The Medeco m3 cylinder was originally developed primarily to extend its Biaxial patent (which expired in 2005); the company aimed continue domination of the US high security lock market and protect its unique rotating tumbler technology. The m3, which replaces the Biaxial, is UL 437 and ANSI 156.30 certified, which Medeco touts as a guarantee that its security can be relied upon for the most sensitive of installations. It appears that UL, ANSI or Medeco ever thought about the perilous paper clip as a bypass method.
Beginning last August after Matt Fiddler and I lectured on the threats of "Lock Bumping" at DefCon, high security lock manufacturers including Medeco was quick to announce the heightened security of its cylinders against bumping and picking.
I have always thought Medeco to be one of the most innovative and secure lock designs of this century. The company has been a remarkable success story and provides locks of the highest quality. The inventors and founders of Medeco set the standard in high security mechanical locks, offering an incredible array of hardware solutions. The Medeco engineering staff is as clever and innovative as any in the industry.
As soon as the original design was introduced it was the mechanism to attempt to attack by covert means. Many have tried (and failed) to develop methods to pick and decode these locks. So how is it that one of the best locks in the industry can have part of its security bypassed with a piece of wire? Unfortunately, Medeco is not the only manufacturer that fails to perceive even the simplest forms of bypass. It's yet another example of a failure of imagination.
The security problem: bypass the slider and simulate the key
Medeco offers several levels of key control to insure that its patent protected blanks cannot be copied, replicated or simulated. In many systems, proprietary keyways are available to further ensure that keys cannot be improperly compromised. Although the m3 is a very secure lock, we were able to simulate Medeco keys that can be made to bypass the keyway and slider protection of almost any system -- all without infringing on any Medeco intellectual property.
One of the primary requisites of the ANSI specification (but not the UL rating) is the ability to implement three levels of key control: provide patent protected blanks to control its manufacture, prevent unauthorized duplication, and control the generation of keys by code with appropriate safeguards. We believe the ability to bypass the m3 key control scheme places all three rating criteria at risk.
To make matters worse, we were able to create a bump key with our simulated blank, that would open an m3, (although bumping is, in fact, much more difficult in this scenario). This capability may raise serious security concerns, especially in commercial and government installations where master keying may not be allowed. Don't buy it? Check out the video, here (WMV).
Conclusion
The bottom line: the m3 key control with respect to key profile, step position, key configuration and ability to replicate a known bitting and sidebar code can be compromised relatively easily.
We have demonstrated the ability to bypass the security of the m3 with the use of a piece of wire or paper clip, and to simulate Medeco blanks and cut them to the correct bitting and rotational angles. We believe this could have serious consequences for protected systems where key control is an important part of the overall security plan.
Although the Medeco m3 is more than secure for the vast majority of applications, risk managers, security officers and others charged with security responsibility may want to consider the potential risks from a failure of key control if the m3 is in use. In a very small percentage of cases, especially high value and critical targets, the ability to covertly replicate keys may place personnel and assets at an unacceptable risk.
Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. He has authored five police textbooks, including Locks, Safes, and Security, which is recognized as the primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book is also available online. His website is security.org and his blog is in.security.org. Marc welcomes reader comments and email.