
Royal Vendors sells high security versions of these machines, though that put a large steel bar over the normal cylinder that can be locked with a padlock. They can also replace the lexan front with sheet steel and add plating around the front door to make it impossible to wedge a pry bar in there easily. My machine has the padlock bar and the side plating, but not the steel front.
Coke machines aren't really worth breaking into for the ~$100 or less that you could get out of them..
Yes, up here in Scandinavia all we do is where clogs and dance in circle, and nobody ever takes anything. Why the hell does bullshit like this even get moderated up?
If you leave a bicycle unlocked in Sweden, it will get stolen. If you don't believe me, I suggest you come here and try.
For the record: the number of bicycle thefts per 100 people in America in the year 2000: 2.7. In Sweden: 9.4.