WELCOME TO SECURITY.ORG

The Multimedia Edition of LSS+x, the High Security Supplement to LSS+, 

is now available. Order the CD or book. 

Check for special reduced pricing for all Medeco dealers or commercial and government customers in order to assess postential liability for a compromise of security

See the ASIS review of "Open in Thirty Seconds" in the February, 2009 issue of Security Management magazine

ASIS Review (pdf)


The CD version for Government and Locksmiths, is entitled 

"THE COMPROMISE OF MEDECO HIGH SECURITY LOCKS: 

New Techniques of Forced, Covert, and Surreptitious Entry"

 


LSS+x Full DVD Jacket design

LSS+x Table of Contents and Chapter Outline

A few images from the book are shown below.

Four code setting keys for Biaxial and m3 locks

Macro of the three standard rotations

Viewing the gates of an Aft pin with an Olympus .87mm borescope

Still image from macro video showing a specially-prepared cylinder to demonstrate setting the sidebar code and picking the lock. The key at the left shows the correct sidebar code. Time: under 30 seconds to open.

Macro video that demonstrates how we exploited the gate-sidebar leg tolerance.

Diagram of the sidebar in the Medeco patent

Simulated blank that is a bump key. It will work in virtually all m3 and many Biaxial keyways

Simulated blank that is cut to the vertical and angled bitting of this lock. It works perfectly.

THE COMPROMISE OF MEDECO HIGH SECURITY LOCKS: New Techniques of Forced, Covert, and Surreptitious Entry

 Purchase of the Multimedia edition of LSS+x requires you to have the companion edition of LSS+.

This new book, by Marc Weber Tobias and Tobias Bluzmanis, is a culmination of eighteen months of research by the authors into all design issues that affect security in the three generations of Medeco cylinders. It extensively details the security vulnerabilities of Biaxial, m3, and Bilevel locks to techniques of forced and covert entry, and the complete compromise of key control.

All of our research has been supplied to Medeco, beginning in October, 2006. They were provided with the manuscript, videos, and test locks and keys, and were asked to voice any objections, corrections, changes, or to provide any information that they felt should be included in the book. They have refused all comment. 

Although the company has not made any public statements with regard to our findings, they were forced to modify their deadbolt design in August, 2007, as the result of our disclosure of a forced entry technique that allows the Maxum and other cylinders to be opened in seconds with little more than a two dollar screwdriver. Since the release of those findings in July, 2007, we have developed three other unique methods of attack that involve the use of force. These are described in the text.

The book contains fourteen chapters, about 400 images, graphics, tables, charts, and more than thirty video segments. We document and demonstrate all forms of bypass, including picking, bumping, decoding of the top level master key in multiple sidebar code systems, and the creation of a simulated blank to bypass virtually any m3 and many Biaxial keyways, including those that are highly restricted.

We describe how to pick five and six-pin Biaxial and m3 cylinders, often in less than a minute, with conventional picking tools that are used in combination with our patent pending code setting keys. You will learn how to neutralize the sidebar and slider prior to picking, and to adjust individual rotations of pins without disturbing other pins that have already been set. We explore in detail what we believe to be a fundamental flaw in the Medeco design that dates back forty years. We exploit this flaw to allow  bumping and picking of virtually all of their locks.

An extensive analysis of second and third generation Medeco codes has allowed us to develop four keys that can be used to bump and pick virtually all non-master keyed Biaxial and m3 locks that were pinned to codes in the codebook prior to December, 2007. A maximum of sixteen keys will accomplish the same result for new locks that are pinned to Generation-3 codes in 2008. We also describe other methods to pick virtually all Medeco pin tumbler cylinders (master and non-master keyed) by exploiting other design characteristics. 

We document four new methods of forced entry that can result in bypassing the Biaxial, m3, and Bilevel cylinders in deadbolt, rim, mortise, and IC configurations. Some of these techniques can be accomplished very quickly, with little skill and even fewer tools. We describe how rim, mortise, and IC cylinders are subject to a hybrid attack that can place at risk the security of any facility that employs them. Finally, we examine the Bilevel cylinder and why it can adversely impact the security of any m3 system.

We filed lengthily patent applications to cover multiple methods of covert and forced entry, and to protect against these same methods of attack. 


LSS+ 2008 will be released at ALOA on June 19, 2008. This latest version contains three new volumes and approximately eight hours of new video segments with regard to access control, forced and covert entry, and other topics. 

Master video listing for LSS+

Master list of updates for LSS+ from Version 5.0


See The Sidebar for more information on LSS+x and LSS+ 2008, and an upcoming two-part response to the editorial in the NDE magazine by Medeco.


Security.Org contains data about locks, safes, and bypass tools, and is the supplement to the second edition of Locks, Safes, and Security: An International Police Reference, published by Charles C. Thomas, Publishers.

The site provides detailed information to law enforcement and government agencies, security professionals, locksmiths, and safe and vault technicians regarding the security and bypass of locks and safes throughout the world. Sophisticated search tools allow the retrieval of text, images and video materials pertaining to high security locks, bypass tools and techniques, as well as comprehensive reference information about locking mechanisms.

Locks, Safes, and Security is a treatise on the history, technology and bypass of locks and safes. It provides extremely detailed information for security and law enforcement professionals. The book may be previewed on-line. 

LSS+ 2008 is the ELECTRONIC INFOBASE edition of Locks, Safes, and Security. It was originally released in July, 2002, and is comprised of eighteen volumes (GOVERNMENT VERSION) that contain 5000 new images, enhanced graphics, and approximately sixty hours of audio and video.  There are four books contained within the INFOBASE, including two treatises on locks and safes that were written at the height of the industrial revolution in England. A special D.A.M.E. (Defenses Against Methods of Entry) supplement (LSS501, LSS502) in conjunction with the DAME course taught by Harry Sher, was originally released in July, 2005 and has been updated in three different editions. The 2010 release now contains 79 video segments detailing many forms of bypass and related issues.

Reviews of Locks, Safes, and Security, and LSS+ 


Information contained within this site may be quickly accessed through the link icons at the top of the screen. SEARCH tools, relating to locks, safes, and bypass tools, have been preformatted, and are organized by desired search result. LSS BOOK provides information about Locks, Safes, and Security. Search tools allow an on-line search of the book by its index entries, or by key word. SECURITY provides access to alerts, reports, and hyperlinks to sites of interest. BYPASS TOOLS offers information about three manufacturers and vendors of tools for the bypass of locks. LSS-CD contains an on-line tutorial about LSS+, as well as order forms and registration information. 

We hope this site assists you. Your comments and suggestions are welcome.

Medeco is a registered trademark of Medeco Security Locks, Inc.