D1 - Marc Weber Tobias - The In Security of Mechanical Locks

56
OPENING LOCKS IN TEN SECONDS OR LESS: Is it a real threat to security? Bumping as a method of covert entry ©2007 Marc Weber Tobias

Transcript of D1 - Marc Weber Tobias - The In Security of Mechanical Locks

Page 1: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

OPENING LOCKS IN TEN

SECONDS OR LESS:

Is it a real threat to security?

Bumping as a method of covert entry©2007 Marc Weber Tobias

Page 2: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

ATTACK ON LOCKS: TWO

THREATS TO SECURITY

♦ MECHANICAL LOCKS ARE SUBJECT

TO BYPASS

♦ ACCESS CONTROL SYSTEMS UTILIZE

MECHANICAL LOCKS

♦ THREE PRIMARY ISSUES FOR I-T:

– Bumping

– Master key extrapolation

– Ability to replicate keys

Page 3: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

A THREAT TO THE I-T

ENVIRONMENT

♦ NON-SOPHISTICATED ATTACKS

♦ EASY TO ACCOMPLISH

♦ NO FORENSIC TRACES

♦ LOW RISK OF DETECTION

♦ 3T-2R RULE

♦ CAN COMPROMISE AN ENTIRE

FACILITY OR CRITICAL LOCKS

Page 4: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

LOCKS PROVIDE SECURITY

♦ Protect doors, safes and barriers from being

opened

♦ They control movement of barriers to entry

♦ Relied upon as first level of security

♦ Most popular: pin tumbler designs

Page 5: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

TYPES OF LOCKS

♦ WARDED

♦ LEVER

♦ WAFER AND DISK TUMBLER

♦ PIN TUMBLER

♦ HYBRID: COMBINED TECHNOLOGIES

♦ COMBINATION

Page 6: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

PIN TUMBLER LOCK

♦ 4000 year old Egyptian design

♦ Re-invented by Linus Yale in 1860

♦ Modern pin tumbler: split pins

♦ 95% of locks

♦ Low to high security applications

♦ All based upon Yale design

– Billions of locks

– Many different configurations

Page 7: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

OPENING LOCKS:

Covert Methods of Entry

♦ PICKING

♦ IMPRESSIONING

♦ DECODING

♦ EXTRAPOLATION OF TMK

♦ BUMPING

– Move all pins to shear line together or

separately

– Allow plug to turn without obstruction

Page 8: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

CMOE AND SECURITY RATING

♦ SPECIAL TOOLS

♦ TRAINING AND EXPERTISE

♦ TIME REQUIRED

♦ RELIABILITY AND REPEATABILITY

OF RESULTS

♦ DAMAGE TO LOCKS

♦ FORENSIC TRACE

Page 9: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

WHAT IS SECURITY IN A LOCK

♦ Perfect world: cannot open without correct

key or code;

♦ Reality: Levels of difficulty or resistance to

forced and covert entry techniques

– Type of mechanism

– Secondary locking systems

– Security enhancements

Page 10: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

BUMPING: A NEW OLD THREAT

♦ KNOWN SINCE 1925

♦ WAS NOT SIGNIFICANT METHOD OF

BYPASS

♦ NEW THREAT RAISED IN 2004

♦ TOOOL, BARRY WELS, OTHERS

♦ NOT POPULAR IN U.S. UNTIL 2006

Page 11: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

NETHERLANDS TESTS

♦ CONSUMER REPORTS AND DUTCH

LAW ENFORCEMENT AND TOOOL

♦ VALID AND COMPREHENSIVE

♦ MARCH, 2006 TEST OF ABOUT 70

MANUFACTURERS

♦ LARGE SAMPLE

♦ RELEVANT TO THE U.S. MARKET

Page 12: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

NETHERLANDS TEST RESULTS

♦ MOST LOCKS COULD BE OPENED

WITHOUT DIFFICULTY

♦ CONVENTIONAL AND HIGH

SECURITY CYLINDERS OPENED

♦ MOST LOCKS NOT SECURE

Page 13: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

THE THREAT FROM BUMP KEYS

♦ IF CAN OBTAIN A KEY THAT FITS

THE LOCK THAT HAS ALREADY

BEEN CUT

– EASY TO LEARN BUMPING

– ANYONE CAN OPEN A LOCK

Page 14: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

BUMPING POSES A SERIOUS

THREAT TO SECURITY

♦ AFFECTS MILLIONS OF LOCKS

♦ CRITICAL INFRASTRUCTURE OFTEN

PROTECTED BY POOR LOCKS

♦ PROTECT PRIMARY PRIVACY AND

COMMUNICATIONS

♦ FEDERAL REQUIREMENTS FOR

INFORMATION SECURITY

Page 15: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

BUMPING: CRITICAL ISSUES

♦ 95% OF LOCKS VULNERABLE

♦ EVERYONE WHO RELIES ON LOCKS

MUST UNDERSTAND RISK SO CAN

MAKE OWN JUDGMENT

♦ LEGAL ISSUES OF LIABILITY

♦ SECURITY ISSUES

Page 16: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

WHY IS BUMPING A THREAT

♦ SIMPLEST FORM OF BYPASS

♦ 3T-2R RULE TO ASSESS SECURITY AGAINST COVERT ENTRY

–TRAINING

–TIME

–TOOLS

•REPEATABILITY

•RELIABILITY

Page 17: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

USPS LOCKS: 5 SECONDS TO

IDENTITY THEFT

Page 18: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

PRIMARY THREAT LEVELS

♦ SYSTEM INTELLIGENCE

♦ AVAILABILITY OF KEYS

– SECURITY RISKS CHANGE

SIGNIFICANTLY IF PRE-CUT

• ONLY REQUIRES SLIGHT TRAINING

Page 19: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

THREAT LEVEL 1:

SYSTEM INTELLIGENCE

♦ NO INTELLIGENCE

– STANDARD PIN TUMBLER LOCK

♦ PRIOR INTELLIGENCE

– SECONDARY LOCKING SYSTEM

– MEDECO, ASSA

Page 20: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

THREAT LEVEL 2: KEYS

♦ PRODUCING A BUMP KEY

– FROM BLANKS

– FROM CUT KEYS

♦ BUYING A PRE-CUT BUMP KEY

Page 21: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

CMOE AND SECURITY

RATINGS

♦ SPECIAL TOOLS

♦ TRAINING AND EXPERTISE

♦ TIME REQUIRED

♦ RELIABILITY AND REPEATABILITY

OF RESULTS

♦ DAMAGE TO LOCKS

♦ FORENSIC TRACE

Page 22: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

BUMPING: A METHOD OF

COVERT ENTRY – METHOD TO OPEN LOCKS IN SECONDS

– FASTEST AND EASIEST WAY TO OPEN

– VIRTUALLY NO SKILL REQUIRED

– EASY TO LEARN

– NO SPECIAL TOOLS

– 95% OF LOCKS CAN BE BYPASSED

– OPEN SOME HIGH SECURITY LOCKS

– USUALLY NO TRACE OR DAMAGE

– RELIABILITY OF RESULTS

– REPEATABILITY OF THE PROCESS

Page 23: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

YALE + NEWTON = BUMPING

♦ VIRTUALLY ALL TRADITIONAL

YALE LOCKS CAN BE OPENED BY

BUMPING

♦ RELIABLE

♦ REPEATABLE

♦ SIMPLE TO LEARN

Page 24: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

THE PHYSICS OF BUMPING:

SIR ISAAC NEWTON: 1650

♦ THE FATHER OF

BUMPING OF

LOCKS

♦ THIRD LAW OF

MOTION:

– “For every action,

there is an equal and

opposite reaction”

Page 25: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

1860: YALE PIN TUMBLER

LOCK

♦ Modernized the

Egyptian single pin

design

♦ Utilized two pins for

locking

♦ Double-detainer

theory of locking

♦ Created shear line

Page 26: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

MODERN PIN TUMBLER LOCK

Page 27: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

BUMPING: BACKGROUND

♦ ENGLAND: 1925, GEORGE BARON

♦ 999, CODE 12, PERCUSSION KEY

♦ DENMARK, 25 YEARS AGO

♦ DEVELOPED BY LOCKSMITHS TO

RAP OPEN A CYLINDER

♦ ORIGINAL TECHNIQUE HAS BEEN

IMPROVED UPON TO MAKE

BUMPING A SIGNIFICANT THREAT

Page 28: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

BUMPING: SIX CRITICAL

ELEMENTS

1. KEY WITH CORRECT KEYWAY

2. CUT TO ALL “9” DEPTHS

3. BUMPING TECHNIQUE

4. METHOD TO APPLY ENERGY TO

PINS

5. TORQUE AND TIMING

6. TRAINING

Page 29: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

1: KEY WITH CORRECT

KEYWAY

♦ SOURCES

– COMMERCIAL STORES

– LOCKSMITHS

– INTERNET

– KEY TO ANY LOCK IN A FACILITY

– MODIFIED KEY: MILLED BLANK

Page 30: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

2: CUT TO ALL “9” DEPTHS

♦ HAND-CUT WITH FILE

♦ CODE CUT WITH PUNCH OR MACHINE

♦ INTERNET SITES

– ALL KEYS OF SAME KEYWAY CAN BE

MADE TO WORK

Page 31: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

NEGATIVE SHOULDER

Page 32: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

BUMP KEYS

Page 33: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

3: BUMPING TECHNIQUE

♦ TWO TECHNIQUES FOR BUMPING

– WITHDRAW KEY ONE POSITION

• NO MODIFICATION REQUIRED

– NEGATIVE SHOULDER METHOD

• REDUCE SHOULDER BY .25 mm

♦ DESIGN OF KEY DEPENDS UPON

TECHNIQUE OF BUMPING

Page 34: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

BUMPING: INSERT THE KEY

Page 35: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

BUMPING: APPLY ENERGY

Page 36: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

HOW BUMPING WORKS

♦ DOLEV MODEL

Page 37: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

4: METHOD TO APPLY ENERGY

♦ STRIKE HEAD OF

KEY

– “TOMAHAWK”

– SCREWDRIVER

HANDLE

– WOODEN OR

PLASTIC MALLET

– WOODEN STICK

– OTHER TOOLS

Page 38: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

5: TORQUE + TIMING

♦ TWO METHODS TO APPLY TORQUE

♦ REQUIRED TO TURN THE PLUG AT

THE RIGHT MOMENT

– TORQUE + ENERGY TO KEY

– ENERGY TO KEY THEN TORQUE

Page 39: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

6: TRAINING

♦ EASY TO LEARN

♦ LESS THAN ONE HOUR

♦ NETHERLANDS TESTS

♦ KELO-TV REPORTER, TEN SECONDS

Page 40: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

BUMPING DEMONSTRATION

♦ INSERT BUMP KEY

– TWO METHODS OF BUMPING

• Withdraw one position and strike

• Negative shoulder method

♦ APPLY TORQUE

♦ APPLY ENERGY TO HEAD OF KEY

♦ BOUNCE PINS

♦ TURN THE PLUG

Page 41: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

MBE SECURITY: 5 SECONDS

Page 42: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

HIGH SECURITY MANUFACTURERS:

OUR LOCKS ARE “BUMP-PROOF” !

♦ Manufacturer’s Claims:

– Bumping does not work

– Our locks are bump-proof

♦ Sidebar Locks that are Secure: Maybe

– Medeco Biaxial and M3

– Assa

– Mul-T-Lock: Classic, 7x7, Interactive

– Other Sidebar designs

Page 43: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

HIGH SECURITY LOCK

DESIGNS

Page 44: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

SIDEBAR LOCKS - ASSA

Page 45: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

ASSA HIGH SECURITY?

Page 46: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

MUL-T-LOCK HIGH SECURITY?

Page 47: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

MUL-T-LOCK INTERACTIVE

Page 48: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

MUL-T-LOCK MT5

Page 49: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

GENERIC LOCKS THAT

CANNOT BE BUMPED OPEN

♦ WARDED

♦ LEVER

♦ WAFER AND DISK WAFER

♦ COMBINATION

Page 50: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

EVVA 3KS SLIDER

Page 51: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

COMPLICATING FACTORS

♦ SECONDARY LOCKING MECHANISM

– SIDEBARS

– INTERACTIVE COMPONENTS

♦ DIRT AND DEBRIS

♦ SPECIAL PINS

♦ BROKEN SPRINGS

♦ PIN STACK LENGTH

♦ RESTRICTED BLANKS

♦ REQUIRES MORE THAN ONE MINUTE

Page 52: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

U.S. LAWS

♦ 60 YEAR OLD FEDERAL STATUTE

CONTROLS “NON-MAILABLE

MATTER”

♦ SOME JURISDICTIONS: NO LAWS

♦ BUMP KEYS EXEMPTED

♦ INTERNET SITES SELLING PRE-CUT

BUMP KEYS AND “TOMAHAWK”

Page 53: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

PREVENTING BUMPING

♦ SPECIAL PINS AND MECHANISMS

♦ SECONDARY SECURITY: SIDEBARS

♦ SPRING BIAS DIFFERENCE

♦ SHORTER BORES

♦ EMPLOY CERTAIN HIGH SECURITY

LOCKIS

Page 54: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

NEEDED LEGISLATION

♦ PREVENT TRAFFICKING IN PRE-CUT

BUMP KEYS

♦ CHANGE POSTAL REGULATIONS

Page 55: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

MK SYSTEM DESIGN

♦ Most are easy to compromise

♦ Extrapolation: What is it?

♦ 3T-2R Rule

♦ Types of locks

♦ Restricted keyways

♦ Advanced protection

Page 56: D1 - Marc Weber Tobias - The In Security of Mechanical Locks

© 2007 Marc Weber Tobias

[email protected] REFERENCE MATERIAL

www.security.org– OPENING LOCKS BY BUMPING IN FIVE SECONDS OR

LESS: IS IT REALLY A THREAT TO PHYSICAL SECURITY?

• www.security.org/bumping_040206.pdf

– BUMPING OF LOCKS: LEGAL ISSUES IN THE U.S.

• www.security.org/bumping_legal_mwt.pdf

♦ Locks, Safes and Security: An International Police Reference, Marc Weber Tobias, 2001

♦ LSS+ The Multimedia Edition, 2006

www.toool.nl


Yale Locks 5300LN Series Electric Lever Cylinder Locks

Yale Locks 5300LN Series Electric Lever Cylinder Locks

Volume 5 Kenstan - Locks - Showcase locks/Cabinet Locks/High Security lockskenstan.com/pdf/Kenstan_Medeco_catalog.pdf ·  · 2017-11-07Introduction Cam Locks ... Plunger Locks Ratchet

Volume 5 Kenstan - Locks - Showcase locks/Cabinet Locks/High Security lockskenstan.com/pdf/Kenstan_Medeco_catalog.pdf ·  · 2017-11-07Introduction Cam Locks ... Plunger Locks Ratchet

S-Series and S200-Series - Door Hardware Center · Cylindrical Locks Deadbolts Cylindrical Locks Cylindrical Locks Mortise Locks . ... S-Series and S200-Series locks are designed

S-Series and S200-Series - Door Hardware Center · Cylindrical Locks Deadbolts Cylindrical Locks Cylindrical Locks Mortise Locks . ... S-Series and S200-Series locks are designed

D1-450D D1-650D D1-800D User Manual- Sanway Audiofr.pasoundsystem-es.com/uploads/201912490/D1-1KD... · D1-450D D1-650D D1-800D User Manual- Sanway Audio Author: Sanway Professional

D1-450D D1-650D D1-800D User Manual- Sanway Audiofr.pasoundsystem-es.com/uploads/201912490/D1-1KD... · D1-450D D1-650D D1-800D User Manual- Sanway Audio Author: Sanway Professional

1 5stift nalar d1 5l5 8 d1 5l6 8 d1 5l7 8 d1 5l9 8 d1 5l11 8 d1 5l13 8

1 5stift nalar d1 5l5 8 d1 5l6 8 d1 5l7 8 d1 5l9 8 d1 5l11 8 d1 5l13 8

SaFETy WIThoUT CoMPRoMISE – GEZE IQ LoCKS SELF-LoCKInG ... · GEZE IQ Locks Self-locking panic locks Self-locking panic locks Self-locking panic locks GEZE IQ Locks contents Foreword:

SaFETy WIThoUT CoMPRoMISE – GEZE IQ LoCKS SELF-LoCKInG ... · GEZE IQ Locks Self-locking panic locks Self-locking panic locks Self-locking panic locks GEZE IQ Locks contents Foreword:

Leanne Tobias

Leanne Tobias

Tobias reichmuth

Tobias reichmuth

Product range - Unico Components Ltd · 2014-02-26 · Product range: Coin Locks Combination Locks Espagnolette Locks Keys Lay on Locks Locks for Metal Furniture ... 01483 506987

Product range - Unico Components Ltd · 2014-02-26 · Product range: Coin Locks Combination Locks Espagnolette Locks Keys Lay on Locks Locks for Metal Furniture ... 01483 506987

IBC CONNECTIVITY — KEY REFERENCE · Please reference page 16 for IBC Valve Fittings and relevant keys: P1 D1 D1 D1 D1 D1 D1 D1 D1 P1 P1 P1 P1 P1 P1. CPP IBC ADAPTORS IBC Adaptors

IBC CONNECTIVITY — KEY REFERENCE · Please reference page 16 for IBC Valve Fittings and relevant keys: P1 D1 D1 D1 D1 D1 D1 D1 D1 P1 P1 P1 P1 P1 P1. CPP IBC ADAPTORS IBC Adaptors

Whatever. We’ve probably got your New Reg. · c1 bts d1 buk d1 bwb d1 bye c1 bys c d1 cae d1 cag d1 cbm d1 ccb d1 ccl d1 ccm b1 cct d1 cdp b1 cdt b1 cee d1 cef d1 ceg d1 cep d1

Whatever. We’ve probably got your New Reg. · c1 bts d1 buk d1 bwb d1 bye c1 bys c d1 cae d1 cag d1 cbm d1 ccb d1 ccl d1 ccm b1 cct d1 cdp b1 cdt b1 cee d1 cef d1 ceg d1 cep d1

SERIES 600 CATALOG - Propane Locks - Cam Locks

SERIES 600 CATALOG - Propane Locks - Cam Locks

Inner door locks. Project locks. - Nemef

Inner door locks. Project locks. - Nemef

CABINET LOCKS Cabinet Locks Section 2 · CABINET LOCKSCabinet Locks Section 2 CABINET LOCKS Index A Ace/Tubular Locks 8, 10 C Cabinet Locks 19, 20 Cam Locks 7, 8, 10, 12, 16, 17,

CABINET LOCKS Cabinet Locks Section 2 · CABINET LOCKSCabinet Locks Section 2 CABINET LOCKS Index A Ace/Tubular Locks 8, 10 C Cabinet Locks 19, 20 Cam Locks 7, 8, 10, 12, 16, 17,

Tobias Vestner

Tobias Vestner

Tobias Gabrielsson

Tobias Gabrielsson

D1 1000 Air D1 500 Air D1 250 Air D1 500 D1 250 1000 Air D1 500 Air D1 250 Air D1 500 D1 250 User´s Guide Profoto D1 2 Profoto D1 3 Thank you for choosing Profoto Thanks for showing

D1 1000 Air D1 500 Air D1 250 Air D1 500 D1 250 1000 Air D1 500 Air D1 250 Air D1 500 D1 250 User´s Guide Profoto D1 2 Profoto D1 3 Thank you for choosing Profoto Thanks for showing

CURRICULUM VITAE – Tobias C. Larssonipss2016.unibg.it/upload/CV_Larsson.pdf · CV Tobias C. Larsson 20151215 1 CURRICULUM VITAE – Tobias C. Larsson PERSONAL DATA Name: Tobias

CURRICULUM VITAE – Tobias C. Larssonipss2016.unibg.it/upload/CV_Larsson.pdf · CV Tobias C. Larsson 20151215 1 CURRICULUM VITAE – Tobias C. Larsson PERSONAL DATA Name: Tobias

Tobias Wozniak und Maria Hirnich Tobias Wozniak und Maria Hirnich

Tobias Wozniak und Maria Hirnich Tobias Wozniak und Maria Hirnich

A. C. Locks Company, Kolkata, Safety Locks

A. C. Locks Company, Kolkata, Safety Locks