Mailbox Master Keys

Here's a physical-world example of why master keys are a bad idea. It's a video of two postal thieves using a master key to open apartment building mailboxes.

Changing the master key for physical mailboxes is a logistical nightmare, which is why this problem won't be fixed anytime soon.

Posted on January 6, 2020 at 6:20 AM • 38 Comments

Comments

POLARJanuary 6, 2020 8:17 AM

There are thieves, actually filmed while robbing the contents of the mailboxes, and she is unnerved about "identity theft just waiting to happen".
Next on twitter: film of armed bank robbery and people unnerved about "passive aggressive attitude just waiting to happen on social media".

MeJanuary 6, 2020 8:53 AM

Could it be that they are just raking the lock?

I've watched a fair amount of "The Lockpicking Laywer"* and it seems that these style of locks are barely more than security theater. They could be raking the master lock because it grants better access, rather than raking the mailboxes individually.

Maybe switching the master to a Bowley** lock for this would be better (but much more expensive). It wouldn't help with the master key problem, but would apparently make picking/raking the master harder (confirmed by LPL). I would guess they would leave the rest the easily picked versions we all know and love due to the high cost of Bowley locks.

*https://www.youtube.com/channel/UCm9K6rby98W8JigLoZOh6FQ

**https://www.bowleylockcompany.com/

Clive RobinsonJanuary 6, 2020 9:06 AM

@ Bruce,

Changing the master key for physical mailboxes is a logistical nightmare, which is why this problem won't be fixed anytime soon.

It's a similar reason with "Fire Brigade Keys".

Back in the 1980's and 90's London had a thriving FM Pirate Radio scene. To get your signal out you needed the antenna to be as high as possible. Thus tower blocks of flats especially on hills were well sort after.

The problem was unlocking the roof door. Often there was a "break glass" key holder next to the door with a key in helpfully labled "FB1 through FB3" the same with paddlocks on emergancy gates. Some pirates just smashed the glass and stole the key, which was silly because many of the break glasses got wired into the building fire alarm system.

As I've mentioned before, complicated though keys look, they are cut on a grid system which it was easy to find out the basic measurment like an 1/8th of an inch. Also as the door keys had to work from both sides the key was symmetrical. Thus with a five leaver lock there was not a lot to remember to cut your own from a blank key and a needle file set.

So you would cut a rough master then go back to the building put pencil lead on the edges and try it in the lock. If it did not open the lock would leave an "impression" on the pencil lead which would tell you where you needed to fill a bit more off. Usually it only took a few minits to open the dore which suprisingly were not alarmed even though the break glasses were. I would then take the lock out and put another lock I had a key for in it's place, take the lock home "measure it up" and have it back in the door within a couple of hours.

Because the keys I made did not have "FB" stamped on them, most locksmiths would cut copies from it... (proving that putting the equivalent of the word "secret" on a key was not a usefull security measure just as it is not with documents).

So at a quite early age I learnt that much of security was purely illusory and easy to bypass..

I'm sure I can not be the only person to realise this, which begs the question of why illusory security is still going strong.

My concludion is two fold,

1, It's ment to keep honest people honest

And

2, Make it easy to prosecute idiots who walk around with "secret" lables hanging off things.

davisJanuary 6, 2020 10:01 AM

...Master-Keys have been around for centuries, and have some practicality.
But obviously have basic security risks that require additional precautions.

In this case, the USPS bureaucrats decided the risks were out-weighed by the convenience benefits to their mail carriers ... of course the risks were to the mail customers, who did not get a vote.

USPS monopoly on First-Class Mail conveys great discretion to USPS bureaucrats.

JonKnowsNothingJanuary 6, 2020 10:33 AM

In USA we have locks that are "keyed alike". Meant for someone who has a lot of locks and only wants to haul around 1 key to open them all. Think: Farmers and Ranchers.

We also have "Universal Keys" that run things like tractors, excavators and heavy equipment. Similar to "keyed alike" these keys work on a manufacture's range of equipment. Think: Earthmovers sized tiny to large.

One Key to run them all.

There are also no keys needed machinery. Push to start. Helps if you park facing down hill. Also helps if you know when to pop the clutch. Occasionally all you need is a finger.

Then there is the universal everything key: a pair of wire cutters or long handled screw driver. No key needed.

Locks are meant to keep the honest, honest.
They really don't do much for the wicked.

BearJanuary 6, 2020 10:45 AM

I had a locksmith explain to me once that there's only so secure people really want their locks to be. Sooner or later they're going to lose their key, or get locked out, or the key will get locked in, or the locked thing will change ownership but the key won't, or someone will want someone else to have access to it for some emergency purpose but won't be able to hand them the key because, eg, they're a hundred miles away, or something - so they install locks, thinking that they believe the locks are secure, but in the back of their minds they know, and are relying on, the fact that the locks can be defeated at any time if they really need to, and people get very upset if that moment arrives and they truly can't defeat the lock.

Whereupon I shrugged and said, "Mostly they're just wooden doors anyway. However good the lock, most adults who are willing to do it can just punch them off their hinges without slowing down."

The fact that so many adults - especially healthy adult men who work out - are walking around having never realized that they can just punch doors out of their way if they need to never ceases to amaze me.

The same principle applies here. Postal-box locks are crap, especially the master-keyed ones. Even lacking a master key, someone - even someone completely unpracticed with the tool - can open them faster with a rake than they can fumbling through a key ring to get the right key. They are "secure enough" because the people who can do it, ie, practically everybody, have never realized they can do it or just don't want to, and they are "insecure enough" because there are a ton of people besides the owner who have some reason or other why their job requires them to get in there or why the owner might need them to get in there.

The analogy to computers is pretty imperfect here because the way crooks operate with computers, they attack literally thousands of targets at once, without even being there taking any kind of physical effort, responsibility, or risk. With computers the security is deployed against people who know that systems can be broken into and have absolutely no reluctance, inhibition, fear, or even embarrassment about doing it.

DudeJanuary 6, 2020 11:47 AM

To create a master key you'll need just open one lock. Comparing a customer key to pins gives knowledge also about master key's pins and therefore it's easy to create teeth for a master key.

RickJanuary 6, 2020 12:16 PM

Of course the easiest alternative approach to this is to have slots for the boxes that the mail workers can use without having to open the boxes up. It’s pretty much how it works in the UK.

Electron0x63January 6, 2020 2:38 PM

@O.P.

postal thieves using a master key to open apartment building mailboxes.

It's a federal felony, or would be, except that the federal court system has been completely coöpted by the thieves.

Respondent had been served notice by U.S. mail to appear in court to answer a sexual harassment suit from the lady next door, but as per established court rules, an affidavit of mailing the service of process is considered sufficient proof that the respondent was served, and wild allegations of the theft or disappearance of mail are not a valid defense to the criminal charge of failure to appear in court, despite the evidence of lawful service of process of the summons to appear in court on the defendant via U.S. Mail.


SpaceLifeFormJanuary 6, 2020 3:21 PM

I know someone that has a lockable mailbox.

Lock has been broken for well over a decade.

No one wants to steal the bills or junk mail.

Nothing has been taken in over a decade.

Petre Peter January 6, 2020 4:06 PM

It should be easier to change the master key for key cards but we are not there yet with mailboxes.

Erdem MemisyaziciJanuary 6, 2020 6:42 PM

They went through the trouble of obtaining a master key, but thought perhaps wearing a postman's uniform was unnecessary. They clearly aren't the ones who came up with the idea.

JonKnowsNothingJanuary 6, 2020 7:06 PM

@ SpaceLifeForm

No one wants to steal the bills or junk mail.

They want the replacement credit cards, various checks that arrive regularly, bank statements and mailed official documents like US DMV driver's licenses.

Anything they can use to spoof identity. Bills work for that too: Name, address, IDs of various sorts, account balances and billing history.

In Our Town: the thieves follow 1 or 2 blocks behind the post routes. They know the day, time and what's expected in the mail.

Same technique used to work for recycling when we had 3 bins. Easy Money pickup up the cans and leaving the rest. Once you put it on the street it belongs to the city. All that was needed was to know the pick up day and get there before the truck and after the working folks left.

JonKnowsNothingJanuary 6, 2020 8:50 PM

Just to pile on the latest reasons for mailbox theft.

In the USA we are starting to see implementation of Real ID Act. This act requires at least 2 forms of alternative ID such as billing statements besides the normal Birth Cert.

A good bill is hard to turn down...


One large screwdriver is all it takes for our USA corner kiosks. A drive by pickup from the street for the few that still have door to door or rural direct delivery. I'm sure Amazon was noting their critical path analysis.

Of course it's all stored in a ginormous database...globally shared... forever and ever and ever... what could possibly go wrong...

ht tps://en.wikipedia.org/wiki/Real_ID_Act

ht tps://en.wikipedia.org/wiki/Real_ID_Act#Documentation_required_before_issuing_a_license_or_ID_card
(url factured to prevent autorun)

uh, MikeJanuary 6, 2020 11:12 PM

I had some cash stolen from a wallet locker at the gym, the kind where you take the key when you lock and it captures the key when you unlock. The lock was intact before and after the theft, and there didn't seem to be a "Master" key.

Thinking it through, what happens if someone says "I lost the key?" Well, there's a spare, maybe more than one. And after opening the locker, they don't replace the lock, so there's a key out there for that lock, and a new, identical key for future users.

So my wallet was more secure with my clothes in my locker because it was my lock, and no one else's, protecting it.

Similarly, what do you think will happen at a hotel if you ask, "I forgot the combo to the safe in the room?" Someone has a code to open it for you. How well do you think the hotel protects the code? Maybe they keep it in a locked drawer? How many people can get into that drawer?

If you're lucky, housekeeping doesn't get to see the master code. If you're unlucky, they all know it so they can change the room quickly. Your room safe only resists outside break-ins by people who don't know the master code.

DavidJanuary 7, 2020 12:59 AM

A lot of hotel code safes have a circular mechanical key for the management to be able to open the safe in emergencies. This can be secured in the key cabinets

Not meJanuary 7, 2020 4:38 AM

@Me
"Could it be that they are just raking the lock?"

Racking, as well as picking, needs lockpick and a tension wrench. Thieves were using only one hand, so it's most likely the master key. There are sets of "well known keys" and "most likely keys"*. By the way, even things like locked panels for ID card doors are often using a single key and. Google "Southco CH751 key", it's the most common OEM key in US that open up to 60% of generic drawers, filing cabinets and so on. Even some police car fleets share the same key.

Check https://www.youtube.com/watch?v=rnmcRTnTNC8 . It's about tactics of physical penetration testers and there are some good and simple countermeasures. (part about pen-testers EDC keyring starts at 30:45 )

* considering manufacturing deviations ans wear of the lock with a given key resolution, some key shapes are more likely to work for more unique locks than others or they can work with a little wiggle.

PhaeteJanuary 7, 2020 6:28 AM

Changing the master key for physical mailboxes is a logistical nightmare, which is why this problem won't be fixed anytime soon.

That's only the polite answer to stop people who don't think more then 1 step.

Man has done things a million time more complex and a million times more logistical involved then changing locks, however many.

This is typical risk management; not fixing the problem is much cheaper, as those costs come out of the pocket of the customer, while fixing it costs the company money.

Furthermore people pay to send stuff, not to receive stuff (afaik) so it might be a "legal nightmare" to prosecute for negligence.

Clive RobinsonJanuary 7, 2020 7:08 AM

@ ALL,

How many have,taken apart a cheap lock such as a padlock to see how it works?

You might be shocked to learn that most of the key is not used as part of the opening process, but only the key exclusion process. Thus most of the lock keyway is a series of cheap "static wards" not expensive "active levers". So if you know where the active lever is you simply leave that on your "skeleton key" and remove the rest of the key that would block against the static wards. Hey presto you now have a "skeleton key" that opens all locks of that type made by that manufacturer.

There is one type of padlock where this is easy to see just by looking at the lock... It looks like a stack of metal plates held together with long rivits at it's corners, and the key looks like a simple flat metal plate that has a V-fold down the middle of the key to give it a spine for mechanical strength. With the key combination made by simple slits sawn into the key at ninty degrees to the spine.

Well those metal plates are punched out by a machine press and there are only two types of plate for the warding section of the key way. One has a hole the diameter of the outer width of the key, the other has a hole the diameter of the key spine with a cut across it the width of the key. This second type of plate forms the static wards to stop the wrong key being turned in the lock. The first forms what becomes the barrel or tube of the keyway.

Most people would think incorrectly that the longer the section of the warding keyway the more secure the lock... Whilst it will give more combinations to play with the warding idea is flawed and there is a "default open" cut for each ward position that is always the same. Thus you cut your key with all those ward positions in the default open position.

To see this you need to know there are only two metal plate stampings for the warded section of the keyway, and that they are always going to be slightly visually different. Thus you can actually see the static ward pattern from the outside of the lock... So with a little time you can cut an exact duplicate key without ever having to see the key or impression the lock you wish to open...

All you have to know is where the active lever is, which you can do the hard way by buying a lock of the same type and manufacture and taking it appart which is actually not that difficult. Or the easier way because the active lever section is thicker than the static warded keyway plates thus can be observed from the outside of the lock. Or even easier just guess it's going to be right on the end of the keyway, and by buying two different locks work out where it is by simply puting the two different keys on top of each other and then cut away the area where the static wards are you end up with your skeleton key...

Most other low cost padlocks have similar issues where working out how to make skelton keys for them can be seen by having knowledge of the lock and seeing the outside of the lock you wish to open.

The reason for this is "mechanical bind and slop" the more precision in machining the parts of the lock not just the more expensive it is going to be, but the more likely it is the lock will bind up. Thus the more slop the manufacturer adds the less likeky the lock is to bind up in the field. But slop is a lockpikers friend, as it gives more "feel room" or "wiggle" to feal locking levers and pins into place.

Which has an unfortunate side effect for the consumer. Because less slop means tighter tolerances in machining and beter quality materials it means much higher manufacturing price. However as the lock design is in effect the same that extra price realy does not buy you anymore security...

This problem is also true of very high security mechanical locks, better materials might make "drilling" a lock or similar more difficult but it does not increase the security of the actual design. To increase the mechanical security of the design usually makes bind and wear more likely, thus the lock less reliable mechanically...

Yes that means there is a very definite issue in that for locks to be reliable there are wuite hard limits on what level of mechanical security can be offered.

But any design with "static wards" is going to be only superficialy secure because they have a default open cut that is known. Thus the actual security falls to just knowing where the opening lever is in the keyway. So you cut a key where all the warding positions are "cut to the default open" and only the positions where the opening lever is are left uncut. So the number of warding positions realy is irrelevant...

If you want a "programers note" explanation look at it each ward position as being effectively an "Inclusive OR" gate where cutting out the ward or cutting out the key gives an "open" rather than the position acting like an "Exclusive OR" where there is no default open state.

Thus such locks realy are "security by obscurity" at best, and effectively "no security" against anyone with eyes, a brain and a little basic mechanical knowledge which I've now given to those reading who did not know it. But as it's fairly common knowledge, I suspect some readers here already knew it or would have realised it if they thought about it for a few minutes ;-)

But importantly the knowledge whilst given for a specific lock type is way way more general and applies to many lock types not just those that use "fixed wards".

Thus the take away lesson if you like, is when buying a lock, price is not realy a guide to it's security, but knowing it's internal design is... Which the "programers note" also tells you the same logic applys to way more than locks be they mechanical or electronic, it also applies to encryption and other information security practices such as "Human engineering" where there is no effective penalty for "testing" the security system.

RussJanuary 7, 2020 1:19 PM

Follow LockPickingLawyer on Youtube and you won't trust any lock anymore.

Years ago when I lived in San Jose we were told the USPS had lost their master key and our condo complex mailboxes were affected. I don't think they ever updated the actual lock on those boxes.

I wasn't affected because I rented a drawer at the local post office.

SpaceLifeFormJanuary 7, 2020 3:00 PM

@ Clive

You diss Masterlock, rightly, but they are actually tough to beat with a bolt cutter.

SpaceLifeFormJanuary 7, 2020 3:13 PM

@ Not me

Speaking of wear...

Reminds me of electronic keypads.

Over time, the keypresses will leave an 'impression'.

So, the attacker can *SEE* the digits needed, which reduces the keyspace.

vas pupJanuary 7, 2020 4:30 PM

@davis • January 6, 2020 10:01 AM
I agree with your statement:

"USPS monopoly on First-Class Mail conveys great discretion to USPS bureaucrats."

Sounds very reasonable.

@ Moderator:
SpaceLifeForm • January 6, 2020 12:29 PM is right! I wish you are so tolerant to my relevant to the blog posts as to that trap. :)


mostly harmfulJanuary 7, 2020 5:11 PM

@Moderator: @SpaceLifeForm and @vas pup urge you to remove this post, which is such comically obvious spam it is almost beautiful to look upon and compels one to reach out and touch it despite being OH IT BURNS IT BURNS.....(helpppp).

Clive RobinsonJanuary 7, 2020 11:01 PM

@ SpaceLifeForm,

You diss Masterlock, rightly, but they are actually tough to beat with a bolt cutter.

I did not mention any manufacturers on the "No name, no pack drill" principle. But "If the cap fits" and quite a few do as I believe the patents have long expired...

However I did mention the locks made with beter materials are harder to drill, but cost a lot more conundrum.

Security like life is a series of trade offs, the real problem is the "hidden hand of the marketplace". To be able to make valid trade offs you have to be aware of all the implications.

In the locksmithing world there is a "Guild secret" mentality which would put magicians to shame. That is they try to keep many known weaknesses secret from customers, including using lawyers etc.

Take "split pin" locks that support "master keys" the manufacturers and locksmiths that sell such locks fail to tell you something that you will say "that's obvious" when told.

Lets assume you have five pins in the lock barrel each with only one cut. No matter how many hight combinations there are for the key, only one key profile works in that lock barrel. Which is what most people would expect of a lock.

But if you put two cuts in one pin you now have two key profiles that will open the lock. Which is what a customer who wants a master key would like to hear. What they perhaps don't realise is that they can only have a very few locks that work with that master key because there is only so many places you can make the second cut in the pin. The side effect of this is often the "master key" cut is at the top or bottom of the pin, thus leaking a little information to a lock picker.

But when you put two cuts in a second pin you now have four key profiles that work in the lock. That is for each extra pin with two cuts in it the number of key profiles that will open the lock doubles up. Therefor with five pins there are thirty two profiles that will open the lock, which is not what most people would want to hear.

Worse because of the likely hood of one of the cuts being at the top or bottom position of the pin, some manufactures "master key locks" used to be "all opened with one of two keys" either a key cut to the top cut or a key cut to the bottom cut...

Word got out about this quite some time ago last century so manufacturers and locksmiths jiggled things around a bit to cover this failing up a little bit. But as a general rule "master cuts" tend to be in the same place on the pins with the second cuts being used for the combinations to give single room keys. This is because it makes cutting of hierarchical master keys as used in multi floor hotels and offices easier to manage and maintain. Oh and much easier for pickers etc to make the master-master or "golden" key that even the hotel or building manager might not have...

Clive RobinsonJanuary 8, 2020 6:27 AM

@ ame,

How do you send a letter securely without using a computer or mobile phone?

The personal computer and mobile phones are relatively new from maube the last decade of the last century, though smart devices are this century.

Mankind communicated privately for centuries and millennia before that.

Whilst we don't shave slaves heads any more, the principle still applies in stenography. Likewise we don't wrap pieces of parchment around genetals batons as an early Ceaser was alledged to have done.

If real security is what you want then it can be yours as it was in times past with pencil paper and a few dice and a lot of laborious work.

All you have to do is,

1, Make One Time Pads.
2, Find a secure way to transport them to the person you wish to communicate with.
3, Have some way to stop that person leaking either the keys or plaintexts.

Arguably the third is not possible, the second unlikely in this modern world, and as for the first just way to much work for everyone... But you can do it if you want to.

There is howrver no reason why you can not use a PC or phone to communicate. But to do it securely you have to seperate the communications from the security function so that the security function is not reachable by an attacker via either the communications channel or some other route be it physical or energy.

So as the first party in a secure message exchange you could have one computer that is "energy gapped" and physically protected always, on which you have the security function which turns the human readable "plaintext" into secure "ciphertext". You then need a secure mechanism by which you take the ciphertext across the energy gap to a second computer or smartphone that is the end of the communications channel. At the other end the second party does the opposit.

However there is a fly in the ointment. It is possible for a message to also be malware, which you will not know untill it's ciphertext has become plaintext on the energy gapped computer potentialy infecting it (think hidden malware in PDF's, image files, word processor documents etc). So the only files you should send are "plain ASCII text" using CVS or similar human readable format to transfer data. You therefore turn the ciphertext to a plaintext and scan it in various ways to find potential malware.

But no scanning process is perfect. Which is why some years ago several people then frequent posters on this blog talked about how to reduce the problem further whilst still making it usable.

The result was Markus Ottela started "Tin Foil Chat" now know more commonly known as "TFC". It has pages up on GitHub that you can read a lot lot more on not just TFC but how it works and the threats / attacks it was designed to stop,

https://github.com/maqp/tfc/wiki

vas pupJanuary 8, 2020 1:43 PM

@all:
Are there really temper evident mechanical locks (whatever design)available on the market?

Is it good idea e.g. get (bring in the luggage from overseas - not China for sure) lock for your home, garage you name it let say manufactured far outside of US and never ever mass sold here so master key is not so easily available for any culprit (any person try to get access without your knowledge/permission or court order).

By the way, now all locks are just considered as delay access devices, not temper proof ones.

SpaceLifeFormJanuary 8, 2020 4:04 PM

@ vas pup, Clive

With current technology, I believe it is possible to create an electro-mechanical key (battery driven), that can open *ANY* lock.

More expensive for a Bi-Lock, but doable.

A Super Master Key.

Clive RobinsonJanuary 8, 2020 6:35 PM

@ vas pup,

Are there really temper evident mechanical locks (whatever design)available on the market?

Yes there are tamper evident locks on the market, they are used by amongst others lorry drivers.

In effect they are a fairly normal lock which has an addition where by you loop in a plastic tag with a serial number on it. The lock hasp can not be opened with the seal in place. Therefor to open the lock you have to break the seal which is designed in such a way that any attempt to cut it etc is very obvious. One such is where the seals are made of an orange thermo setting plastic with black heat stamped serial number, if you even slightly stress the plastic it turns white on the stress lines, it also appears related to the hard plastic they make super-glue bottle caps of in that super-glue does not bond with it.

If you think about an ordinary padlock with a U shaped hasp, when you close the lock it has to go down about half a centimetre or so into the lock on both the pivot side and the latch side. If when you had closed if you glued a piece of paper along the side of the hasp down the side of the lock, the lock can not be opened without somehow removing the piece of paper. Providing you use a glue that bonds strongly to the metal of the hasp and the lock body, then the piece of paper would show signs of having been tampered with.

Another way is when the lock is closed you drill a hole on the pivot side through the lock body and the hasp, in one side and out the other sufficiently large to pass a thin multi stranded wire through. When the lock is closed the holes line up and the wire can be pushed through and folded back so a softer metal bushing can be crimped by a tool onto the wire, sufficiently that the soft metal partly flows into the wire strands (very similar to security seals used on electricity meter case screws). As long as the wire goes through the body and hasp, the hasp can not raise up sufficiently for the latch side of the hasp to clear the lock body. Thus to open the lock the wire has to be removed which involves cutting it or trying to pull it out of the crimped bushing. Either would be visually obvious.

So you can make a lock relatively simply that will be to difficult to open without leaving marks on the seals. So you might think it was "game over", "job done", but you would be wrong. People smugglers are getting smart. Some have developed attacks not against the lock but the steel wire used to hold the curtain sides of some container bodies closed. Even though these steel wires are three or four milimeters thick with a clear plastic coat another milimeter or so thick...

From what I am told one attack is to cut the plastic around the wire and carefully move it back some distance down the wire. Then the wire is cut several centimeters back from one side of the cut in the plastic. The wire is then pulled back through sufficient eyelets that those they are smuggling can then slip in under the edge of the side curtain. The curtain is put back and the wire thredded back through the eyelets. The wire is then carefully unbraided in a way that makes a coaxial stepped junction that is about a centimeter long the two ends are then mated with glue and a wire splice and then the plastic cover is slid back and also glued. Apparently the result of this is not that easily seen and requires an experienced eye to spot.

Back when I used to be a racing Yachtsman (sailor) it would take me a good hour to make a neat and strong wire splice in 3mm wire and I'd curse every small mistake that made a hole in my fingers, and there were many people given an education in cuss words ;-)

Apparently there is an evidence video from a ferry cargo deck where the smugglers do everything in under ten minutes, which involved getting something like fifteen people along with small bags inside the container... Admittedly their join did not have to be particularly strong, but even so that's still quite a feat.

Ultimately though the point is if you make the tamper evident lock to good, those who want to get in will just move their attack point to somewhere else where there are not tamper evident seals etc. That is they decide where the "low hanging fruit" attack point is not you, which means you are unlikely to have tamper evident seals etc there.

vas pupJanuary 9, 2020 4:41 PM

@Clive: Perfect! Thank you!
That is good to be notified when somebody get into your apartment/house without your knowledge/permission, i.e. even from outside you could find out that somebody already in now or was in before even when door is closed and locked (versus how it is portrait in Dick's Wolf TV serials.
My friend - investigator with Soviet Ministry of Internal Affairs - told me many years ago that the most danger I coming not from something was taking from your home (even invaluable items like family photos, etc.)but from what was PLANTED in your home without your knowledge. That is real danger coming from for "any the most honest French man who wrote five lines of text" - you know what is quote related to. :)

Not meJanuary 13, 2020 4:54 AM

@SpaceLifeForm

And your reply remind me smudge attack on not-so-locked smartphones :-D

Clive RobinsonJanuary 13, 2020 7:47 AM

@ SpaceLifeForm,

Fitst off an appology for not getting back sooner, I've damaged the rotor cuff in my other shoulder, of the dominant hand, and it's making typing even on a smartphone screen more than a little unplesant. Worse as I walk on sticks I'm house bound, and would if I could be "climbing the walls".

With regards,

With current technology, I believe it is possible to create an electro-mechanical key (battery driven), that can open *ANY* lock.

Whilst locks have certainly been openable with just magnets in the past and other locks have fallen to motorized "pick guns" and "Newtons keys" and their simpler cousins "bump keys" and similar attacks there are ways to stop the attacks if you "think hinky" and design it in.

Take the first case of magnets, most electronic locks that run off of batteries don't work the way most people would think.

That is the energy to pull back the latch does not come from the battery, but by the human turning the handle.

When you pull electronic locks of this type appart you usually find their are two distinct sets of mechanisms, one for the door handle rotation and one for the latch pull back. Joining them is a simple "pull in cog" gear chain or "clutch plate" which are "normally open" so you can spin the door handle as much as you like because there is no connection between the two sets of mechanics.

When the electronics is activated a small low current solenoid either pulls in the cog or closes the clutch plate thus conecting the two sets of mechanisms together so that turning the handle causes the now pulled in cog/plate to turn the latch mechanism pulling the latch back out of the strike plate and door jamb.

The problem with solenoids especially low current ones is that any correctly aligned magnetic field be it from current through the windings or from a sufficiently powerfull external magnet will cause it to "pull in".

Thus as described the lock is vulnerable even if you put in magnetic shielding. Because shielding never stops the unwanted field, it only attenuates it to a lesser or greater extent (which is why if you want rid of the earths magnetic field in an experiment or high sensitivity instrumment you balance it out with linear field Helmholtz Coils). Thus if you are not smart you enter a battle between the thickness of expensive shielding and ever bigger rare earth magnets. Which in most cases the lock designer will lose.

And rightly so, because the lock designer is not "thinking hinky", or even sensibly about the lock design.

Logically if you have a normally open mechanism that pulls in a cog or plate under a magnetic field, you can invert the state and have one that is normally closed that pulls out a cog or plate under a magnetic field. If you put them a small distance appart and orient them orthagonaly to each other then the solenoid will only actuate the "pull in" whilst any external magnetic field will actuate both thus pulling out the other cog or plate disabling the link between the handle and latch mechanisms.

A similar stratagie applies to all the other types of attack, you just have to be able to recognise an attack type characterize it and apply an appropriate defence.

The problem of course is two fold firstly we don't know all the instances or even classes of attack, thus defending against the unknown is to a certain extent probabilistic[1]. But importantly except in rare cases you can not aford to design against all classes of known attack, but even then due to the nature of things mechanical there will be ware, bind and slop working in an attackers favour giving rise to edge and corner cases they can then use as toe holds. But in most cases attackers won't bother they will find some other attack such as "jacking the door back" or more simply going up and over the room walls via the ceiling crawl space in office blocks etc.


[1] As a designer you can tip the probabilities more in your favour by makeing each defence measure "generic" and relate to one or more classes of attack, not "specific" to individual instances of attack.

SpaceLifeFormJanuary 14, 2020 4:24 PM

@ Clive.

Thank you for response. Hang in there.

I was thinking about something like

hxxps://www.ukbumpkeys.com/collections/pick-guns

But, that can work on a Bi-Lock.

I doubt the tools available can deal with a Bi-Lock. Maybe they exist. I actually don't really care other than to know if a Bi-Lock can be defeated with an electro-mechanical key. I am not the attacker. I am the defender.

But, that said. Yes, Defense in depth.

Clive RobinsonJanuary 14, 2020 8:04 PM

@ SpaceLifeForm,

I remember the Bi-lock being mentioned before, and I looked up the design.

From what I remember whilst it used pins none of them were split, they had holes into which a side bar had to be pushed by the key but only when fully inserted.

I know locksmiths won't like me saying it but "pick-guns" especially the electronic ones are ment more for the inexperienced not skilled.

I don't think those that need to use pick-guns would be able to get them to work on the Bi-lock. However Untill I get my hands on a couple of Bi-Locks to pull apart etc I could not be certain, but the cut-away drawings I've seen would suggest they would require someone quite a bit more than just "skilled" to pick them.

That is I'm not saying they are pick proof --I don't think any mechanical lock is-- but unless they have a design flaw that's not obvious on "artists impression" "cut-away drawings" they will take skill and time.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.