Lock bumping

[unixronin]

You may or may not have already seen this news video on a relatively new lockpicking technique called lock bumping.  I just spent about half an hour reviewing various information on it, and it's pretty alarming.

Basically, lock bumping amounts to a class break for ALL mechanical cylinder locks.  It doesn't matter what brand or how many pins.  Five-pin, seven-pin, three-row firteen pin, they're all vulnerable.  All you need is a key blank for the lock type in question and some work with a file (or a couple of minutes on a key cutting machine for that key type), and any cylinder lock can be opened in seconds.

Some US reports assert that more expensive US-made locks (Medeco and Schlage Primus were mentioned by name) are immune to lock bumping.  Lock experts in Germany and the Netherlands say no, it doesn't matter; no mechanical cylinder lock offers any more protection than any other.  In some ways, the more expensive locks are easier to open, because they're machined to tighter tolerances and are smoother internally.

The unpleasant but simple truth seems to be that any mechanical cylinder lock — be it KwikSet, Yale, Schlage, Wiseco, Medeco, or whoever — is now only a psychological barrier, offering no real security whatsoever.

Now that the technique is well known, it's probably possible to design a mechanical lock that cannot be opened by bumping.  How long it will be before they appear on the market is anyone's guess; and how will you know a lock that really is immune to bumping from one that simply claims to be immune but is mechanically unchanged inside?

It may be time to move to electronic locks, or perhaps to electronically coded keys such as those that are becoming increasingly common in cars.  General Motors introduced them first, to my knowledge; it was a simplistic scheme — the keys had an embedded resistor, and if the onboard computer didn't see the correct resistance when the key was turned, it refused to start the car, and (if memory serves) wouldn't allow another attempt for 20 minutes.  Modern coded keys use a digital code and may have many thousands of combinations.  Mercedes-Benz uses infra-red "smart keys" that have no mechanical locking component to the ignition lock at all.

(Note:  I didn't intend to imply this was something brand new.  I said, "relatively new."  It's been known for about a year now, as ilcylic points out.  This was just the first time I'd looked into it in this detail and considered the implications for the real security of what we now consider to be "safe and secure" locks.)

Comments

[lisa-marli.livejournal.com]

I drive a Prius which has a transponder chip inside. It has 1000s of codes but can technically be broken. But one needs a reader close by with all the correct stuff, Or be willing to send out 1000s of codes until one works, ie it ain't easy.
What I like is you step up to the car and the interior light comes on. You touch a certain spot and the doors unlock. Push the start button with your foot on the brake and the car starts. All while the key fob sits in your purse or pocket.
I also like - Leave the keys in the car and the door doesn't lock. Yeah, I've done that WAY too often. That would obviously not be in effect for a front door of a house.
Still the basic idea would be nice for the house. Go to the front door and certain lights come on. Touch a plate and the door unlocks and you can then just open the door. Once inside the house, touch the plate and door is locked again.
Yes there would need to be some sort of emergency over ride, so that if you don't have the key with you when you are trying to leave the house you can still get out. But may be have it trigger an alarm or something. So that if someone broke in via another way (like a window) if they use the front door to leave, the alarm goes off. Think about it, if you are leaving in an emergency having the alarm go off isn't a bad thing either.
Several in the Prius Group have been dreaming...
And there are the new Digital Front Door Locks I've seen floating around. They are nice, lots of codes, you can change them easily. More than one code can be set (give a throw away code to a tradesman working at the house, etc). They are nice and don't require a key.
But I do believe the future is some sort of Proximity device.

[jilara.livejournal.com]

For either one, house or car, there's a law of unintended consquences. With either one, you can still steal the contents by breaking the window, if you figure the response time to the alarm is long enough. Electronic keys are turning out to have an unexpected downside with car theft, though. In some places, the car thieves simply wait for the owner, mug him/her, and take the key.