Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Study of Physical Hacks at DefCon

Posted by Zonk on from the old-ways-are-the-best-ways dept.

eldavojohn writes "DefCon usually focuses on electronic security, but Saturday a talk was held that focused on possibly the oldest form of hacking — lockpicking. As software security becomes better and better, the focus may be shifting towards simple hacking tips like looking over someone's shoulder for their password, faking employment or just picking the locks to gain access to the building where machines are left on overnight. From the article: 'Medeco deadbolt locks relied on worldwide at embassies, banks and other tempting targets for thieves, spies or terrorists can be opened in seconds with a strip of metal and a thin screw driver, Marc Tobias of Security.org demonstrated for AFP ... Tobias says he refuses to publish details of 'defeating' the locks because they are used in places ranging from homes, banks and jewelers to the White House and the Pentagon. He asked AFP not to disclose how it is done.' I'm sure all Slashdot readers are savvy enough to use firewall(s) but do you know and trust what locks 'physically' protect your data from hacks like these?"

5 of 299 comments (clear)

  1. "Hacking" by Arthur+Grumbine · · Score: 5, Informative
    From TFS,

    "...simple hacking tips like looking over someone's shoulder for their password."

    How far the meaning of this word has come from it's original usage.

    --
    Now that I think about it, I'm pretty sure everything I just said is completely wrong.
  2. Re:Backstop that lock... by swb · · Score: 4, Informative

    No, it was meant to be serious. Locks keep out honest people and lazy criminals (given how often the police issue updates reminding us to lock the doors because they've had a run of unforced entry burglaries, there must be a lot of them).

    Weapons keep out ANYBODY, but watch out for criminal-friendly laws on deadly force that either require you to flee your own home or prove that you were threatened with imminent risk of death or great bodily harm.

    Fortunately where I live, deadly force is justified within your own home top stop the commission of a felony, and burglary is a felony.

  3. How Medeco locks work by Beryllium+Sphere(tm) · · Score: 4, Informative

    The cuts in the key are individually angled so they rotate the tumblers as well as lifting them. Slots in the tumblers are lined up by the rotation to unlock a sidebar that fits into a longitudinal slot in the cylinder.

    Bump keys can't even get started opening that.

    More burglars have feet than have lockpicking skills. Step one in physical security is to combat kick-in attacks. Replace your strike plate, which I can almost guarantee is inadequate, with a reinforced model like the Mag-3 and most important, install it with #10 wood screws at least 3" long, so it can't tear out of the studs when subjected to a good kick. Predrill the holes and put soap on the threads so you don't break screws as you install it.

    A block watch is a great idea too. Neighbors are a security mechanism.

    An alarm system also protects you against fire, which depending on where you live can be a bigger threat than burglary.

  4. Re:Backstop that lock... by kd5ujz · · Score: 4, Informative

    I take it you have not seen the "Protected by Smith & Wesson" Signs.

    http://www.smith-wesson.com/webapp/wcs/stores/serv let/CustomContentDisplay?langId=-1&storeId=10001&c atalogId=11101&content=36818

    http://www.preparedness.com/protbysmitwe.html

    --
    -William
    God is everything science has yet to explain.
  5. Re:How to pick Medeco locks by mlts · · Score: 4, Informative

    From what the original poster's article said, this appears to be a valid method against the original Medeco and the Medeco Biaxial line [1], but I don't see how this would have any effect at all versus the latest Medeco3 mechanism (well, latest since 2003), which uses side bitting on the key as well as the usual Medeco rotating pins.

    Other than Medeco, there is one type of lock that would be excellent for security, Abloy's Protec line, which from what I read takes 10-12 hours to pick even for the pros at detainer disk type of locks. However, the Protec line isn't sold in the US. Older Abloy lines are decent, but it would take far less time for a pro to pick them open. There are other high security locks out there, and one can read from a lock site what the weaknesses are of each of them.

    Nothing is 100% secure. If some thief is determined enough to bypass something, they can.

    Lastly, high security locks just one tool, in a toolbox of security options. If its worth locking with a high security cylinder, its worth having a centrally monitored alarm system (with a duress code [2] option.)

    [1]: Biaxial isn't that much more secure than the original Medeco, but it allows for (IIRC) 10 times as many key combinations, allowing for more flexible keying options.

    [2]: Yes, home invasions are on the rise, so make sure an alarm system has a duress feature (where it disarms, but silently calls the central station)... and USE the alarm. If at home, use the alarm's "at home" feature which monitors the doors and windows, but doesn't arm the IR detectors. A high security lock is no good when it is opened by the owner at gunpoint.