The Lockdown: Locked, but not secure (Part 2)
By Marc Weber Tobias 
posted August 25th 2006 3:24PM
posted August 25th 2006 3:24PM
Noted security expert Marc Weber Tobias contributes a new column, The Lockdown, exposing the shoddy security you may depend on.
Locks that are not at risk
In yesterday's column, I set up key bumping -- what it is, how to do it, what it means for most anyone who relies on a lock for their safety and security. Now, let's get into generic locking mechanisms that cannot be bumped. There are several and all share a common trait; none of them have a split set of moving components, like pin tumblers do. Thus, warded, lever, wafer, magnetic, and disk locks cannot be bumped open. (Neither can laser-track vehicle locks, as they're really made of sliders, disks or wafers.)
Warded locks are used in cheap padlocks and old hotel room doors. They are neither secure nor very prevalent.
Wafer locks are used in many low security applications, mainly on cabinets, desks, showcases, inexpensive padlocks, alarm panels, vending machines, elevators, filing cabinets and many other venues. Interestingly, they can be easily picked but are immune to bumping.
Lever locks can be found on blue postal collection boxes and access for groups of mailboxes and key keepers in apartment complexes that are accessed by the postal service. They are also the primary lock for safe deposit boxes and high security safes and vaults, primarily in Europe and other countries. Again, lever locks cannot be opened by bumping but may be picked and decoded.
Disk locks, such as employed by Abloy, likewise cannot be bumped. Their internal design resembles a combination lock and they can be very secure, although there are decoding tools for some models. Like Bic pens.
Locks that employ sliders, such as the Evva 3KS are immune from bumping. I note the 3KS which is produced in Austria and very popular in Europe. This and similar slider locks are particularly secure against most forms of attack. Similar technology is employed in several automobiles.
Locks that are at risk
What are the types of generic locking mechanism that can be opened by bumping? The answer is simple: almost any conventional pin tumbler lock. So what does that mean? Virtually any lock that employs split pin tumblers can be rapidly compromised by bumping. That list would include low to high security conventional designs, but what does "conventional" mean? It denotes any pin tumbler mechanism that does not employ secondary locking systems, such as sidebars. Remember that sidebars in and of themselves do not prevent the lock from being bumped; they just may make it more difficult and require additional information. It all depends upon the mechanical design of the lock.
As I stated earlier, any pin tumbler lock that utilizes two or more moving pins within each chamber is at risk. Door locks, post office locks, file cabinet locks, access control override locks, and padlocks. All of them can be bumped if you have the key that will fit the keyway and has been properly cut to all "9"s. Are there exceptions? Yes. Can every conventional lock be bumped open? No, but statistically, a very high percentage can. As detailed in my white paper, there are complicating factors which may make the process difficult or impossible.
You may be asking if conventional lock manufacturers have implemented designs to stop or frustrate bumping. Might these include measures such as the use of security pins (mushroom, spool, serrated or other designs), increasing the number of pin tumblers within a given cylinder, employing removable core locks, or increasing spring bias on some or all of the pins? What about making one or more of the bores shorter than the rest? How about employing interactive elements like are used by Mul-T-Lock? Don't worry if you don't know what any of that means, because the simple answer is that none of these countermeasures are really effective. There have been some patents granted for anti-bumping pins, notably to Moshe Dolev, the co-inventor of Mul-T-Lock in Israel, and to Evva in Austria. Some locks do have anti-bump technology, but some of these schemes can often be defeated. In fact, my original White Paper on this subject has been revised after I did extensive testing on some cylinders and found that what was believed to present an obstacle to bumping in fact did not. So, the short answer is that not much is effective against the problem, unless you utilize certain high security mechanisms.
High Security Locks that are Resistant to Bumping
Most high security locks employ secondary locking systems to add another layer of security. Sidebars are the most common design. Without going into a great amount of detail, a sidebar prevents the plug from rotating unless another separate locking system is actuated by the correct key. Secondary locking may take many forms, which are described in detail within my book. For example, Medeco was the first in the United States to introduce high security pin tumbler locks more than thirty-five years ago. They employed a revolutionary design concept: a lock that utilized pin tumblers that required both lifting (as in a conventional lock) and rotating to the correct angle.
In 2005, Medeco introduced a new innovation into their locks: a slider that was controlled by the forward movement of the key upon its insertion into the plug. This product is known as the M3. Although the purpose of this design was mainly to enhance key control and to extend their Biaxial patent, it can also add security to their cylinder. Medeco locks are not bump proof if you have prior intelligence about a specific lock. As documented in the latest edition of LSS+, even the M3 can be bumped, as associates and I have demonstrated on a number of occasions -- but the issue is repeatability and prior knowledge regarding the sidebar code. However, having said that, Medeco does offer other options, including their ARX pin, that make their locks extremely secure against all forms of attack.
Schlage Primus (above) also utilizes a sidebar design which accomplishes the same security result as Medeco and other manufacturers but in a very different way. The Primus, like the Assa (both of which were invented by Bo Widen in Sweden), utilizes an added set of pins that must be separately activated by side millings in the key. Both locking systems (conventional pins and finger pins) must be properly set by the key before the lock can be opened.
Can the Primus lock be bumped open? Some locksmiths have provided random reports of bumping open the Primus but none have really been verified and consistently repeated. The mechanical design of this lock will make the process extremely difficult, unreliable, and realistically all but precludes bypass in this manner. Actually, the Primus, which is also UL 437 rated, goes one step further than Medeco in its design; there are conventional pins that must be lifted as well as the finger pins which must be separately lifted and rotated. So, one might consider that there is actually an additional level of security in this lock, as compared to Medeco. The fence-gate tolerances of the finger pins all but prevent bumping because they will not tolerate any forward movement of the key which is required during bumping. Is it impossible? I never say never, and in isolated instances with certain finger pin combinations, a lock might be compromised but I would not count on it. Primus is, in my view, is quite secure against this technique.
The design of the key is one of the critical differences between Primus and Medeco. Whereas Primus separates the functions of the sidebar from its traditional pin tumbler mechanism, Medeco does not and integrates the two. In my view, Primus offers a higher level of security against bumping, but Medeco is more secure against picking.
So, does UL 437 or ANSI 156.30 (the certifications that denotes a high security cylinder) mean that the lock cannot be bumped open? Not necessarily. My associates and I have opened certain cylinders in the U.S. and Europe that ostensibly should have been immune to the technique. As we test different locks, we are constantly surprised by the results.
So, what about other high security lock designs such as Assa and Mul-T-Lock? We have bumped open some models of these brands, as well as other manufacturers, but there is a caveat to all such claims. The repeatability and reliability of the ability to open these locks is not high in many cases. Thus, they might not pass the 3T-2R test that I described earlier.
In a later column, I plan on exploring the differences in the popular high security locks in the United States. There are definitely pros and cons to the designs employed by the major manufacturers. But the bottom line is that certain high security locks can make bumping extremely difficult; others not. While I am not in the business of endorsing products, you might logically ask what I have on my home, office and evidence storage area? Medeco and Schlage Primus for my residence, and the Evva MCS and Primus for secure evidence storage.
Notes on reader comments to the original article on Engadget
There were many comments to the original article on bumping. I thought it might be helpful to answer some of these in summary fashion because there were certain misconceptions that should be clarified. Here goes!
Bumping is a real threat. If you have conventional pin tumbler locks, they are at risk. Statistically you may be safe unless you are targeted. If a burglar wants to bump open your locks and you have pin tumbler mechanisms, then there is a high probability that your lock can be compromised.
Readers complained that this material will educate the criminals, but I doubt it. They are already well aware of the technique. The consumer needs to understand the risk so they can decide whether they wish to accept it or install better locks. There is no security through obscurity -- or as I prefer to call it, ignorance. There are no more secrets! The internet took care of all of that a while ago. I see no ethical bar to disclosure, In fact, quite the reverse. Failure to warn the public leaves them vulnerable and ultimately does them a disservice.
You get what you pay for when buying a lock, usually. Even some really good locks can be opened by bumping, so you need to learn which ones are vulnerable. In the Netherlands, the report can be found on toool.nl. We are working on the equivalent rating for locks produced in the United States, and will be releasing it shortly on my.security.org.
Although locks are a primary defense, you need security in depth. This means layers, like locks, alarms, cameras, guards, fences and other measures. It depends on what is to be protected and what is at risk. Locks should not be the only measure of protection.
There are insurance issues when there is no sign of forced entry. You should definitely check your policy to determine what is covered and what is required to prove a loss, because bumping often leaves no trace of illegal entry.
Where are the locksmiths in all of this, and is this just a scare tactic on their part to generate sales? Well, this matter was not brought to the public's attention by the locksmith community. In fact, many of them would prefer that nobody knew about it at all. Many locksmiths that I deal with were really unaware of the technique or of the security ramifications. In the United States, it was not their fault; there was a lack of publicity, in contrast with Europe. Barry Wels, Matt Fiddler and myself, through a series of high-profile lectures and interviews, have brought this to the attention of the general public in the United States within the past few months. In December of 2005, I began meeting with the US Postal Inspection Service to bring the problem to their attention long before publishing any report.
Many locksmiths have been aware of bumping for a long time, but not as a viable means of bypass. The locksmiths also have a problem disclosing the issue, even if they wanted to. They are prevented by ethical rules from disclosing security vulnerabilities other than in broad terms, except to other locksmiths or security professionals. That is a real problem for them, although some will disregard such rules to protect their customers. Yes, the locksmiths could increase their sales by taking a public stand on bumping but most have not done so. From my perspective, nobody has encouraged them to do so, and many are loathe to disclose any vulnerability that could place their customers at risk. Although I understand the perspective that many locksmiths advocate, I do not agree with it, and have argued the point with ALOA, their professional trade organization of which I have been a member for many years. I believe in a policy of full disclosure with regard to vulnerabilities; an educated public is the best security measure. If a piece of hardware of software is vulnerable, then everyone should know it.
Yes, locks do matter in protecting a residence. Many burglaries are crimes of opportunity. If the locks prevent bumping and that is the chosen method of attack, then the burglary may not occur. There are many break-ins where there is no sign of forced entry. Was bumping the culprit? Nobody knows, but why take the chance?
My view is that pre-cut bump keys should not be sold through interstate commerce except to locksmiths, law enforcement, security professionals, academic researchers, and others with a legitimate need. I have suggested changes in current federal laws to prevent such trafficking.
There are other serious vulnerabilities in mechanical locks that I will address in later columns. The compromise of master key systems is one of them, and may be more dangerous than bumping.
Although one can argue that bumping locks is not quite as simple as portrayed, the security threat paradigm shifts If a pre-cut bump key is available. Yes, there can be complicating factors, but at the end of the day, the lock will probably open with the correctly cut bump key.
Damage can occur to pins and springs if the lock is bumped repeatedly. However, there are usually few if any forensic traces, especially if the lock is opened in less than five strikes. I am often able to turn the plug with one or two blows. There are also ways to mask the fact that bumping has occurred at all. This may pose a serious problem for insurance companies who need proof of loss in order to substantiate and pay a claim.
One of the posts indicated that enough force was required that would break the glass in a commercial metal door frame. That is not true. In fact, depending upon the lock, little force may be required, and in any event, never to the extent that would break the surrounding glass on a metal door frame.
As to the required training, I think the video and photograph of the eleven year old girl speaks for itself. This is not security. The question I posed to the attendees at Defcon was just exactly what the term "security" or "maximum security" represented in packaging and advertising? Does it mean than a ten year old cannot open these locks, but that an eleven year old can? Not very comforting, is it?
There were a couple comments from locksmiths, stating that bumping was not quite so simple. Again, this is in part correct to the extent that a key must be properly cut for the correct keyway. This is not particularly difficult. In the latest version of LSS+, Barry Wels demonstrates the ease with which a key can be prepared. We were sitting in a hotel conference room in Amsterdam. He brought a key and a file and a small vice. That was it. In less than a minute, he prepared a bump key and proceeded to open a new lock. I view the real problem as pre-cut bump keys. No, most burglaries do not involve picking locks or other forms of bypass, but that may change if legislation does not stop the trafficking in bump keys. Most locksmiths would never cut a bump key for a customer unless there was a very good reason. So, unless the individual wants to make his own, then the other option is to secure them through interstate commerce, usually via the internet.
Bumping presents a special security risk as compared to picking and other forms of bypass, because of the 3T-2R rule. It is, as I have shown, literally child's play to open many locks.
A bump key is not a rake pick; far from it. The process is entirely different. And, contrary to the reader comments, torque is always required.
The comment was made that "there are no mechanical locks that cannot be picked." This is not really true, although it sounds good. For example, I would challenge any reader to open the Evva MCS or the Abloy Protec, for example. Medeco and other high security cylinders are always targets. Although the Medeco biaxial and other locks have reportedly been picked, these instances do not tell the entire story, nor in my view are representative of the security of these locks. Most locks can be randomly opened if a number of factors happen to be present. There is a vast difference in being able to open one lock and opening a vast majority of the locks reliably and repeatedly. The same goes for claims of bumping these cylinders. Statements on web sites that Medeco, for example, can be picked are misleading. That is why I noted several disclaimers in my white paper, which have now been adopted by several lock picking sites as being the responsible way to report bypass successes with different cylinders.
A reader stated that if there is no key, then there is no picking. He was going to employ a complicated system to ensure the security of his residence through the use of computers and remote control through his cell phone and other various devices. Just let me know where he lives. This all sounds good, but it is neither practical or in the end, secure. The real answer is to buy better locks employ tested layers of security, not to dream up all of these technical obstacles that will be compromised or will fail.
A reader asked if anything was accomplished by all of the publicity about the insecurity of locks? Haven't we just educated the criminal? My answer: the more knowledgeable the consumer, the more secure they will be. Not everyone can afford high security locks, nor do they need them. But they do need to know the threat so they can decide whether to assume the risk.
Some locksmiths have known about bumping for many years. However you might be surprised at the number that were not really familiar with the newer technique.
With few exceptions, any key can be made into a bump key, although for some of the high security locks this statement must be qualified. In some cases, such as Schlage Primus, presently the statement is not true. Even if you have a 999 key with the correct side milling, the lock cannot be opened. This, by the way, is one of the interesting distinctions between Medeco and Primus which will be explored in a subsequent article.
Restricted keyways do not provide any more security against bumping, so long as a key that fits the lock can be obtained. This also brings into question the security policies of corporations that take locks out of service and do not account for discarded keys, because any of them can be made into a bump key. The critical issue in bumping, as I have previously stated, is the ability to obtain a key that fits the lock.
Conclusions
There are locks that are secure against bumping. A detailed description of their specific mechanisms can be found in Locks, Safes and Security or LSS+. The bottom line is that in the world of locks, you get what you pay for. There is no real security in ten or twenty dollar locks. This was aptly demonstrated by the eleven year old girl when she opened an extremely common and well known brand with little difficulty. This, in my view, is not security. It leaves the public vulnerable and at risk. Whether you are a home owner, business executive, IT manager, Security Director, or in charge of risk assessment, you need to understand the threat and make your own decision as to whether your cylinders offer sufficient protection. You should demand answers from the people that sell you your locks, whether that is your local locksmith, architect, jobber or the lock manufacturer. To indicate that a lock provides "maximum security" or other similar verbiage on packaging when that manufacturer is well aware that the lock may well be opened in seconds is misleading and deceptive and places you, the consumer at risk.
I can think of no reason why manufacturers should not place warnings on their packaging, advising that certain cylinders may be subject to easy compromise and that higher security locks are available. After all, locks provide the first line of defense for most locations. The specific threat from bumping has not yet been adequately addressed by the standards organizations, such as UL, although they are now examining this issue. My suggestion: talk to your local locksmith or security advisor and purchase UL listed high security locks that have been specifically tested for their resistance to bumping.
Additional materials can be found on security.org and toool.nl. Bumping is thoroughly detailed in LSS+, the multimedia edition of Locks, Safes and Security by the author.
Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. He has authored five police textbooks, including Locks, Safes, and Security, which is recognized as the primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book is also available online. His website is security.org, and he welcomes reader comments and email.
In yesterday's column, I set up key bumping -- what it is, how to do it, what it means for most anyone who relies on a lock for their safety and security. Now, let's get into generic locking mechanisms that cannot be bumped. There are several and all share a common trait; none of them have a split set of moving components, like pin tumblers do. Thus, warded, lever, wafer, magnetic, and disk locks cannot be bumped open. (Neither can laser-track vehicle locks, as they're really made of sliders, disks or wafers.)
Warded locks are used in cheap padlocks and old hotel room doors. They are neither secure nor very prevalent.
Wafer locks are used in many low security applications, mainly on cabinets, desks, showcases, inexpensive padlocks, alarm panels, vending machines, elevators, filing cabinets and many other venues. Interestingly, they can be easily picked but are immune to bumping.
Lever locks can be found on blue postal collection boxes and access for groups of mailboxes and key keepers in apartment complexes that are accessed by the postal service. They are also the primary lock for safe deposit boxes and high security safes and vaults, primarily in Europe and other countries. Again, lever locks cannot be opened by bumping but may be picked and decoded.
Disk locks, such as employed by Abloy, likewise cannot be bumped. Their internal design resembles a combination lock and they can be very secure, although there are decoding tools for some models. Like Bic pens.
Locks that employ sliders, such as the Evva 3KS are immune from bumping. I note the 3KS which is produced in Austria and very popular in Europe. This and similar slider locks are particularly secure against most forms of attack. Similar technology is employed in several automobiles.
Locks that are at risk
What are the types of generic locking mechanism that can be opened by bumping? The answer is simple: almost any conventional pin tumbler lock. So what does that mean? Virtually any lock that employs split pin tumblers can be rapidly compromised by bumping. That list would include low to high security conventional designs, but what does "conventional" mean? It denotes any pin tumbler mechanism that does not employ secondary locking systems, such as sidebars. Remember that sidebars in and of themselves do not prevent the lock from being bumped; they just may make it more difficult and require additional information. It all depends upon the mechanical design of the lock.
As I stated earlier, any pin tumbler lock that utilizes two or more moving pins within each chamber is at risk. Door locks, post office locks, file cabinet locks, access control override locks, and padlocks. All of them can be bumped if you have the key that will fit the keyway and has been properly cut to all "9"s. Are there exceptions? Yes. Can every conventional lock be bumped open? No, but statistically, a very high percentage can. As detailed in my white paper, there are complicating factors which may make the process difficult or impossible.
You may be asking if conventional lock manufacturers have implemented designs to stop or frustrate bumping. Might these include measures such as the use of security pins (mushroom, spool, serrated or other designs), increasing the number of pin tumblers within a given cylinder, employing removable core locks, or increasing spring bias on some or all of the pins? What about making one or more of the bores shorter than the rest? How about employing interactive elements like are used by Mul-T-Lock? Don't worry if you don't know what any of that means, because the simple answer is that none of these countermeasures are really effective. There have been some patents granted for anti-bumping pins, notably to Moshe Dolev, the co-inventor of Mul-T-Lock in Israel, and to Evva in Austria. Some locks do have anti-bump technology, but some of these schemes can often be defeated. In fact, my original White Paper on this subject has been revised after I did extensive testing on some cylinders and found that what was believed to present an obstacle to bumping in fact did not. So, the short answer is that not much is effective against the problem, unless you utilize certain high security mechanisms.
High Security Locks that are Resistant to Bumping
Most high security locks employ secondary locking systems to add another layer of security. Sidebars are the most common design. Without going into a great amount of detail, a sidebar prevents the plug from rotating unless another separate locking system is actuated by the correct key. Secondary locking may take many forms, which are described in detail within my book. For example, Medeco was the first in the United States to introduce high security pin tumbler locks more than thirty-five years ago. They employed a revolutionary design concept: a lock that utilized pin tumblers that required both lifting (as in a conventional lock) and rotating to the correct angle.
In 2005, Medeco introduced a new innovation into their locks: a slider that was controlled by the forward movement of the key upon its insertion into the plug. This product is known as the M3. Although the purpose of this design was mainly to enhance key control and to extend their Biaxial patent, it can also add security to their cylinder. Medeco locks are not bump proof if you have prior intelligence about a specific lock. As documented in the latest edition of LSS+, even the M3 can be bumped, as associates and I have demonstrated on a number of occasions -- but the issue is repeatability and prior knowledge regarding the sidebar code. However, having said that, Medeco does offer other options, including their ARX pin, that make their locks extremely secure against all forms of attack.
Can the Primus lock be bumped open? Some locksmiths have provided random reports of bumping open the Primus but none have really been verified and consistently repeated. The mechanical design of this lock will make the process extremely difficult, unreliable, and realistically all but precludes bypass in this manner. Actually, the Primus, which is also UL 437 rated, goes one step further than Medeco in its design; there are conventional pins that must be lifted as well as the finger pins which must be separately lifted and rotated. So, one might consider that there is actually an additional level of security in this lock, as compared to Medeco. The fence-gate tolerances of the finger pins all but prevent bumping because they will not tolerate any forward movement of the key which is required during bumping. Is it impossible? I never say never, and in isolated instances with certain finger pin combinations, a lock might be compromised but I would not count on it. Primus is, in my view, is quite secure against this technique.
The design of the key is one of the critical differences between Primus and Medeco. Whereas Primus separates the functions of the sidebar from its traditional pin tumbler mechanism, Medeco does not and integrates the two. In my view, Primus offers a higher level of security against bumping, but Medeco is more secure against picking.
So, does UL 437 or ANSI 156.30 (the certifications that denotes a high security cylinder) mean that the lock cannot be bumped open? Not necessarily. My associates and I have opened certain cylinders in the U.S. and Europe that ostensibly should have been immune to the technique. As we test different locks, we are constantly surprised by the results.
So, what about other high security lock designs such as Assa and Mul-T-Lock? We have bumped open some models of these brands, as well as other manufacturers, but there is a caveat to all such claims. The repeatability and reliability of the ability to open these locks is not high in many cases. Thus, they might not pass the 3T-2R test that I described earlier.
In a later column, I plan on exploring the differences in the popular high security locks in the United States. There are definitely pros and cons to the designs employed by the major manufacturers. But the bottom line is that certain high security locks can make bumping extremely difficult; others not. While I am not in the business of endorsing products, you might logically ask what I have on my home, office and evidence storage area? Medeco and Schlage Primus for my residence, and the Evva MCS and Primus for secure evidence storage.
Notes on reader comments to the original article on Engadget
There were many comments to the original article on bumping. I thought it might be helpful to answer some of these in summary fashion because there were certain misconceptions that should be clarified. Here goes!
Bumping is a real threat. If you have conventional pin tumbler locks, they are at risk. Statistically you may be safe unless you are targeted. If a burglar wants to bump open your locks and you have pin tumbler mechanisms, then there is a high probability that your lock can be compromised.
Readers complained that this material will educate the criminals, but I doubt it. They are already well aware of the technique. The consumer needs to understand the risk so they can decide whether they wish to accept it or install better locks. There is no security through obscurity -- or as I prefer to call it, ignorance. There are no more secrets! The internet took care of all of that a while ago. I see no ethical bar to disclosure, In fact, quite the reverse. Failure to warn the public leaves them vulnerable and ultimately does them a disservice.
You get what you pay for when buying a lock, usually. Even some really good locks can be opened by bumping, so you need to learn which ones are vulnerable. In the Netherlands, the report can be found on toool.nl. We are working on the equivalent rating for locks produced in the United States, and will be releasing it shortly on my.security.org.
Although locks are a primary defense, you need security in depth. This means layers, like locks, alarms, cameras, guards, fences and other measures. It depends on what is to be protected and what is at risk. Locks should not be the only measure of protection.
There are insurance issues when there is no sign of forced entry. You should definitely check your policy to determine what is covered and what is required to prove a loss, because bumping often leaves no trace of illegal entry.
Where are the locksmiths in all of this, and is this just a scare tactic on their part to generate sales? Well, this matter was not brought to the public's attention by the locksmith community. In fact, many of them would prefer that nobody knew about it at all. Many locksmiths that I deal with were really unaware of the technique or of the security ramifications. In the United States, it was not their fault; there was a lack of publicity, in contrast with Europe. Barry Wels, Matt Fiddler and myself, through a series of high-profile lectures and interviews, have brought this to the attention of the general public in the United States within the past few months. In December of 2005, I began meeting with the US Postal Inspection Service to bring the problem to their attention long before publishing any report.
Many locksmiths have been aware of bumping for a long time, but not as a viable means of bypass. The locksmiths also have a problem disclosing the issue, even if they wanted to. They are prevented by ethical rules from disclosing security vulnerabilities other than in broad terms, except to other locksmiths or security professionals. That is a real problem for them, although some will disregard such rules to protect their customers. Yes, the locksmiths could increase their sales by taking a public stand on bumping but most have not done so. From my perspective, nobody has encouraged them to do so, and many are loathe to disclose any vulnerability that could place their customers at risk. Although I understand the perspective that many locksmiths advocate, I do not agree with it, and have argued the point with ALOA, their professional trade organization of which I have been a member for many years. I believe in a policy of full disclosure with regard to vulnerabilities; an educated public is the best security measure. If a piece of hardware of software is vulnerable, then everyone should know it.
Yes, locks do matter in protecting a residence. Many burglaries are crimes of opportunity. If the locks prevent bumping and that is the chosen method of attack, then the burglary may not occur. There are many break-ins where there is no sign of forced entry. Was bumping the culprit? Nobody knows, but why take the chance?
My view is that pre-cut bump keys should not be sold through interstate commerce except to locksmiths, law enforcement, security professionals, academic researchers, and others with a legitimate need. I have suggested changes in current federal laws to prevent such trafficking.
There are other serious vulnerabilities in mechanical locks that I will address in later columns. The compromise of master key systems is one of them, and may be more dangerous than bumping.
Although one can argue that bumping locks is not quite as simple as portrayed, the security threat paradigm shifts If a pre-cut bump key is available. Yes, there can be complicating factors, but at the end of the day, the lock will probably open with the correctly cut bump key.
Damage can occur to pins and springs if the lock is bumped repeatedly. However, there are usually few if any forensic traces, especially if the lock is opened in less than five strikes. I am often able to turn the plug with one or two blows. There are also ways to mask the fact that bumping has occurred at all. This may pose a serious problem for insurance companies who need proof of loss in order to substantiate and pay a claim.
One of the posts indicated that enough force was required that would break the glass in a commercial metal door frame. That is not true. In fact, depending upon the lock, little force may be required, and in any event, never to the extent that would break the surrounding glass on a metal door frame.
As to the required training, I think the video and photograph of the eleven year old girl speaks for itself. This is not security. The question I posed to the attendees at Defcon was just exactly what the term "security" or "maximum security" represented in packaging and advertising? Does it mean than a ten year old cannot open these locks, but that an eleven year old can? Not very comforting, is it?
There were a couple comments from locksmiths, stating that bumping was not quite so simple. Again, this is in part correct to the extent that a key must be properly cut for the correct keyway. This is not particularly difficult. In the latest version of LSS+, Barry Wels demonstrates the ease with which a key can be prepared. We were sitting in a hotel conference room in Amsterdam. He brought a key and a file and a small vice. That was it. In less than a minute, he prepared a bump key and proceeded to open a new lock. I view the real problem as pre-cut bump keys. No, most burglaries do not involve picking locks or other forms of bypass, but that may change if legislation does not stop the trafficking in bump keys. Most locksmiths would never cut a bump key for a customer unless there was a very good reason. So, unless the individual wants to make his own, then the other option is to secure them through interstate commerce, usually via the internet.
Bumping presents a special security risk as compared to picking and other forms of bypass, because of the 3T-2R rule. It is, as I have shown, literally child's play to open many locks.
A bump key is not a rake pick; far from it. The process is entirely different. And, contrary to the reader comments, torque is always required.
The comment was made that "there are no mechanical locks that cannot be picked." This is not really true, although it sounds good. For example, I would challenge any reader to open the Evva MCS or the Abloy Protec, for example. Medeco and other high security cylinders are always targets. Although the Medeco biaxial and other locks have reportedly been picked, these instances do not tell the entire story, nor in my view are representative of the security of these locks. Most locks can be randomly opened if a number of factors happen to be present. There is a vast difference in being able to open one lock and opening a vast majority of the locks reliably and repeatedly. The same goes for claims of bumping these cylinders. Statements on web sites that Medeco, for example, can be picked are misleading. That is why I noted several disclaimers in my white paper, which have now been adopted by several lock picking sites as being the responsible way to report bypass successes with different cylinders.
A reader stated that if there is no key, then there is no picking. He was going to employ a complicated system to ensure the security of his residence through the use of computers and remote control through his cell phone and other various devices. Just let me know where he lives. This all sounds good, but it is neither practical or in the end, secure. The real answer is to buy better locks employ tested layers of security, not to dream up all of these technical obstacles that will be compromised or will fail.
A reader asked if anything was accomplished by all of the publicity about the insecurity of locks? Haven't we just educated the criminal? My answer: the more knowledgeable the consumer, the more secure they will be. Not everyone can afford high security locks, nor do they need them. But they do need to know the threat so they can decide whether to assume the risk.
Some locksmiths have known about bumping for many years. However you might be surprised at the number that were not really familiar with the newer technique.
With few exceptions, any key can be made into a bump key, although for some of the high security locks this statement must be qualified. In some cases, such as Schlage Primus, presently the statement is not true. Even if you have a 999 key with the correct side milling, the lock cannot be opened. This, by the way, is one of the interesting distinctions between Medeco and Primus which will be explored in a subsequent article.
Restricted keyways do not provide any more security against bumping, so long as a key that fits the lock can be obtained. This also brings into question the security policies of corporations that take locks out of service and do not account for discarded keys, because any of them can be made into a bump key. The critical issue in bumping, as I have previously stated, is the ability to obtain a key that fits the lock.
Conclusions
There are locks that are secure against bumping. A detailed description of their specific mechanisms can be found in Locks, Safes and Security or LSS+. The bottom line is that in the world of locks, you get what you pay for. There is no real security in ten or twenty dollar locks. This was aptly demonstrated by the eleven year old girl when she opened an extremely common and well known brand with little difficulty. This, in my view, is not security. It leaves the public vulnerable and at risk. Whether you are a home owner, business executive, IT manager, Security Director, or in charge of risk assessment, you need to understand the threat and make your own decision as to whether your cylinders offer sufficient protection. You should demand answers from the people that sell you your locks, whether that is your local locksmith, architect, jobber or the lock manufacturer. To indicate that a lock provides "maximum security" or other similar verbiage on packaging when that manufacturer is well aware that the lock may well be opened in seconds is misleading and deceptive and places you, the consumer at risk.
I can think of no reason why manufacturers should not place warnings on their packaging, advising that certain cylinders may be subject to easy compromise and that higher security locks are available. After all, locks provide the first line of defense for most locations. The specific threat from bumping has not yet been adequately addressed by the standards organizations, such as UL, although they are now examining this issue. My suggestion: talk to your local locksmith or security advisor and purchase UL listed high security locks that have been specifically tested for their resistance to bumping.
Additional materials can be found on security.org and toool.nl. Bumping is thoroughly detailed in LSS+, the multimedia edition of Locks, Safes and Security by the author.
Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. He has authored five police textbooks, including Locks, Safes, and Security, which is recognized as the primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book is also available online. His website is security.org, and he welcomes reader comments and email.
I was recently burgled. I have no idea how they got into my second floor flat as the block of flats has a secure entry phone system on the blocks front door and they would need to obtain a key for that. My own front door has a Unican keypad lock and a 5 lever chubb mortice. I couldn't claim on the insurance because they left no sign that it had been a forced entry. In fact the door was locked as usual when I entered to find my property had been stolen. How is this possible? I am buying a new lock so after having read the above article would like a bump proof , non- pickable lock. Would appreciate any suggestions as to what to buy. I am base in the UK in the Surrey area. This has been so traumatic.
okay people I'm a loclsmith who is a certified m3 medeco dealer.
This article and to all the people who are saying medeco can be bumped is full of crap, and don't know what they are talking about.
You have in a medeco lock 4 different security measures. The side bar is one, the slider is one, the angle tumblers is one and the security pins is another. with all of these thing put in place you have a better chance of winning the lottery then bumping.
medeco is built and made in the usa
so if your going to buy a product buy medeco, it's a very good product that I will stand behind.....It's on my house!
by the way multi locks have beenaround for awhile know I dealt with them personally. I took them off the door and put them right in the garbage. NOT a good product...
You don't have to take my word contact medeco or assa abloy, but hopefully this will help some people out there to know the truth
It seems that almost any lock can be defeated in some way or another. It’s all a matter of time. So the only thing u can do is delay the burglar so long that he does not have enough time to steal your things. A good way to do this is to install a hidden floor safe like these ones http://www.a1qualitysafe.com/site/408162/page/91221
Hopefully the crook will not find it hidden in the floor and if he does safe locks are always much harder to pick than door locks
What an incredible piece! Very interesting.
OK so if we're all at risk - what can we do?! What specific locks can we buy to put on our doors to protect them? Can you post a link to a lock that will be more secure (hopefully under $50/pop)?
I personally recommend Mul-T-Lock due to its heavy duty construction and sophisticated pin assembly. These locks sell for well over $100 – however; you might be able to simply replacing the cylinder in your existing lock, and that way saving some money.
However, as stated in many articles, this is just one step in getting complete security, you also need a glass breaking sensor, alarm system and solid doors that can not be kicked open…
It sounds overwhelming, but this is what it takes to keep you and your family secured.
You can get more tips at: www.Your-Locksmith.com
Jason,
The best lock to protect your home is the GLock.
yeah if I'm home that's what I'll use.
but if I come home and all my stuff is stolen and there's no sign of ANY break-in, I'm totally screwed because insurance won't pay.
i see there are RFID locks, but they are $300 a piece. I have 3 doors to put them on and $900 is a LOT of money
The writer obviously knows this subject well. But this is poorly written. It assumes way too much knowledge on my part, eg: What's a 'warded' lock? A 'wafer' lock? How can I tell?
Get someone to write this in a way that is actually useful, and the information will be ... umm ... useful! Instead it ends up sounding scary, but doesn't really help people address the problem in their own door.
Cripes.
Generally, what I want to know is this: Which locks (as in, lock brands) are, and aren't vulnerable.
Specifally: Are Medeco and Mul-T-Lock products vulnerable, or not? The information in this article, and in others I've seen on this subject, are pretty uniformly confusing, or full of caveats. Or, different sources vehemently contradict one another on questions like these.
Help!
At a lab I work at we have an infrared key called Mar Lok.
It sounds like alarm companies may use this as a scare tactic to increase their sales. Or, this is a good time to invest in an alarm. Although, an alarm contract can be more expensive than $900.
"So, the short answer is that not much is effective against the problem, unless you utilize certain high security mechanisms."
Uhhhh... like a combination lock?
I have seen plenty of combination deadbolt locks for sale at places like the Home Despot over the years. I have known a few friends who had them, as well. Surely you can't "keybump" a combination lock.
Medeco's site has an alert that states their immunity to bumping...
http://www.medeco.com/about/whats_new/pr/bump.html
Can anybody tell me where I could find these EVVA locks, online or otherwise? Oh, and in the USA?
Actually, the announcement on the Medeco web site (which was noted and linked to a few comments above) does *not* say Medeco locks are bumb-proof; rather, it seems surprisingly mealy-mouthed about it. In any case, I would expect Medeco to strongly imply that it's products are bump-proof.
My question is: Are they in fact bump-proof? There are contradictory claims floating around. EG I have read elsewhere (not in this post) that Medecos can be bumped by someone who has a selection of Medeco bump keys to choose from, each with a different sidebar design that can be tried until one works. Obviously, if that's true, it decreases the criminal's odds ... but I still have the question: Is it true, or not. Or is the risk so miniscule as to be irrelevant to me as a person with a Medeco lock on my door.
Anyway,
My big question is which ones are secure by have keys that still can be copied at the local hardware store? I would imagine it's a painful (and expensive) process to get new keys for some of these higher security locks. Do these Primus locks that you mention have keys that can be copied by the average key guy? Thanks!
confusing:
They specifically mention bumping the Mul-T-Lock in the whitepaper.
I think I'll switch to this:
http://www.apsibiometrics.com/biometrics_residential_products.htm
Here is Mul-T-Lock USA's official response:
http://www.mul-t-lockusa.com/newsdetails.asp?newsid=51
While being able to resist bumping is handy and all, I would be quite happy with a lock that can stop surreptitious entry.
One mechanism that comes to mind immediately is a row of locking pins designed to lock the plug if it is not keyed during rotation. Would this not work?
"One of the posts indicated that enough force was required that would break the glass in a commercial metal door frame. That is not true. In fact, depending upon the lock, little force may be required, and in any event, never to the extent that would break the surrounding glass on a metal door frame."
This was probably my post, unless I missed another.
HOWEVER, I never said anything about a "commercial metal door frame". I said it would break the glass in a *residential door*. My door, for example, is made of a wood frame with stained glass panes. If I were to bump it even with the force that the 11 year old girl used in her demonstration, I would break at least half the panes in my door. Residential doors made of wood and glass are not designed for strength.
Bumping a lock requires approximately as much force on a door as if you slam it hard. That's all you really need to know. So if you'd be concerned about your door glass breaking if you slammed the door, then thieves would have the same concern about bumping your door. (In fact, a couple of panes in my door are cracked just through regular opening and closing.)
So my original reply still stands. Maybe the quote above wasn't referring to my reply but to someone else, but my front door would never stand up to bumping and would make a huge racket if anyone tried it, and I'm sure a lot of other residential doors are the same. A thief may as well just smash in a window.
Jeff --
you "misunderestimate" the properties of your door. That wasn't a hard impact (in the video), and most doors are built to withstand the amound of force that might be used when a 7 year old locks out a 9 year old sibling. I remember being on both sides of this.
Being a locksmith, and a frequenter of several secured locksmith sites, I can tell you that Marc tobias is really not all the highly appreciated.
"Bump keys" have been around for years. I learned about them 7 years or so ago while working for another locksmith who, at the time, had been a locksmith for 27 years. But therein lies the crux of a certain amount of animosity about Mr. Tobias and his articles.
Up until Mr. Tobias starting making what had been information held tightly by the locksmith community for at least a generation, if not 2 generations, public knowlege, Mr. Tobias has effectively put the average homeowner's security at risk.
"Bumping" is not a scare tactic. It does work. But to most locksmiths, it is strictly a last resort. To your average hobbyist or anyone else reading his report, it is "just a fun thing to do."
Locksmiths use the skill of picking locks which takes quite a while to hone and other bypass methods to let homeowners into their abodes without damage. I do have a set of bump keys which, frankly, I haven't used in years, once the novelty wore off and I have never used them in front of a customer. Only in a shop where a lock had to be picked before you could remove a cylinder from a knob to re-key it and there was no key available.
Medeco is as close to bump-proof as you can get because of the sidebar, the unique angles of the cuts on the key, the fact the key is restricted and and the sidebar. Mul-T-Lock would come in second, With Schlage Primus and then Everest coming in at 3rd and 4th.
However, as has been mentioned, price can be restrictive to your average homeowner living in a middle income home.
A lock can be keyed in such a way to make it almost impossible to pick and even diffiult to bump, and for this, you should call your local locksmith.
But also make sure your local locksmith is indeed local and watch out for the "gypsy" locksmiths that are flooding the market nowadays. For more information on these "Gypsy" locksmiths go to http://www.jbylocksmith.bravehost.com and click on the tab which says PSA.
@confused:
Don't expect an article that says black-on-white which locks are safe; what would you do as a proud american when you install one of those locks and get mysteriously burglared anyway?
Sue the writer, that's what! A lot of pain for a free little blog column...
I don't understand all the concern here. Why would a thief go to the trouble of getting a bump key for your place to open the lock and "leave no trace" when he could just as easily stick a screwdriver in the lock, attach a wrench, turn it, and shear off the pins in about 3 seconds. Who cares if it leaves a trace? Not the thief.
Bump keys are no more a threat than any of the hundreds of other ways of getting in your home.
Yup this is being blown out of porportion. Oh noez windows are *breakable* we better stop using glass. If some messed up junkie wants to break in an steal your stereo/tv i doubt he's going to use a bump key.
I'm not concerned about the junkies or 2 bit thieves. They will do a sloppy job of breaking into my house and it will be obvious I was burglarized. Filing an insurance claim will be no problem.
If someone bump keys my lock, there will be no sign of entry and my claim may be denied.
I made a bump key last night that opens every door in my house. Really scary how easy it all was. Two hits with the handle of a spackle knife and I was in every door. Everyone interested should watch the first half of this video:
http://connectmedia.waag.org/toool/whatthebump.wmv
Really very few locks are safe from this. Even if your lock manufacturer has a certified lock, all a criminal has to do is buy one of their locks and they have total access to make keys. On the video they were bumping with complex keys, muck more than what I have seen on the average house or business. BTW, took me under 3 mins to make the key.
NRA, what a stupid comment about having a "gLock" as you called it. Study after study has shown that having such a horrifically dangerous device in your home is...well...dangerous as any rational person would expect. The largest study in history showed that a handgun in the home was 43 times more likely to kill the owner than an intruder. Why would any rational and intelligent person want themselves to intentionally be 43 times more likely to die violently? I guess if you're stupid enough to give to the racists at the Klan, errr, the NRA as they like themselves to be called now, then you're stupid enough to own something that dangerous.
That is ignoring the fact that Glocks are about as dangerous to the shooter as the person being shot at. I'm a cop and a coworker recently would have lost the sight in his eye when his Glock blew-up if the safety glasses hadn't saved him. Since they don't support enough of the case they're more grenade than pistol. Of course people as reckless as you don't care about harming yourself or others so you keep pushing those dangerous devices. I have mine only because it's what my department requires me to carry. I'm smart enough to shoot it as little as required.
Sure, Otto and nephandi, if a thief wants to get into a house quickly, kicking the door in, screwdriver/wrenching the lock, or breaking a window is just as easy. And though the fact that using a bumpkey would screw the homeowner twice (once for the break-in, and once for the inability to file an insurance claim) might not seem to matter to the thief, it should. Obvious break-in = police report = investigation = perps could get busted. Using a bumpkey prevents that possibility. Unless, of course, the crook decides to bleed, or in some other way deposit his/her DNA, all over the floor.
Solution: buy cheap crap that the thieves won't want.
I saw a Digg article on key bumping a few weeks ago that linked to a video on youtube showing how easy bumping is. I have nothing of value, but the concern that most homeowners/renters insurance won't cover theft if there is no sign of forced entry.
Well long story short, I found found a local locksmith that convinced me that while Schlage Primus would be overkill, Schlage Everest cylinders while a lot less costly than Primus will give me reasonably good protection against key bumping. The Everest do have a sidecut-type feature that will "help" guard against key bumping.
Reasons given is that Everest blanks are more difficult to obtain than 90% of home door cylinders. Unlike Primus which are very strictly controlled within the lock industry.
If you get a Primus locks,the sidecuts are unique and SPECIFIC only from the locksmith you purchase, which means that you are captive to that locksmith. Also the Primus keys have a breaking weakness due to the regular key cut in combination with the sidecut.
Also there is other low hanging fruit for someone wanting to gain easy entry to a house/apt. Most 999 key sets are for the most common (schlage, westlock, weiser, kwickset and Yale low quality 5 pin cylinders).
Home security is mostly about detering and making it hard for a would-be theives and in turn slowing them down.
my 2 cents
Bilock, a lock originally designed and manufactured in Australia, cannot be bumped, is reasonably priced and will fit many current applications across the world, including many lock mechanisms in the USA.
Keys are totally restricted and patent and design protected.
@ Joan Yarrington:
Your information and opinions on the lock manufacturers' quality and security is highly useful, valued and appreciated. However, your comment about Mr. Tobias's article is absolutely ridiculous. 'Security through Obscurity' is NOT security!
This whole bumpkey situation mirrors what seems to have been (mostly) hashed out in the computer security community. Now we seem to have security vendors, indepent security researchers, and software companies working together to quickly patch computer vulnerabilities before malicious coders and others can make a damaging impact on folks' computer systems.
Yes, I realize this is an old technique. It's been known for decades, and yet we haven't heard of rampant, break-ins of the non-forced entry variety. However, that doesn't make it 'right' to hide this fact from those who want to make their homes and (small) businesses more secure.
If nothing else, it gives folks a wake-up call that their homeowner's insurance probably won't cover such break-ins. It brings the practice of multi-layered security to the forefront of their minds. Especially homeowners, who may have let themselves get lax, thinking that their deadbolts were more than adequate protection.
Joan Yarrington:
Thank you for your observations very helpful!
Most locks can be modified with ease to male them bump- resistant if not bump-proof.
Thsi has been posted on two locksmithing websites, and has been tested and fount to be totally effective against bumping.
Any locksmith can contact me through Internet-Locksmith or Clearstar Network for more details.
Oh--and ANY cop who only carries a sidearm because the department requires it, and only shoots his sidearm as much as needed to keep his job is NOT a officer I want on my local police department!
The P.D. where I have my shop issues their officers Glocks, REQUIRES them to have AR-15 rifles (on a celing rack in the squad)and a Remington 870 pump shotgun in the shotgun rack on the dash.
And when they respond to a buglary/robbery in progress, there is NO mistaking that they aren't taking any crap, or playing any games, and really don't care what some damn liberal thinks about the display of arms! They show up to do a job, and do it right the first time!
Allen Murphy
Allen,
If you want people to believe you that any lock can be modified to resist bumping, explain how in sufficient detail to allow others to test it. Or is it super-duper double top secret?
More likely, you're just steamed that someone is blowing the lid on your little house of cards.
Harry
"Your information and opinions on the lock manufacturers' quality and security is highly useful, valued and appreciated. However, your comment about Mr. Tobias's article is absolutely ridiculous. 'Security through Obscurity' is NOT security!"
My comment about his article was simply that:
"Up until Mr. Tobias starting making what had been information held tightly by the locksmith community for at least a generation, if not 2 generations, public knowlege, Mr. Tobias has effectively put the average homeowner's security at risk."
this happens to be a true statement as your "average" homeowner simply cannot afford to install a minimum of two $150 to $200 high security, key-restricted, deadbolts on their home plus the trip charge and the labor for installing the locks. These are people who have trouble meeting the $200 a month electric bill, the senior citizens with huge prescription drug bills every month, and so on.
Until Mr. Tobias decided the whole world should know how to compromise masterkey systems, pick locks, and bump locks open, most of average america was able to tell when they had been broken into. That's not necessarily the case anymore, now is it?
I ran a call a month or so ago. Little old lady who had a day nurse come in. She called because she couldn't get her deadbolt to lock, yet she had locked it the previouse night. On top of that, her key wouldn't even enter the keyhole. Well, I'm thinking this is a little old lady who is lonesome and wants some company or has a few loose marbles.
No way! The lady is sharp as a tack. Reason the key wouldn't enter the keyway is the plug is turned and won't turn back. Yet the deadbolt is in the unlocked position. Bolt withdrawn. Lady said she heard a noise the night before after she had gone to bed and when she looked at the door, the door was ajar with the slide bolt (hotel/motel type keyless lock) keeping it shut. When she turned on the light she thought she saw someone running between her house and her neighbor's house.
The lady was correct. Someone had picked her lock and the only thing keeping him/her out was that hotel/motel slide lock. When they icked the lock, one of the ins fell into a hole and couldn't be turned back to the correct position. Using the key, it is impossible for the pins to slip down that way. Therefore, someone used picks on the lock. This is also why I ask to see the customer's key whenever I unlock a house, so I can test the key and make sure it enters and operates the lock correctly.
After contacting the police to let them know someone had tried breaking into the lady's house the night before, although leaving no jimmy, pry bar marks or broken glass, I then made several more additions to her security. The police were going to make more passes by her house and one of her neighbors is also an officer.
Like I said, this lady is a seniour citizen, requiring a day nurse, mediccations, and is on a fixed income living in a home she and her late husband probably moved into 50 years ago. She does have a son with his own home and family who visits her several times a week, but he's not wealthy either and she simply can't afford the high security lock, so she has to make do with the best she can and, unfortunately, some pimple-faced teeny-bopper or other Blaze/Tobias cult follower, learned through the internet just how to bypass her locks.
I'm just glad he/she screwed up enough that I was able to catch it. If he hadn't gotten those pins caught, and turned the plug back to the right position, it would have never been caught.
What would you say is the level of security offered by something like the knock n lock? (www.knocknlock.com/)
The idea itself seems intruiging, no mechanics exposed to an outside attack.
This is a great article to bring awareness to the public about the vulnerabilities of their home security setup. The average door lock gives many a false sense of security. However, a false sense of security can leave one vulnerable or even dead, if they're unlucky.
Personally, I don't agree with the "what they don't know can't hurt them" philosophy. Why do you think computer security experts announce vulnerabilities when they're discovered? It's so people can take measures to protect themselves against such attacks. Would you rather be left in the dark?
Some choose to take personal security into their own hands. They realize that the police won't always be there when they need help. This is why many support lawful citizens owning firearms. If someone enters my home uninvited while I'm there, they can be considered (by myself and by the law) a threat to my family's safety. In most cases and in most US states, I'm legally justified to use deadly force against the intruder to protect my safety and that of my family. What would you do to protect your family from murder or rape? Use a baseball bat? A kitchen knife? What if the intruder is armed? Or is twice your size? For me, I choose to include a firearm as part of our defense plan.
Also, the comments about Glocks and the firearms "statistics" are not true. If you're not careless, firearms are safer than many other household items. They're only mysterious to those who lack an understanding of how they work. You can learn more about those myths here:
http://www.keepandbeararms.com/downloads/GunFacts_v3.2.pdf
btw, if the crap really hits the fan, I hope I never have to rely on a police officer like the one in the above post.
What types of locks can you use on windows that prevent entry thru mechanical devices that allow quick entry and exit thru windows when you have purchased the best to secure doors. I was assulted in my home by a group that bypassed my security due to gaining entry thru my ground floor windows with a device that shot my windows up and down coming in at multiple window locations. I had some sort of tactical team that had rapid entry and could enter and slam shut my windows as the came in. Do you know anything about such a device and any information to help prevent this again would help me to stop living in fear.
Here is a bump proof lock at a affordable price that's available at http://www.a1qualitysafesonline.com/ for around 35.00 dollars. it is the Master Lock's exclusive Bump Stop advanced cylinder technology, virtually bump proof and pick proof lock. Search keyword bump lock. need a lock installed in the San Francisco Bat Area try
http://www.a1-locksmith.com/
I never understood the restricted keyway mentality. Anyone with a milling machine or perhaps a drill press and cross vise could easily fabricate the correct key blank out of barstock.
I woudl have a similar take on premde bump keys. Some restriction on sale, perhaps by professional organization or manufacturers of blanks and lock may be helpful, but ultimately legislation isn't going to stop somone who would steal something from making or obtaining a bump key. The key is so easy to fabricate without any specilaized tools that I don't see where baning the sale will change the supply to anyone who wishes to commit a crime with one.
I was just watching the Today show on NBC and they had a story about how YouTube was aiding criminals by hosting videos on how to defeat locks through lock picking. A similar theme of anti-YouTube lock picking started to show up in UK based news media outlets earlier this morning - All Headline News, Metro UK, Life Style Extra.
The Today show was just trying to jump on a story that was just starting to hit the UK and wanted to be the first in the US to catch the wave rather than report on why the lock industry fails to protect us. People should know that it doesn't take the world's greatest picker but even a 10 year old can use a bump key can pick a lock.
Thanks for the article
As a perfect example of the fact that criminals were already aware of this trick:
Ads by Google
Bump Keys
Set of 6 most popular keys. Now with Master Lock key!
bumpkeys.jinestudios.com
This add was present at the bottom of this article. Anyone who thinks engadget put us at risk by publishing this is sorely mistaken.
jinestudios@gmail.com will not send you the keys anyway all they will do is take your money and not reply to any e-mail
Jinestudios takes your money and doen't answer e-mails.This is the same thing that happen to me.Beware of this so called company or what ever.
If someone wants into your house they will get in. The trick is to make your neighbour's house look like a more attractive proposition.
Whenever I buy electronic stuff (stereo etc) I always put the boxes out for collection a few houses down the road -- my girlfriend thinks this is horrendously evil.
I ordered keys and submitted payment on 7/20/2007. I have received nothing since. does anyone know how to complain or get my money back or where this guy Wahi can be found?
Antibump Locks sells high-security locks that protect against lock bumping. Better locks are the best protection. Alarms only notify that an intrusion has occurred, and it will take the police several minutes to get there. Further, if someone bumps your lock, there is usually no sign of forced entry so the insurance companies may not pay for losses because they can assume the door was left unlocked; however, some insurance companies offer rate reductions for installing high-security (bump-resistant) locks. See http://antibumplocks.com
JineStudios must be out of business because they are not answering any kind of e-mail for any purpose.They do take your money and run so be cautious.
I agree that short of using expensive locks(either high security tumbler or electronic/Combo)good "Bump" resistance is going to be a hard thing to acchive . One thing you might try is using TWO TOTALLY different Deadbolt Locks, preferably from uncommon Manufacturer's, like a cylinder deadbolt/"Finger" deadbolt combo, that is what I've done on my Apt.The chance of a criminal having "ENTIRE" sets of Bump keys is unlikely, and if he does your dealing with a pro and are screwed anyway.Stay away from the Kwiksets that are SOLD EVERYWHERE cheap, also don't buy "MATCHED PAIRS" of locks, go with separates that have Keys so different you can't put them in the OTHER lock.