Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« Bruce Schneier Facebook Page | Main | Al-Mabhouh Assassination »
February 18, 2010
Opening Locks with Foil Impressioning
Interesting blog post, with video demonstration, about an improved tool to open high security locks with a key that will just "form itself" if you insert it into the lock and wiggle it a little. The basic technique is a few years old, but the improvements discussed here allow the tool to open a wider variety of locks than before.
Posted on February 18, 2010 at 6:21 AM • 16 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Cybergibbons • February 18, 2010 6:59 AM
There's always been a couple of issues with foil impressioning:
1. Ensuring that a low cut won't cause the foil to deform so much that the adjacent pins (which could be relatively high) aren't impressioned accurately.
2. Ensuring the foil isn't crushed as you insert the key into the lock.
You can do this on a pin tumbler lock by firstly scoring the foil between each pin, and inserting a thin but strong shim alongside the key during insertion. Remove the shim, and start wiggling.
This is the same, but for dimple locks. They've always been a bit more awkward due to the plane of the pins being in the thin direction of the key.
It's disturbing how quickly certain locks can be opened like this.
Phillip • February 18, 2010 8:03 AM
The website seems slow and indeed, it just timed out. Could it be Bruce S. is now like digg or SlashDot?
Capable of taking down smaller websites by a mere mention on his blog?
Chasmosaur • February 18, 2010 8:31 AM
This is off topic for this post, but I was wondering if Bruce had seen this piece of news:
"[Ashton Kutcher] has joined a delegation of politicians and boffins, which has jetted off to Russia to offer advice and tips about how technology can help lawmakers. "
http://www.hollywood.com/news/...
Who needs real security when you can have Ashton Kutcher? *slaps forehead*
RT • February 18, 2010 9:14 AM
The article is also on recent posts for Boing Boing, which is very popular, so that's probably why the increased traffic.
BF Skinner • February 18, 2010 10:32 AM
@Chasmosaur ""[Ashton Kutcher] has joined a delegation of politicians and boffins"
More than a pretty face? Who knew.
Iso Su • February 18, 2010 11:11 AM
Cool gadget indeed! Here's cache of the page:
http://74.125.47.132/search?...
Clive Robinson • February 18, 2010 11:48 AM
Foil impresioning is just one of many ways.
When I was young I realised you could impression a (mortice) lock with engineres blue ot just plain chalk dust.
All mechanical locks can be impressioned in one way or another with time and patience. The trick as pointed out by cybergibbons is working out how to stop other parts of the lock masking the little tell tales you are looking for.
Impressioning is one of the reasons the lock industry has been stuck in a rut for the last god knows how long.
Locksmiths don't want to ruin what they have, their little trade secrets etc. And the mystique of "trade secrets" actually holds them back in that they tend to defere (belive) "a master" without question when told something "cannot be done" rather than find out "it can" for themselves.
Mat Blaze (www.crypto.com) has had some interesting run ins with "Brotherhood" in the past.
I'm of the opinion that a curious child can be entertained for hours by being shown how to do basic lockpicking and is actually less likely to use it for "naughtyness".
I know when I was younger teachers etc came to accept the fact that I could "open doors that others could not" rather than wait for the key. Ultimatly even a Headmaster came to realise it was usefull (when he locked himself out of his office ;)
I guess the real reason I never turned to crime is I'm just to easily recognisable (@ BF Skinner - that does not mean I do actually look like what you think ;)
Clive Robinson • February 18, 2010 12:22 PM
@ Chasmosaur,
"Who needs real security when you can have Ashton Kutcher?"
I suppose I could show how un "cool/hip/trendy" I am (as if those words where not enough ;) by saying,
Who He?
But I guess I shall have to get all a twitter about the news at some point, after all,
"Darlings www.hollywood.com is, oh Oh OH such a serious news channel..."
jgreco • February 18, 2010 1:38 PM
@Clive Robinson
Didn't you hear? Being ignorant of meaningless hollywood figures is cool/hip/trendy in so called "indy" crowds! ;)
@Barry Wels
Thanks for the link. I can't say I entirely follow how this works but it's pretty fascinating.
Fuzzy • February 19, 2010 10:37 AM
Based on the program "Punk'd", it would appear that Ashton Kutcher may actually have a good grasp of 'social engineering'. Basically how to defeat security by depending upon the naivete of most people.
Rick Damiani • February 20, 2010 12:03 AM
Physical security, like computer security, depends on defense in depth. That this lock requires a collection of special tools, preparation, and time to overcome means that it's doing it's part to slow down unauthorized access.
Clive Robinson • February 20, 2010 6:07 PM
@ Rick Damiani,
"That this lock requires a collection of special tools, preparation, and time to overcome means that it's doing it's part to slow down unauthorized access"
Barely.
Let me put it this way, you buy a lock for several reasons two of which are,
1, As a general deterant.
2, As a method of reducing insurance premiums.
Both are designed to make a naredowell go to a softer target etc.
If I walk up to your door today and briefly press a little putty against the lock whilst apearing to ring the bell, then wait a little while then walk off.
I have an impresion of the lock face and key way. At home I look up the makers name ad the keyway profile and get a blank (fairly easy to do).
I make up the foil key in this evening it takes maybe twenty five minutes.
Tomorrow I park up oposit your place and wait for you your loved ones etc to go out.
I go across to your door and again pretend to ring your bell whils working the foil key.
Your door opens after a few minutes.
One of two things is going to happen.
1, It goes wrong for me in some way lets say that the burgler alarm starts it's countdown or a dog starts barking or I hear somebody in your house. In which case I step back outside pull the door to and go away.
2, I walk in and search around and selectivly take only a couple of items that are not immediatly obvious they have gone and I leave.
You come back,
If 1 has happened you put the alarm down to an accidental trigger.
If 2 you spend the rest of tomorow in your house being none the wiser.
Either way with high probability you'll be moving around doing your thing and destroying any eveidence of my physical prescence.
Let's say I did take a couple of items and a few days from now you discover one of the items is missing.
Who are you going to blaim me or a member of your family or friends etc.
Whilst not a perfect crime I could if I was carefull how I fenced things do a house or two a day virtually any day of the week I chose for a very long time. I could after a few months come back to visit you again...
Locks alone are not enough of a deterant these days you need to back them up not just with alarms but covert CCTV these days.
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Subscribe |
Subscribe via Kindle |
| Blog Menu |
SearchPowered by DuckDuckGoBlog Home Page
Archives by Date2013 J F M A M
Tags  |
| Latest Book |
more books by Bruce Schneier |
Comments