TheLockdown
Latest
The Lockdown: Deadbolt walking
There are millions of Medeco deadbolt systems in place worldwide. Between Medeco's reputation for quality and engineering excellence and their high security ratings by UL, BHMA / ANSI and other standards organizations, they are rated as one of the most secure systems available. The current mechanical design of Medeco's deadbolt has been utilized in its Biaxial product line, and now the m3, which we previously discussed. And guess what: a simple attack can bypass the security of this deadbolt in less than one minute, rendering all of the advanced Medeco technologies virtually irrelevant.These Medeco systems are relied upon in many different applications including high security installations throughout the world. The locks contain many levels of security including sidebars, sliders and special security pins. Unfortunately, all of that security can be circumvented in seconds with tools such as a simple screwdriver as shown above.
The Lockdown: The Medeco m3 meets the perilous paper clip
Noted security expert Marc Weber Tobias contributes The Lockdown, exposing the shoddy security you may depend on. Medeco is the predominant high security lock manufacturer in the United States and has been trusted for more than thirty-five years to provide cylinder and hardware security for the private, commercial and government sectors. According to Medeco, their locks are utilized in such venues as the White House and Pentagon to afford the maximum in cylinder lock security. The m3 cylinder, released about 2005, is the Medeco star product, the flagship in the security company's state-of-the-art, designed to resist almost any form of attack. The lock touts its key control attributes based its unique integrated slider that adds another level of security to the lock. But if you are using these locks and think you're secure, you might just be surprised by what you can accomplish with a paperclip and a custom-cut shim.
The Lockdown: Gun locks - unsafe at any caliber
Noted security expert Marc Weber Tobias contributes The Lockdown, exposing the shoddy security you may depend on.Two years ago I published an alert on my site regarding the inherent insecurity of gun trigger locks in the hope that manufacturers would remove them from the market or modify their design to make them more child-proof. Although some manufacturers now produce a more secure model to meet statutory requirements in California, even some of these can be easily compromised. Essentially nothing has changed: many manufacturers continue to sell products that are poorly designed, the consequences of which can be fatal -- literally. Even the cable locks that are provided under a US Justice Department grant to law enforcement agencies through Project ChildSafe for free dissemination to gun owners are inadequate.I hope that this article will once again place all gun owners on notice of the dangers stemming from any form of trigger or cable lock to protect a weapon from unauthorized use by anyone -- but most importantly children. Have you ever seen an untrained eleven year old demonstrate the removal of three of the most popular trigger locks on the market from a rifle in just a few seconds? You will today. Read on.
The Lockdown: Locked, but maybe secure (part 2)
Noted security expert Marc Weber Tobias contributes The Lockdown, exposing the shoddy security you may depend on. The vast majority of door locks in the U.S. and many other parts of the world rely upon the security or insecurity of the pin tumbler mechanism. In part 1, I described the serious vulnerability to bumping and how most locks can be easily and quickly opened, even by a child. But in part 2 I will try to answer the question that most readers have asked in their emails: what lock should I buy?Security: How much is enough?The answer to the question of which lock you should buy is not quite so simple, and depends upon your definition of security. You need to consider a lock in the context of what it is designed to protect, where you are going to install it, and what your perceived risks are. In my opinion, conventional mechanical locks, the ones that do not carry any type of rating, are not secure and can be relatively easily compromised by a variety of techniques, bumping perhaps being the most onerous. When a kid can open a lock in seconds there is no security. As I have pointed out before, you get what you pay for in locks; the cheap ones like Kwikset and others that I have talked about offer no real security against anything when it comes to covert and other attacks.
The Lockdown: Locked, but maybe secure (part 1)
Noted security expert Marc Weber Tobias contributes The Lockdown, exposing the shoddy security you may depend on.Part I: Methods of attack, an overview All of these conventional locks look secure, but which really are? In the real world, none of them, and this is only a fraction of what ostensibly protects the consumer. This series of articles will describe what makes a lock secure and what is hype by the lock manufacturers.In The Lockdown: Locked but not secure (see also part 2), the technique of "bumping" was described in detail, alerting Engadget readers to the vulnerability of virtually every pin tumbler lock from simple and rapid bypass. In this sequel, Marc analyzes mechanical locks and what really makes them secure or easy to defeat. Whether you are a consumer or security specialist, you need to understand the criteria established by UL (Underwriters Laboratories) and other rating organizations to define the term "high security," because some manufacturers will try to mislead the public into believing that their locks are secure, when in fact they are not. Read on.
The Lockdown: an interview with Al Giazzon of Targus
Noted security expert Marc Weber Tobias contributes The Lockdown, exposing the shoddy security you may depend on.On Friday, September 22, 2006, I interviewed Al Giazzon, the U.S. marketing manager for Targus. We talked about the company's philosophy regarding the security of their products and specifically about the Engadget report on the Defcon CL armored cable lock and the iPod mobile security lock.The interview lasted for one hour and is available here to listen to in its entirety [WMA]. For those of you that would like to review the critical points that were touched upon during our conversation, I have summarized them for a bit quicker of a read. Regarding their view of security and of their products:"We are not in the business of providing [a high] level of security against a well thought out, planned theft. We're really about providing a level of security for an affordable amount to protect against that more opportunistic theft. And for all of our corporate accounts that we sell these products to, they know that anyone who really wants it is gonna take it. And if it's the case where [the laptop is] that valuable, they take other precautions as well."
The Lockdown: The Targus iPod Lock, or, a modicum of security
Noted security expert Marc Weber Tobias contributes a new column, The Lockdown, exposing the shoddy security you may depend on. Targus is offering what they call a "mobile security lock" that they claim is a perfect "solution" for the millions of iPod owners who are hoping to keep their music players secure from theft. After evaluating the device from three different perspectives, I was not quite sure exactly what the "solution" was that they were describing, so I requested an interview with their Director of United States Marketing, Al Giazzon. Targus agreed, in part to respond to the Lockdown analysis of the Defcon CL Armored computer lock. I offered them a chance to talk about their philosophy on both of these products and to comment specifically on what I had described as Defcon CL design deficiencies. They also reviewed my video prior to the interview. The interview will come shortly, but in this article, I will analyze their latest product offering, the Targus iPod Lock, and summarize what I thought were key points of the interview regarding this product. I think you will find the discussion quite interesting and may shed some light on how Targus defines "security" in the context of protecting computers and small handheld devices, but for now we should discuss and expose the security in this product as well.The Mobile Security Lock for the iPodThis is a small (2.75-ounce) device that consists of a docking connector that is secured with a three-digit combination lock. It is connected to a retractable 2.5-foot wire that terminates in a lightweight carrying case. Functionally, the idea is that the dock will be inserted into the iPod connector and the cable extended and wrapped around something that is immobile. Two release buttons, one on each side of the locking mechanism, must be simultaneously depressed in order to retract the two metal pins that project into the base of the internal iPod connector. Once the combination wheels are spun and locked, the side buttons cannot be depressed, thus making it impossible to easily withdraw the dock. The design is similar to a notebook lock; the iPod is tied to something that cannot be carried away.
The Lockdown: Your new Targus Defcon CL lock, hacked by beer
Noted security expert Marc Weber Tobias contributes a new column, The Lockdown, exposing the shoddy security you may depend on. If you thought that this hefty looking lock was secure? Think again. Marc Weber Tobias and Matt Fiddler demonstrate how the Targus Defcon CL security device can be defeated in seconds with a piece of metal from a beer can, or with a paper clip. Its Targus time!A security analysis of this new product was prompted by a recent call from a technology reporter at the St. Paul Pioneer Press. This was the same journalist that wrote a detailed story about laptop locks in September 2004 that followed our security alert regarding the Defcon, wherein we described the simple method to decode its combination and quickly open it.Based upon the Targus press release and verbiage on the product packaging that extolled the Defcon CL Armor as having "more cut resistance and greater protection against cable cutters than other leading security cables," an associate and I decided to revisit the security of the new design and see if Targus has learned anything about the design of security products in the last two years. Evidently not! We sought to determine the new lock's resistance to both covert and forced methods of entry. As a result, an updated security alert and technical analysis has been posted on www.security.org and Engadget, together with a video that demonstrates how easy this lock can be compromised. Based upon our findings, I think it is fair to say that the latest Targus lock is on the cutting edge -- literally.
