The Lockdown: Your new Targus Defcon CL lock, hacked by beer
By Marc Weber Tobias 
posted Sep 8th 2006 3:04PM
posted Sep 8th 2006 3:04PM
Noted security expert Marc Weber Tobias contributes a new column, The Lockdown, exposing the shoddy security you may depend on.
If you thought that this hefty looking lock was secure? Think again. Marc Weber Tobias and Matt Fiddler demonstrate how the Targus Defcon CL security device can be defeated in seconds with a piece of metal from a beer can, or with a paper clip. Its Targus time!
A security analysis of this new product was prompted by a recent call from a technology reporter at the St. Paul Pioneer Press. This was the same journalist that wrote a detailed story about laptop locks in September 2004 that followed our security alert regarding the Defcon, wherein we described the simple method to decode its combination and quickly open it.
Based upon the Targus press release and verbiage on the product packaging that extolled the Defcon CL Armor as having "more cut resistance and greater protection against cable cutters than other leading security cables," an associate and I decided to revisit the security of the new design and see if Targus has learned anything about the design of security products in the last two years. Evidently not! We sought to determine the new lock's resistance to both covert and forced methods of entry. As a result, an updated security alert and technical analysis has been posted on www.security.org and Engadget, together with a video that demonstrates how easy this lock can be compromised. Based upon our findings, I think it is fair to say that the latest Targus lock is on the cutting edge -- literally.
Looks can be deceiving. The Defcon CL appears to be quite secure, but in our view, it is far from it. Unfortunately, most design engineers really do not understand the concept of security engineering with regard to hardware and specifically to locking devices. For those of you that have not read Ross Anderson's treatise on Security Engineering, I would recommend it as required reading, for it goes to the heart of what we view as the latest Targus design deficiency.
The armor is easily compromised by bending the cable over upon itself,
exposing the inner cable that is supposed to be protected.
Security Engineering and the design of products
Those who design security hardware incorporating mechanical locks often lose sight of what really makes those locks secure, and more importantly, what makes them vulnerable, even to the most elementary attacks. In the case of the Defcon CL, the internal lock mechanism has been modified to prevent a piece of paper or Mylar from being utilized to determine the position of each gate and thereby the combination, as was disclosed in our 2004 posting. The problem is with the redesign. As shown in the accompanying report, the gates can still be easily decoded with a wire, paperclip, or a piece of metal that is cut from a beer can and made into a shim.
When I spoke with the Manager of customer service for Targus, a six-year veteran with the company, he told me that their engineers had tested against methods of both covert and forced entry and that he was "confident" that this lock was secure. The fact is, this just isn't the case, and the result is the the consumer is left with the belief that their laptop is safe against what should be obvious modes of attack to those who engineered this product. And that is precisely the problem, as Ross Anderson so eloquently addressed in his book -- a false sense of security. Most design engineers did not grow up breaking things, as I did, so they usually have no clue as to how to make them secure. The primary rule: you cannot design a security product properly if you do not thoroughly understand the methods to break it. Targus should take note of this axiom, because they are representing to the public that they are experts in computer locks and that the public can rely upon them to produce a product that in fact is a real deterrent to theft. At a price of between thirty and fifty dollars for the Defcon series, I think one just might have a right to expect that!
I consult with several lock manufacturers, both in the US and Europe with regard to the vulnerability of their locks, associated hardware and security systems. Part of my task is to educate their design engineers as to methods of bypass, both traditional and "out of the box," which means unique to the mechanical and operating parameters of their specific product. Perhaps the most elementary and at the same time most difficult concept to teach these designers is that the key (or in this case the combination) does not directly open the lock; and that there are often mechanical methods to bypass the lock or system. Just as important, they need to understand that the key or combination can likely be decoded or simulated through sometimes-elementary means. If this occurs, then all of the security features are essentially worthless.
The design of the Defcon CL
I am sure that Targus will argue that this lock is only a deterrent and cannot stop determined thieves or experts. That is very true of this and almost any lock, but there are certain basics in the design of a product that must be understood to insure at least a minimum of security. In this case, those basics would relate to the essentials of a cable lock: notably and rather obviously the cable and the lock! So, let us try to reconstruct the thinking that went into the latest Defcon.
We need to consider two primary questions: what is a deterrent, and what components need to be made secure? The issue of deterrence is complicated one and which nobody in the industry has really defined. Just what is a deterrent when we are talking about stealing a laptop? Well, I would submit it is a time delay of more than a minute, at the very least. It should be a lot more, but there are many factors to be considered. Most thefts, at least in the laptop arena, are crimes of opportunity. If the laptop can be easily removed it is likely to be stolen. So, all of the laptop lock manufacturers have accurately determined that there are four critical components to preventing theft: the security slot on the computer, the slot interface, the cable, and the lock. It is not very complicated to figure this out. As always, the problem comes in the execution.
First, the lock manufacturer has no real control as to how the computer-maker designs the security slot. Some are made entirely of plastic, which is essentially worthless and will allow the lock to be removed by twisting and pulling. Other vendors utilize metal, which make these slots more secure against most forms of attack. The vendor does control how the lock interfaces with the slot. All of these devices have some form of expanding elements that prevent removal from the slot enclosure. Some are better than others but at the end of the day, they all accomplish the same result.
Other than the interface, the two critical issues that the lock manufacturer can control are the design of the cable and the locking mechanism. This is the two-pronged Targus problem.
Protecting the cable
Targus rightly assumed that the most critical vulnerability of any cable lock is the cable itself. This is fairly obvious to anyone but how it is implement is not. So they asked their engineers, "how do we make the cable more secure?" I can only assume that they looked at other industries that have needed to protect their cables from being cut, and realized that telephone companies have utilized armor for at least thirty years to secure the handsets on their public coin telephones. Targus decided that cable armor would be the ultimate protection, and if they had implemented it properly, they probably would have been correct.
I am sure they looked at different armor manufacturers, focusing on weight and bend radius parameters. There are a couple of different ways to protect a cable with a flexible metal covering. One method is to utilize interlocking links. In my view, the preferred method, not employed by Targus, is to employ helical-wound cable made of stainless steel or similar material. In fact, while researching this article, I spoke with one of the leading cable manufacturers in the United States and asked them to analyze the Targus approach to armor. They were not impressed, and expressed the same concerns that I raised with them, that the Targus cable is comprised of a series of steel rings that really do not reinforce each other in any meaningful way. They are only interlocked because they are prevented from separating by virtue of the sealed end of the cable. There is nothing to keep them together, other than a coating of plastic that is 0.01-inch thick and can be cut or melted quickly.
The problem with the Targus design, and which should have been immediately apparent to their engineers, is the fact that the rings are not actually interlocked and linked together in any secure fashion. Yes, they are covered by a PVC coating, but unfortunately, this plastic can be easily cut away or burned off with a lighter. Once that occurs, the links are vulnerable to simple attack as shown in this video [WMV].
Targus should have known that the bend radius on the links allows them to be separated. Once this occurs, I was able to easily cut the inner cable with a seven-inch diagonal cutters, purchased at my local hardware store. I am sure that the decision to utilize this type of armor cable was primarily driven by price; supplying the really secure cable would cost more money. In fairness, the outer covering that Targus chose is tough. In fact, if you try to cut this cable with anything less than a 14-inch pair of bolt cutters, you will likely break them, as I did in multiple attempts. So, when Targus boasts that its cable is the toughest in the industry, they are partially correct, but the statement is still misleading.
I am certain that their engineers did not test by exploiting the limited bend radius of their individual links, and that is precisely the problem. Why would they ever think of bending the cable over upon itself to expose a gap, or as I would prefer, a chink in the armor? They would only do that if they truly wanted to make a cable that was secure against a relatively simple form of attack; one that would perhaps be employed by a person who wanted to steal a laptop without going through a lot of work!
So, the first and most critical part of the Targus Armor design fails because it can be easily compromised in just a few seconds with ordinary tools. I tested the new Kensington cable against the Defcon in preparation for this article. Their plastic-covered multi-strand cable has a smaller diameter than does the Defcon armor, but is much tougher against attack with the same seven-inch diagonal cutters. Again, in fairness, if you do not "tamper" with the Defcon cable, then it is very difficult to cut. But in my view, if the lock can be easily compromised in a few seconds, then it does not matter how that is accomplished, so long as ordinary tools are employed. The consumer is buying time when they purchase a laptop lock; time for the thief to be caught in the act. In my view, Targus fails to provide that time. But keep reading, because it gets better.
Targus might argue that any laptop cable can be cut given the proper tools. That statement would be entirely correct. In fact, I have been able to sever every laptop lock by every manufacture that I have tested with a fourteen-inch bolt cutters. We should be concerned with the use of simple, easy to conceal, non-sophisticated tools. I would say that a seven-inch diagonal cutter meets that test more than a fourteen-inch bolt cutter. So, the argument might be made that even if the cable is cut, the lock is still hanging on the laptop and nobody can walk around with a computer with a lock dangling from it, as it would be a dead giveaway that is was stolen.
As it turns out, the three people that I spoke with at Targus customer service all indicated that they actually provide instructions as to how to cut their lock from the computer in case the combination is lost. Even more interesting, they told me that it might take a maximum time of fifteen minutes to dial all the combinations on this lock! Whether that is true is not particularly relevant but an interesting statement. Even more curious, Targus does not offer any form of insurance or warranty against theft if their locks are compromised, as do other lock manufacturers.
The Targus combination lock
So, now we come to the second component of the laptop security puzzle; the combination lock itself. If you are a prospective thief, you might think that cutting the cable is too messy and would require that the lock be decoded to remove it from the computer. No problem; let us use intellect and a few common implements to defeat this latest design. Some background is first needed.
In 2004, I examined the design of the Defcon CL and determined that it could be decoded quickly with a piece of paper or thin plastic inserted to the side of each of four thumb wheels to feel for the gate position. This would provide the combination within a few seconds. So the folks at Targus admitted privately that they had a problem and thought they fixed it -- "thought" being the operative word. Yes, they changed the location of the gate and the overall design of the housing, but not enough to prevent it from being simply decoded. In fact, I might argue that it is simpler and quicker to decode it now then in 2004! Why is that?
The individual wheels now have a different geometry that can be probed from the end of the lock with a piece of wire, paper clip or shim. As shown in the video, this is a simple bypass method and could have been easily prevented [WMV], had the Targus engineers really tried to open this lock like one intent on stealing it.
What really provides the security of this lock? Ostensibly, it is the 10,000 possible combinations but remember the caveat in the introduction to this article: locks can often be decoded because of mechanical design issues that were not contemplated by design engineers. That premise is precisely why the Defcon is not secure. A thin piece of metal, made from a beer or pop can is be easily cut into a shim, inserted into the lock, and each of the gate positions tested.
If the plastic strip is removed, which is a trivial procedure, then even simpler yet, a paper clip can be inserted and each of the disks probed in a few seconds, thereby yielding the combination. I don't think I would consider a paper clip or thin wire as a high tech attack. And what if a fellow employee does not want to steal your laptop, but simply reprogram the lock so you cannot remove it? Well, I guess you could decode your own lock. But then, that does not inspire much confidence in the security of your laptop, which was the reason you or your company purchased these locks in the first place. By the way, the Targus customer service director told me that the employees at Targus utilize laptop locks to stop thefts within the company! I wonder whose locks they use if they really want security.
For a more detailed account of hacking your Targus Defcon CL, please check out the white paper [PDF].
In my next article, I will examine the Targus mobile security lock for the iPod. If you liked this one, you're really gonna love the next!
Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. He has authored five police textbooks, including Locks, Safes, and Security, which is recognized as the primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book is also available online. His website is security.org, and he welcomes reader comments and email.
A security analysis of this new product was prompted by a recent call from a technology reporter at the St. Paul Pioneer Press. This was the same journalist that wrote a detailed story about laptop locks in September 2004 that followed our security alert regarding the Defcon, wherein we described the simple method to decode its combination and quickly open it.
Based upon the Targus press release and verbiage on the product packaging that extolled the Defcon CL Armor as having "more cut resistance and greater protection against cable cutters than other leading security cables," an associate and I decided to revisit the security of the new design and see if Targus has learned anything about the design of security products in the last two years. Evidently not! We sought to determine the new lock's resistance to both covert and forced methods of entry. As a result, an updated security alert and technical analysis has been posted on www.security.org and Engadget, together with a video that demonstrates how easy this lock can be compromised. Based upon our findings, I think it is fair to say that the latest Targus lock is on the cutting edge -- literally.
Looks can be deceiving. The Defcon CL appears to be quite secure, but in our view, it is far from it. Unfortunately, most design engineers really do not understand the concept of security engineering with regard to hardware and specifically to locking devices. For those of you that have not read Ross Anderson's treatise on Security Engineering, I would recommend it as required reading, for it goes to the heart of what we view as the latest Targus design deficiency.
The armor is easily compromised by bending the cable over upon itself,
exposing the inner cable that is supposed to be protected.
Security Engineering and the design of products
Those who design security hardware incorporating mechanical locks often lose sight of what really makes those locks secure, and more importantly, what makes them vulnerable, even to the most elementary attacks. In the case of the Defcon CL, the internal lock mechanism has been modified to prevent a piece of paper or Mylar from being utilized to determine the position of each gate and thereby the combination, as was disclosed in our 2004 posting. The problem is with the redesign. As shown in the accompanying report, the gates can still be easily decoded with a wire, paperclip, or a piece of metal that is cut from a beer can and made into a shim.
When I spoke with the Manager of customer service for Targus, a six-year veteran with the company, he told me that their engineers had tested against methods of both covert and forced entry and that he was "confident" that this lock was secure. The fact is, this just isn't the case, and the result is the the consumer is left with the belief that their laptop is safe against what should be obvious modes of attack to those who engineered this product. And that is precisely the problem, as Ross Anderson so eloquently addressed in his book -- a false sense of security. Most design engineers did not grow up breaking things, as I did, so they usually have no clue as to how to make them secure. The primary rule: you cannot design a security product properly if you do not thoroughly understand the methods to break it. Targus should take note of this axiom, because they are representing to the public that they are experts in computer locks and that the public can rely upon them to produce a product that in fact is a real deterrent to theft. At a price of between thirty and fifty dollars for the Defcon series, I think one just might have a right to expect that!
I consult with several lock manufacturers, both in the US and Europe with regard to the vulnerability of their locks, associated hardware and security systems. Part of my task is to educate their design engineers as to methods of bypass, both traditional and "out of the box," which means unique to the mechanical and operating parameters of their specific product. Perhaps the most elementary and at the same time most difficult concept to teach these designers is that the key (or in this case the combination) does not directly open the lock; and that there are often mechanical methods to bypass the lock or system. Just as important, they need to understand that the key or combination can likely be decoded or simulated through sometimes-elementary means. If this occurs, then all of the security features are essentially worthless.
The design of the Defcon CL
I am sure that Targus will argue that this lock is only a deterrent and cannot stop determined thieves or experts. That is very true of this and almost any lock, but there are certain basics in the design of a product that must be understood to insure at least a minimum of security. In this case, those basics would relate to the essentials of a cable lock: notably and rather obviously the cable and the lock! So, let us try to reconstruct the thinking that went into the latest Defcon.
We need to consider two primary questions: what is a deterrent, and what components need to be made secure? The issue of deterrence is complicated one and which nobody in the industry has really defined. Just what is a deterrent when we are talking about stealing a laptop? Well, I would submit it is a time delay of more than a minute, at the very least. It should be a lot more, but there are many factors to be considered. Most thefts, at least in the laptop arena, are crimes of opportunity. If the laptop can be easily removed it is likely to be stolen. So, all of the laptop lock manufacturers have accurately determined that there are four critical components to preventing theft: the security slot on the computer, the slot interface, the cable, and the lock. It is not very complicated to figure this out. As always, the problem comes in the execution.
First, the lock manufacturer has no real control as to how the computer-maker designs the security slot. Some are made entirely of plastic, which is essentially worthless and will allow the lock to be removed by twisting and pulling. Other vendors utilize metal, which make these slots more secure against most forms of attack. The vendor does control how the lock interfaces with the slot. All of these devices have some form of expanding elements that prevent removal from the slot enclosure. Some are better than others but at the end of the day, they all accomplish the same result.
Other than the interface, the two critical issues that the lock manufacturer can control are the design of the cable and the locking mechanism. This is the two-pronged Targus problem.
Protecting the cable
I am sure they looked at different armor manufacturers, focusing on weight and bend radius parameters. There are a couple of different ways to protect a cable with a flexible metal covering. One method is to utilize interlocking links. In my view, the preferred method, not employed by Targus, is to employ helical-wound cable made of stainless steel or similar material. In fact, while researching this article, I spoke with one of the leading cable manufacturers in the United States and asked them to analyze the Targus approach to armor. They were not impressed, and expressed the same concerns that I raised with them, that the Targus cable is comprised of a series of steel rings that really do not reinforce each other in any meaningful way. They are only interlocked because they are prevented from separating by virtue of the sealed end of the cable. There is nothing to keep them together, other than a coating of plastic that is 0.01-inch thick and can be cut or melted quickly.
Targus should have known that the bend radius on the links allows them to be separated. Once this occurs, I was able to easily cut the inner cable with a seven-inch diagonal cutters, purchased at my local hardware store. I am sure that the decision to utilize this type of armor cable was primarily driven by price; supplying the really secure cable would cost more money. In fairness, the outer covering that Targus chose is tough. In fact, if you try to cut this cable with anything less than a 14-inch pair of bolt cutters, you will likely break them, as I did in multiple attempts. So, when Targus boasts that its cable is the toughest in the industry, they are partially correct, but the statement is still misleading.
I am certain that their engineers did not test by exploiting the limited bend radius of their individual links, and that is precisely the problem. Why would they ever think of bending the cable over upon itself to expose a gap, or as I would prefer, a chink in the armor? They would only do that if they truly wanted to make a cable that was secure against a relatively simple form of attack; one that would perhaps be employed by a person who wanted to steal a laptop without going through a lot of work!
So, the first and most critical part of the Targus Armor design fails because it can be easily compromised in just a few seconds with ordinary tools. I tested the new Kensington cable against the Defcon in preparation for this article. Their plastic-covered multi-strand cable has a smaller diameter than does the Defcon armor, but is much tougher against attack with the same seven-inch diagonal cutters. Again, in fairness, if you do not "tamper" with the Defcon cable, then it is very difficult to cut. But in my view, if the lock can be easily compromised in a few seconds, then it does not matter how that is accomplished, so long as ordinary tools are employed. The consumer is buying time when they purchase a laptop lock; time for the thief to be caught in the act. In my view, Targus fails to provide that time. But keep reading, because it gets better.
Targus might argue that any laptop cable can be cut given the proper tools. That statement would be entirely correct. In fact, I have been able to sever every laptop lock by every manufacture that I have tested with a fourteen-inch bolt cutters. We should be concerned with the use of simple, easy to conceal, non-sophisticated tools. I would say that a seven-inch diagonal cutter meets that test more than a fourteen-inch bolt cutter. So, the argument might be made that even if the cable is cut, the lock is still hanging on the laptop and nobody can walk around with a computer with a lock dangling from it, as it would be a dead giveaway that is was stolen.
As it turns out, the three people that I spoke with at Targus customer service all indicated that they actually provide instructions as to how to cut their lock from the computer in case the combination is lost. Even more interesting, they told me that it might take a maximum time of fifteen minutes to dial all the combinations on this lock! Whether that is true is not particularly relevant but an interesting statement. Even more curious, Targus does not offer any form of insurance or warranty against theft if their locks are compromised, as do other lock manufacturers.
The Targus combination lock
In 2004, I examined the design of the Defcon CL and determined that it could be decoded quickly with a piece of paper or thin plastic inserted to the side of each of four thumb wheels to feel for the gate position. This would provide the combination within a few seconds. So the folks at Targus admitted privately that they had a problem and thought they fixed it -- "thought" being the operative word. Yes, they changed the location of the gate and the overall design of the housing, but not enough to prevent it from being simply decoded. In fact, I might argue that it is simpler and quicker to decode it now then in 2004! Why is that?
The individual wheels now have a different geometry that can be probed from the end of the lock with a piece of wire, paper clip or shim. As shown in the video, this is a simple bypass method and could have been easily prevented [WMV], had the Targus engineers really tried to open this lock like one intent on stealing it.
What really provides the security of this lock? Ostensibly, it is the 10,000 possible combinations but remember the caveat in the introduction to this article: locks can often be decoded because of mechanical design issues that were not contemplated by design engineers. That premise is precisely why the Defcon is not secure. A thin piece of metal, made from a beer or pop can is be easily cut into a shim, inserted into the lock, and each of the gate positions tested.
If the plastic strip is removed, which is a trivial procedure, then even simpler yet, a paper clip can be inserted and each of the disks probed in a few seconds, thereby yielding the combination. I don't think I would consider a paper clip or thin wire as a high tech attack. And what if a fellow employee does not want to steal your laptop, but simply reprogram the lock so you cannot remove it? Well, I guess you could decode your own lock. But then, that does not inspire much confidence in the security of your laptop, which was the reason you or your company purchased these locks in the first place. By the way, the Targus customer service director told me that the employees at Targus utilize laptop locks to stop thefts within the company! I wonder whose locks they use if they really want security.
For a more detailed account of hacking your Targus Defcon CL, please check out the white paper [PDF].
In my next article, I will examine the Targus mobile security lock for the iPod. If you liked this one, you're really gonna love the next!
Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. He has authored five police textbooks, including Locks, Safes, and Security, which is recognized as the primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book is also available online. His website is security.org, and he welcomes reader comments and email.
The numbers (code) of my lock changed while i closed it last time !!
Thx to this post i could find the new code, and open it !
( -> went from 5407 to 5439 without i changed the combination ! )
Browsing de www i found this page:
http://stadium.weblogsinc.com/engadget/videos/lockdown/TARGUS_DEFCON_2006_REPORT_MWT_FINAL.pdf
The real one solution. Y could do it with a plastic as in the picture. I hope this help all of you. Regards. Gustavo.
ARGH! I can't seem to get my defcon CL open with this technique. I can't seem to slide the metal piece through the entrance. The pdf shows that it is easily removed with a screwdriver to reveal the gates, but I haven't been able to. Has the lock changed? HELP PLEASE!!!!!!
Paul
I have been trying to do the same by sliding in the metal shim into the lock, but it does not seem to move in, can anyone please help!!!!!!!!
I need to change the lock urgently.....
There are different locks with the same name. (The year or model) Send me i pic of it or post a pic of it so I can try to help you. I just figurered out how to hack a different model then the one in the pic above but has the same name.
Even worse than weak locking features is that the lock 'forgets' the combo, according to Targus tech support, 'rarely' (but they do not commit to what number range 'rarely' falls into). In other words, you enter a four digit combo which works 'most of the time' but then for no apparent reason, that original four digit combo NO LONGER OPENS THE LOCK. Targus admits that the tumblers occasionally do not function but they stated that they do not have neither the moral nor commercial obligation to inform potential customers that the lock is inherently defective. That is just plain disgusting!
ZZZZZzzzzzz..... I was picking these types of locks the same way in jr. HS, and that was in the mid 80s!! Face it, what one man creates in order to protect, another man will thwart. These devices will deter the opportunist, but is someone wants what you have bad enough, they WILL get it.
Spec, you're an idiot... the point here is that when we purchase a security product it should provide reasonable security... not a product that can be broken through in less time than it takes me to get the vending machine to accept my wrinkled dollar bill.
I find that the purpose of locks are not to "secure" your posessions, but to increase the amount of time to steal it. If the item takes too much time to steal, then the thief will go for something easier.
Defintely an interesting read and an even more interested set of videos. At least now I know not to ever by from targus.
dammit...
do you think this includes the targus defcon scl (the serialized version that comes with a predetermined, non-changeable combo)? the end of the lock (where the pin is stuck) looks different on mine
i just bought one a few weeks ago. i hope no one is brave enough to pull this off while i take a shat in the library...
That guy in the video has nasty fingernails haha.
Wonderboy, go easy on Shim. I think what he's trying to point out here is that Targus is touting this lock as being some kinda of wonderful development in laptop security, despite the fact that the lock can be compomised using methods that Jr highschoolers were using two decades ago. While I'm certainly not going to jump on the "OMGOMGOMG I'M NEVER GOING TO BY TARGUS STUFF!!111" bandwagon, (No offence AceMilo) I will say that I will certainly look more closely at the security products I purchase after seeing this.
ARGH! I replaced the Defcon CL that I got after the first demonstration of how easy they were to hack, and now I read this?!?!
WHAT THE HELL TARGUS, YOU NEED TO FESS UP AND GIVE ME A FREAKIN NEW LOCK! I'm sick of this crap! You told me this one was better, fixed the problems, so I bought it!
awesome. great report. Really enjoyed the videos. Not in a sexual way, in a way of humor.
now that is what i call positive attitude, Dirk
When I purchased this lock I felt reasonably secure that it would, as advertized, deter a thief. Little did I know that a couple of people with too much time on their hands, access to any tool they wanted and a fair amount of imagination would figure out a way around the security of the device (with a limitless amount of time and no chance of being "caught trying to steal") and then post their findings on the Internet for all to see. So who's doing the disservice here, Targus or you?
Before posting this for all to see, did you provide Targus with your findings and allow them the opportunity to remedy the problem?
Shame on you. I believe you owe me a refund for my lock. Anyone else feel like I do? How about a class-action lawsuit against THESE guys?
you just told us what your IQ is, Barragon.
Its called "white hat hacker", Jose.
Barragon, I think you're on to something!
After all, no thief would be stupid enough to spend $25 buying one of these to figure out how to steal laptops that net him only $250 each. I mean, only a 10x return on investment! Who'd be willing to make that gamble. Too risky I say. Bravo for your insights.
After working in a department that looked after 3500 laptops, the locks are just a deterant even if they are the best avaliable. We found most notebooks were the weakest part of the link with the theif snapping the case and leaving a small portion of the casing behind with the lock. From the laptops recovered from the theft we noticed that the broken casing where the lock used to be wasn't at all noticable leaving the notebook in a resellable condition.
Until they have a better 'socket' to connect the locks to there's no real point in spending a large amount of cash on a lock like this even if it's the worlds best.
LiveItNerd - At work we were including a cheap Dell laptop with an automated fixture we were building, and the customer wanted a standard notebook lock to prevent employees or whatever from stealing it. This was right around the time Engadget was posting about defeating standard notebook locks with a post-it note and stuff, so I suggested we try and come up with something tougher to defeat. I googled around and found something called the Laplocker (click my name for link). The reason I picked it is because it doesn't use the standard lock port found on notebooks, and instead clamps around the hinge area of the notebook. The beauty of this is in addition to preventing the plastic from simply snaping, even if they were to cut the wire, the laptop would still be permanently in the open position because of the bracket. It's a lot more obvious that you're stealing a laptop when you can't just close it up and stick it under your arm.
Anyway, we bought one for the job but the customer didn't like it for some reason, so we ended up using a regular lock like they wanted. I still think it's one of the best solutions out there, though.
no!!! i just bought it 2day!!! It's cost me CND $56.
yes, i agree with K, Marc is right in telling us, targus probably has a lab to test products, what are those guys paid for? unless targus DOESNT have a lab, and just has a machine churning locks in india or china or wherever, hmmm...
I had a same Defcon lock shown on the video (lost the combination), tried the "can thing process" everything went fine, the piece of can went through all the way of the 4 "locks", then decrease 3 positions for each but did not work out.
Still looking forward on how to hack it... lol.
Thank you very much. A friend's Targus $50 lock screwed up & wouldn't open and she couldn't leave work w/o her Mac. They cut the cable & were getting ready to hack saw off the lock and mar the laptop. It was either that or Apple would have to open the iBook and take it out. $$$. I used a flattened reg. paper clip and opened it (as per your article) and the iBook doesn't have 10" of ugly cable hanging off it.You guys rock!
Thank you! You info was help me! I open my lock with forgotten code!
I have a similar problem. In the midst of changing g the code, I dropped mine, tumblers moves, now I can't open it.
Help!
hello..how can i open my DefconCL Notebook lock When i Forgot their code number..can u help me..