Flaw in Winkhaus Blue Chip Lock
The Winkhaus Blue Chip Lock is a very popular, and expensive, 128-bit encrypted door lock. When you insert a key, there is a 128-bit challenge/response exchange between the key and the lock, and when the key is authorized it will pull a small pin down through some sort of solenoid switch. This allows you to turn the lock.
Unfortunately, it has a major security flaw. If you put a strong magnet near the lock, you can also pull this pin down, without authorization -- without damage or any evidence.
The worst part is that Winkhaus is in denial about the problem, and is hoping it will just go away by itself. They've known about the flaw for at least six months, and have done nothing. They haven't told any of their customers. If you ask them, they'll say things like "it takes a very special magnet."
From what I've heard, the only version that does not have this problem is the model without a built-in battery. In this model, the part with the solenoid switch is aimed on the inside instead of the outside. The internal battery is a weak spot, since you need to lift a small lid to exchange it. So this side can never face the "outside" of the door, since anyone could remove the batteries. With an external power supply you do not have this problem, since one side of the lock is pure metal.
A video demonstration is available here.
Posted on March 2, 2005 at 3:00 PM • 18 Comments