Bypass of these Medeco systems by means of forced entry has been difficult, even with expensive tools available to professionals. But these pro-lockpicking tools are not the variety you should fear, since cost and access to them prevents their proliferation. The tools we should fear are the ones everyone -- including your average burglar -- have lying around the house.
Underwriters Laboratory and BHMA / ANSI have certified these Medeco locks as immune to physical attack for at least five minutes through their testing protocol, yet we have been able to open them in less than a minute using implements that can be had for a few dollars at any hardware store. I have filed a formal petition for review of this and other issues relating to high security locks with Underwriters Laboratories so that UL may consider revising the standards to protect the public from the certification of locks that can be compromised by such techniques.
How can all of the security of these locks be bypassed in seconds? We discovered a serious security flaw in certain of Medeco deadbolt designs. The company has confirmed this; they are scrambling to fix the problem that may have been unknown for twenty years. Within the last couple of weeks the factory had planned on modifying their production line to stop the simple defeat that we announced at Defcon.
Part of the problem results from a widening of the keyway in the m3 as discussed previously (that link again). This method of attack can be carried out with extremely simple and inexpensive tools and requires very little skill, just like bumping. In certain instances this method of bypass can even be simpler than a bumping attack on a conventional cylinder.
This video shows the result of bypass of internal components with a simple screwdriver. (The demonstration has been edited so as not to disclose the precise techniques that are employed to allow the deadbolt mechanism to be bypassed. Shown is a standard six-inch screwdriver that is inserted into the keyway of a Medeco m3 high security cylinder, which can be used to easily retract the deadbolt.)
This is not the only security vulnerability that we have documented in Medeco high security locks. At Defcon, Jenna Lynn, now twelve years old, was able to bump open the Medeco Biaxial three different times. You will recall that this young lady bumped the Kwikset and other locks last year at Defcon 14. She told me that she wanted to "maintain her reputation." She certainly has! An upcoming series of articles will continue our analysis of security issues regarding bumping, picking, and other forms of compromise for Medeco cylinders.
Notes: A detailed analysis is available together with a video demonstration that clearly shows the method of bypass, but this publication has been restricted to locksmiths and the professional security community because of the simplicity of the technique and the potential security ramifications that could result from a public disclosure of the exact method. If you have security responsibility you may contact the author for access to the restricted document.
Marc will also be presenting with regard to high security locks and the Medeco design issues at the HITB Security conference
in Kuala Lumpur, Malaysia the first week in September.
Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. He has authored five police textbooks, including Locks, Safes, and Security, which is recognized as the primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book is also available online. His website is security.org and his blog is in.security.org
, Marc welcomes reader comments and email.