Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kryptonite U-Lock Security Flaw

Posted by ryuzaki0 on from the new-york-bike-thieves-not-impressed dept.

An anonymous reader writes "Once upon a time, a magic marker was able to defeat the Key2Audio copy protection scheme of older Sony CDs. Now, it has been shown that a Bic pen can easily open several models of Kryptonite U-locks. Please patch your systems, or install a tracking device on your bikes!"

9 of 554 comments (clear)

  1. They are offering a replacement by lecithin · · Score: 4, Informative

    From their home page:

    "Canton, MA September 17, 2004 - Kryptonite today announced it will provide free product upgrades for certain locks purchased since September 2002, in response to consumer concerns about tubular cylinder lock technology. Consumers can visit the company's Website (www.kryptonitelock.com) on Wednesday afternoon, September 22, 2004, to learn how they can participate in the security upgrade program."

    --
    It could be worse, it could be Monday.
  2. Previous Discussion by sahrss · · Score: 4, Informative

    First I thought this story was a dupe, then I realized I was just remembering videos and comments from a previous discussion in the "Steel Bolt Hacking" story.

  3. The videos by BReflection · · Score: 5, Informative

    Lockpick Video one

    Lockpick Video two

    Lockpick Video three

    Lockpick Video four

    Lockpick Video five

    --
    python -c "x='python -c %sx=%s; print x%%(chr(34),repr(x),chr(34))%s'; print x%(chr(34),repr(x),chr(34))"
  4. It's twue! It's twue! by Walter+Wart · · Score: 5, Informative

    I tried it out with my own lock. 30 seconds and it was open. I called the Kryptonite company. At the time they were aware of the problem and are rushing their next generation of cylinders into production.

    Interestingly enough, the problem was first reported in Britain in 1992. But it didn't go anywhere. Hurray for the age of fast information dissemination. And fast technology transfer to the bad guys.

    --
    The man who never alters his opinion is like the stagnant water and breeds Reptiles of the Mind -- William Blake
  5. This doesn't just affect Kryptonite locks by GuruHal · · Score: 5, Informative

    This is a flaw in the barrel style key system. I'm hardly a locksmith, but I've tried this on several of my locks and others just to prove the point, and the majority are not kryptonite locks. All of them have opened without more than 30 seconds of effort.

    The sick part is the problem has been well known to manufacturers since 1992, and nothing has been done about it.

    --
    "Quando Omni Flunkus Moritati" -- Red Green
    1. Re:This doesn't just affect Kryptonite locks by Witchblade · · Score: 5, Informative

      At my freshman orientation at Ohio State in 1993 we we told about this on the first day by the RAs. I'm really surprised at seeing the cycling community react with total shock to this. I also can't believe the manufacturers weren't aware of the problem a decade ago, since it seemed to be pretty well known then.

  6. Problems with the lock by bluewee · · Score: 4, Informative

    Tubular locks are usually designed so you have to turn it at least a quarter turn to open it, which would involve picking the lock several times. The Kryptonite they show releases the shackle in an intermediate position -- bad design there. A real tubular lock pick should open those locks; a simple plastic cylinder of the right diameter should not.

    --
    [blue] - The Ministry of Information approved this message...
  7. upgrade won't fix it by djtack · · Score: 4, Informative

    Kryptonite today announced it will provide free product upgrades

    From what I have read, the upgrade will replace the lock core with one of a smaller diameter. This isn't really a long term fix - someone will probably discover a different brand of pen that will open the new locks as well.

    I have tried the Bic pen on my own Krypto lock - and it's really easy. The strange thing is, this isn't some design flaw with the lock. Everyone (hopefully) knows that all locks can be picked. But, it should be hard, requiring specialized tools and some skill. The Bic pen seems to have just the right magical combination of size, and balance of hard/soft plastic, that it makes an astonishingly effective lock pick. After opening my lock, the pen barrel had divots in it from the pins that looked just like my key. The plastic seems hard enough to push the pins down until they set, but then soft enough to hold the pin in that position.

    Also, this isn't exactly breaking news.

  8. Re:More free prizes? by GoRK · · Score: 4, Informative

    I have a vending machine to try this on. It is a GIII Royal Vendors unit similar to all machines used by Coca Cola for about the past 10 years (though the faces have changed). First, The tumbler takes a 270 degree turn of the key to unlock. Every time you turn it past a set of pins, you'd have to re-pick the lock. To open this lock, you'd have to pick it proably upwards of 15 times -- Due to the design of the machine, it would be easier to physically pop or drill the cylinder itself. If you just want to steal the money out of it, you can just go through the lexan and use a crowbar to get at the coin changer and overflow box. Accessing the bill changer storage will require the lock to be removed.

    Royal Vendors sells high security versions of these machines, though that put a large steel bar over the normal cylinder that can be locked with a padlock. They can also replace the lexan front with sheet steel and add plating around the front door to make it impossible to wedge a pry bar in there easily. My machine has the padlock bar and the side plating, but not the steel front.

    Coke machines aren't really worth breaking into for the ~$100 or less that you could get out of them..