Among the many wild and wacky events taking place during the annual Defcon computer security conference is the timed Lock Picking SkillZ event; lock picking hobbyists from around the globe descend on Las Vegas every year to participate in this very interesting event and great fun is had by all.
Almost all, that is. Far less fun is had by the major lock manufacturers as they watch their over-hyped “high security” locks fall at the hands of self-taught amateur locksmiths, who try to open as many locks as they can in the shortest amount of time. At last year’s event, an eleven-year-old girl named Jennalynn (last name withheld by her mother) caused many a jaw to hit the floor as she opened one of the most popular locks in the country (made by Kwikset) in about five seconds. Much harrumphing and cries of “foul” came from lock manufacturers as they tried to discredit Ms. Jennalynn, divert attention from what had happened and, I general ignore the event. Security professionals around the world, however, were horrified.
Jennalynn returned this year to Defcon at the ripe old age of twelve. She’s been practicing.
One talk that I attended while at the conference was titled, “High Insecurity: Locks, Lies and Liability.” Hosted by security experts Marc Weber Tobias and Matt Fidler, the talk focused on the world of locks and lock bypass methods. Special attention was given by these experts to so-called “high security” locks, and the false sense of security that most people have due to over-blown marketing claims made by lock manufacturers. The terms “high security” and even “ultra security” are essentially marketing fluff based on meaningless standards that ignore real-world conditions.
Also featured at the talk were lock bypass methods that were both hilarious and deeply disturbing at the same time. We watched the $400 Codelocks CL-5000, complete with fancy electronic keypad and impressive hardware, be easily opened by doing nothing more than poking a wire inside of a tiny hole in the bottom and wiggling it around. Do you think that a Kwikset “Maximum Security” lock sounds good for your needs? It can be bypassed in less than 30 seconds. We watched hotel-room safes opened with nothing more than a screwdriver and a paper clip. We watched an eleven-year-old boy remove a Project Childsafe gun lock from a rifle in about 10 seconds, the same gun lock that is distributed by sheriffs and police departments around the country (including Norman). And then, Jennalynn was introduced.
She’s been practicing since last year’s conference, and at Defcon she turned her efforts to “high security” locks, such as those made by Medeco, the lock company said to be responsible for seventy percent of the lock market. She called her lock picking hobby a “mind sport that I can do on my own time.” And, guess what? Little twelve-year-old Jennalynn can open a Medeco high security lock in less than one minute. I saw it with my own eyes. This is the same lock that is used in the White House, the Pentagon and millions of businesses around the world.
The problem with “high security” locks is not that they are shabby products, because, by in large, they are quite well made and suitable for many purposes. The problems are the lies put forth by manufacturers when they claim that their locks are “pick proof,” the poor standards to which lock manufacturers must adhere, and a trusting public that thinks these locks provide them with the best possible protection. Granted, most crooks don’t have advanced lock-picking skills. On the other hand, if a twelve year old can bypass the locks that are used at the Pentagon, what do you think could be done by a determined criminal? For more information, visit in.security.org.