True confessions of a lockpicker
There are lock companies and locksmiths that do not like Deviant Ollum. Mostly because he’s figured out their secrets and is willing to tell everyone.
Ollum, a network engineer and security consultant by trade, opens locks
in his spare time – and not with their intended keys. Whether it’s with
filed down keys, Bic pens or mangled beer cans, Ollum finds a lock’s
weakness and exploits it.
At the SECTor conference in Toronto recently, Ollum demonstrated how
it’s possible to cut and fold a section of flattened beer can into a
“shim” – a slender device that can be slid into the opening mechanism
of a padlock and easily pop it open. Likewise, the blunt end of a Bic
pen can be jammed into the keyhole of a Kryptonite bike lock and made
to open with a few jiggles and a twist.
These are parlor tricks compared to some of the techniques and tools
that pickers like Ollum can use to open industrial strength locks, high
security locks and even access control doors with mag locks.
The reason Ollum does these things is not necessarily to irk lock
company executives, but to make the industry as a whole more vigilant
and produce safer products. After all, if he can circumvent a padlock
in seconds, so can any number of criminals.
To their credit, some companies take the lockpickers’ claims to heart
and improve their products, says Ollum. For example, the Kryptonite
Corp. updated their locks’ design after videos of the pen circumvention
were posted online in 2004.
But just because an updated product is available, it doesn’t mean
people will rush out to buy it. “Old stuff remains out there in the
world, especially in the lockpicking world,” he says.
Ollum argues that people aren’t apt to replace their locks because they
tend to last a long time. They may be resistant to bolt cutters and
brute force by dint of their size or the material from which they’re
made, but this line of thinking tends to lull people into a false sense
of security: big locks can still be shimmed or picked if they’re of an
older or inferior design.
The worst kind of lock is a “warded” lock, says Ollum – a very old and
basic approach to locksmithing that uses a set of obstructions, or
“wards,” to keep a lock closed unless the correct key is inserted and
turned. Cheaper padlocks often use this type of design.
Despite the fact that these lock are relatively easy to pick, “I see
these a lot outdoors, like on telco equipment, access panels,” he says.
“I’m not knocking the existence of these products,” adds Ollum. “You
can lock up your $10 garden implements with a $10 lock. You don’t want
to spend more on a lock than what you’re actually protecting, but don’t
put this on your telco equipment that services a fibre backhaul. Keep
everything in perspective.”
A great many locks can be defeated through a technique called
“bumpkeying.” A bump key is a filed down or specially-designed key that
can be inserted into a lock cylinder. One bump key should work for the
locks made by the same manufacturer.
Bumping is a relatively simple procedure, says Ollum. “It exploits very
simple physics and does not require that degree of finesse and training
that other tactics use.”
By applying pressure (a tap or “bump”) to the bump key, the pins inside
the lock can be made to jump up simultaneously, freeing the cylinder
and allowing the picker to quickly turn and open the lock.
The technique is so effective that a number of well-known lock
manufacturers (ABLOY, KABA, EVVA, Medeco, Schlage and Kwikset among
them) now produce locks that they claim to be “unbumpable.”
Schlage’s Primus system, for example, uses an sidebar design on its
keys and an added set of pins in its locks that must be separately
activated by side millings in the key.
But there are other lock picking techniques that are so simple,
manufacturers tend to not even acknowledge them. For instance, a DO NOT
DUPLICATE notice on the top of a key can easily obscured by placing a
50-cent plastic keycover over it.
Some manufacturers are even complicit in making their locks less
secure. There are often short serial numbers printed on the top of a
key: these correspond to the depth of each tooth, or bitting, on the
key’s blade. A lockpicker can easily use that information to make a
duplicate key, says Ollum.
Lock companies could be more diligent about correcting these mistakes,
he says, “but you don’t see this happening, because someone in a board
room says, ‘This is going to cost us X cents per unit, and here’s our
quarterly figures, so let’s not do it.’”
People who wish to keep their belongings safe and their buildings
locked need to do their homework, says Ollum. There are very secure
locks available for people who are willing to invest in them. And
sometimes a locksmith can be your best friend.
“Locksmiths are good people,” says Ollum. “We don’t like to knock them
in terms of their trade. They tend to honest people. If you ask them,
‘I really need a nice, high security padlock that’s hard to cut and
please don’t let it be shimmable,’ they’ll show you these locks.”