Slashdot Mirror


Kryptonite U-Lock Security Flaw

An anonymous reader writes "Once upon a time, a magic marker was able to defeat the Key2Audio copy protection scheme of older Sony CDs. Now, it has been shown that a Bic pen can easily open several models of Kryptonite U-locks. Please patch your systems, or install a tracking device on your bikes!"

9 of 554 comments (clear)

  1. Hmmm... by TWX · · Score: 3, Interesting

    Those environmentalists in Neal Stephenson's Zodiac won't be very happy to learn this...

    --
    Do not look into laser with remaining eye.
  2. New York Lock... by SealBeater · · Score: 4, Interesting

    I used to be a bike messenger and I would have always told you, use a New York
    Lock, which by the way, isn't vunerable to this attack. It's the best lock in
    the world, but at $50, only bike messengers seem to care enough/or know enough
    to pay the money. Honestly, I can't count the number of times I've seen
    expensive 1K and up bikes locked up with a $20 lock. If that.

    SealBeater

    --
    -- Its survival of the fittest...and we got the fucking guns!!!
  3. Warranty by Comatose51 · · Score: 3, Interesting

    I remember Kryptonite locks have a manufacturer's guarantee against thief. Is this covered? If someone's bike gets stolen, would they replacec it still?

    --
    EvilCON - Made Famous by /.
  4. Re:This doesn't just affect Kryptonite locks by evilviper · · Score: 4, Interesting
    This is a flaw in the barrel style key system.

    No it isn't. It's a flaw in any cheap locks. You can open filling cabinets with a popsicle stick as well, and they aren't barrel locks.

    This is a problem with any lock.

    There are 2 things that a lock needs to prevent picking.

    1) A system that will prevent it from unlocking if any tumbler is pushed even slightly further than it should have been. If this isn't in-place, even a blank-key that fits the lock will open it.

    2) A system that prevents the tumblers from contacting with the locking mechanism. Otherwise, it's trivially easy to pick.

    And that's only to impliment basic security. I don't have any format training, but I can open 90+% of locks I see...

    Amazing as it may seem, quite a few safes don't follow rule #2. That means you can find the combination as fast as you could open it if you knew the combination. Also, it doesn't require any suspicious activity, as you just have a hand on the dial and a hand on the handle like you're someone that should be there...
    --
    Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  5. It _IS_ a design flaw. by Anonymous Coward · · Score: 5, Interesting

    The pins in the lock are vunlerable to being raked because they're all set in roughly the same position. If they were disparate, you couldn't successfully rake them (except if you were very lucky and could bite chunks out of your bic pen to match the right key :)

  6. Re:Read slashdot. by FiloEleven · · Score: 3, Interesting

    Not actually true. There's a lot of discussion on some bike forum (linked from the Slashdot article on lockpicking, which I suspect the submitter ganked this story from) and in the midst of pissing and moaning (and rightfully so) it's pointed out that the pins on the Kryptonite locks have a much smaller length span than in most locks. Also, it only takes a quarter turn of the Kryptonite lock to unlock it, whereas more secure tubular locks must be turned farther. (posting from memory, so adequately, but not completely accurate)

  7. Re:people suck. by Free_Meson · · Score: 3, Interesting

    There's actually been a lot of work done studying the replacement rate for criminals. In areas like this (petty theft of unsecure items on the street) or drug dealing, a criminal who is arrested is often replaced on the street by another criminal before he's fingerprinted... You can't stop crime by locking up criminals because many crimes are created by some combination of poverty, opportunity, and moral flexibility. In the case of drug dealers (the class of criminal for whom this is most true), there's not even the moral flexibility requirement. (It's plainly not immoral to sell drugs -- merely illegal.)

  8. Re:people suck. by grainofsand · · Score: 3, Interesting

    Not true. In my eight years here in China / Taiwan, I have never found an unlcoked bike (regardless the bike's age or condition).

    Almost every domestically made bike comes with a fixed wheel lock operated by a key.

    The first and only bike I bought in China was from a market in Beijing specialising in stolen bikes. I had it for about a week until it was stolen.

    In every city and large town there are bike park lots staffed with security staff who take your 10 cents and guard over the bikes.

    --
    A dream is good. A plan is better.
  9. GOD damn I'm sick of these posts! by theLOUDroom · · Score: 3, Interesting

    WTF PEOPLE!!
    This isn't a "known caveat", this is gross neglience on the part of a manufacturer.


    While this is certainly something that lock manufacturers need to deal with, everyone needs to also keep one simple idea in mind.
    The purpose of a lock is to keep honest and semi-honest people from taking your stuff. If someone is damned and determined to take your bike, he's going to get it, regardless of what lock you use.


    People like you are totally missing the point. This is like an airbag company making airbags that don't work 90% of the time! Sure it's a better idea never to get in an accident, but that's not the frickin point.

    The point is kryptonite's locks are billed as "highly secure". They are not. This has been known in select circles (and kryptonite was informed) since at least 1992, yet the manufacturer has done nothing with that information to fix the problem.

    I also have to nod in agreement with an earlier poster who pointed out that for the price of a fancy lock, you can get a bike that no one wants to steal.

    This is total nonsense. Increbile POS bikes get stolen all the time, see my post about my friend's bike.

    --
    Life is too short to proofread.