Noted security expert Marc Weber Tobias contributes The Lockdown, exposing the shoddy security you may depend on.
On Friday, September 22, 2006, I interviewed Al Giazzon, the U.S. marketing manager for Targus. We talked about the company's philosophy regarding the security of their products and specifically about the Engadget report on the Defcon CL armored cable lock
and the iPod mobile security lock
The interview lasted for one hour and is available here to listen to in its entirety [WMA]
. For those of you that would like to review the critical points that were touched upon during our conversation, I have summarized them for a bit quicker of a read. Regarding their view of security and of their products:
"We are not in the business of providing [a high] level of security against a well thought out, planned theft. We're really about providing a level of security for an affordable amount to protect against that more opportunistic theft. And for all of our corporate accounts that we sell these products to, they know that anyone who really wants it is gonna take it. And if it's the case where [the laptop is] that valuable, they take other precautions as well."
"So, it's not really just for us, but I think for the majority of the sub-hundred, sub-seventy-nine dollar cable locks. I mean, it's a modicum of theft deterrent. But it's certainly not intended to be the end all and be all of security. And that's really our position on this category."
"But again, I think just the visual application of some level of protection, albeit not foolproof by any stretch, is enough to warrant or to deter that [someone] from taking that person's product, and move on to the next opportunity if that's what they're looking for."
"... like I mentioned to you, we're going back and working with our partners to make [our security] better. ... as a category – and I'm talking about not just Targus -- but as a category of these notebook security devices, the vast majority of which can all be defeated with any planning -- planning being, you know, a $12 bolt cutter."
"The specific on the cable on the cables gets back to the opportunistic versus planned theft. I would consider using any kind of [theft] device a planned theft.
And under that scenario, you know, certainly these devices are only providing a modicum of protection. And I'm not talking about Targus, I'm talking about Kensington as well, and all the other brands."Regarding their views on the Defcon CL Armor
"... we are working with the vendor. We're going to correct any issues and we're going to continue to enhance the properties of the security products we make. And we'll continue to come out with even stronger, you know, technologies for, like I said, leveraging the video port lock and combining video port lock with for example the ringlets. We've got a lot of really nice products coming out. They'll be affordable, but provide even maybe more deterrent than we currently do."
"Our belief was that the ring was provided an extra layer of protection against someone just walking by with a cable cutter, above and beyond what would happen if someone was walking, using a cable cutter, and came upon a different type of unprotected cable.
The fact that this person would need a pair of pliers and a cable cutter obviously means it's predetermined, it's something that's been thought of, thought through -- and in that case, it's not what we would view as [a defense] in the sub-hundred dollar, sub-seventy dollar price range for protection."
"... the video port lock is still not going to prevent someone with bolt cutters who's planning on stealing it, but it does address the weak point of attachment to the notebook."
Al stated that they are going to address the design of their easily-hacked combination lock in the immediate future. "We are going back to our partner and addressing that right now. So we're definitely going to tighten that up very quickly." "Obviously, we have some work to do on the combination lock. And we will – we're gonna address that."Their views regarding the iPod lock
"I think the point of having a physical device connected to an iPod makes it unusual and visually signals to someone [that] there's going be an easier time to steal someone else's iPod. [The theif] is not gonna go through dragging the rest of the stuff it's attached to."
"... it's strictly designed as a deterrent from someone just walking by and picking [the iPod] up. If we can help save a few of those iPods -- you know, right now it's the number one most stolen CE device. It's a way to let someone go look at the next person's iPod as opposed to their own."
"Our point was, why would we want to break an iPod? Why am I wasting time with this? I'll find another one more easy – easier to take and I don't want a broken iPod. They're too delicate.
That was a point."
"I think these types of products provide a level of deterrent from the casual thief. And I believe that casual thieves make up a big part, especially in the campus setting -- as we look at the percentage of these being stolen [from] kids, makes up a big part of that. And [the lock] is basically a flag that says, 'Go look somewhere else for an easier pick up.'"
So, what do you -- the consumer -- think? Should your Targus iPod lock provide more security, or is the concept of deterrent by threat of damage to the device enough to secure your gear?
Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. He has authored five police textbooks, including Locks, Safes, and Security, which is recognized as the primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book is also available online. His website is security.org, and he welcomes reader comments and email.