Advertisement

The Lockdown: Deadbolt walking

Marc Weber Tobias
Updated ·4 min read


There are millions of Medeco deadbolt systems in place worldwide. Between Medeco's reputation for quality and engineering excellence and their high security ratings by UL, BHMA / ANSI and other standards organizations, they are rated as one of the most secure systems available. The current mechanical design of Medeco's deadbolt has been utilized in its Biaxial product line, and now the m3, which we previously discussed. And guess what: a simple attack can bypass the security of this deadbolt in less than one minute, rendering all of the advanced Medeco technologies virtually irrelevant.

These Medeco systems are relied upon in many different applications including high security installations throughout the world. The locks contain many levels of security including sidebars, sliders and special security pins. Unfortunately, all of that security can be circumvented in seconds with tools such as a simple screwdriver as shown above.



Bypass of these Medeco systems by means of forced entry has been difficult, even with expensive tools available to professionals. But these pro-lockpicking tools are not the variety you should fear, since cost and access to them prevents their proliferation. The tools we should fear are the ones everyone -- including your average burglar -- have lying around the house.

Underwriters Laboratory and BHMA / ANSI have certified these Medeco locks as immune to physical attack for at least five minutes through their testing protocol, yet we have been able to open them in less than a minute using implements that can be had for a few dollars at any hardware store. I have filed a formal petition for review of this and other issues relating to high security locks with Underwriters Laboratories so that UL may consider revising the standards to protect the public from the certification of locks that can be compromised by such techniques.

How can all of the security of these locks be bypassed in seconds? We discovered a serious security flaw in certain of Medeco deadbolt designs. The company has confirmed this; they are scrambling to fix the problem that may have been unknown for twenty years. Within the last couple of weeks the factory had planned on modifying their production line to stop the simple defeat that we announced at Defcon.

Part of the problem results from a widening of the keyway in the m3 as discussed previously (that link again). This method of attack can be carried out with extremely simple and inexpensive tools and requires very little skill, just like bumping. In certain instances this method of bypass can even be simpler than a bumping attack on a conventional cylinder.

This video shows the result of bypass of internal components with a simple screwdriver. (The demonstration has been edited so as not to disclose the precise techniques that are employed to allow the deadbolt mechanism to be bypassed. Shown is a standard six-inch screwdriver that is inserted into the keyway of a Medeco m3 high security cylinder, which can be used to easily retract the deadbolt.)

This is not the only security vulnerability that we have documented in Medeco high security locks. At Defcon, Jenna Lynn, now twelve years old, was able to bump open the Medeco Biaxial three different times. You will recall that this young lady bumped the Kwikset and other locks last year at Defcon 14. She told me that she wanted to "maintain her reputation." She certainly has! An upcoming series of articles will continue our analysis of security issues regarding bumping, picking, and other forms of compromise for Medeco cylinders.

Notes: A detailed analysis is available together with a video demonstration that clearly shows the method of bypass, but this publication has been restricted to locksmiths and the professional security community because of the simplicity of the technique and the potential security ramifications that could result from a public disclosure of the exact method. If you have security responsibility you may contact the author for access to the restricted document.

Marc will also be presenting with regard to high security locks and the Medeco design issues at the HITB Security conference in Kuala Lumpur, Malaysia the first week in September.

Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. He has authored five police textbooks, including Locks, Safes, and Security, which is recognized as the primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book is also available online. His website is security.org and his blog is in.security.org, Marc welcomes reader comments and email.