Will we have to change the title of our book as a result of what happened this past weekend? Maybe!
Matt Fiddler (right) instructs on bumping open Medeco locks.
As usual, Barry Wels and Han Fey organized an incredible security conference at Sneek, Netherlands, this past weekend. The new name is LOCKCON, which was changed from “The Dutch Open” this year. There were almost 100 participants from all over Europe and the U.S. who interacted for three days of presentations, discussions, and contests to open locks and safes. Drinking beer was optional!
I would like to think that the highlight of the weekend was the four-hour presentation that my co-author, Tobias Bluzmanis and I gave with regard to the complete and total bypass of Medeco Biaxial and m3 high security locks, but at the end of the day, I think the lecture (almost five hours) that Peter Field gave was up to his usual standard of excellence and was the primary attraction. I have known Peter for more than 20 years, and have never been disappointed by one of his mega-presentations! Last Friday was no exception as he detailed the design features of more than fifty locks.
To say that his background and understanding of lock design is extraordinary would be an understatement. In our view, perhaps the most significant point is that Peter participated as the Director of Research and Development for Medeco. They have taken the lead in recognizing the contribution of the lock sport and professional bypass community. It is even more amazing that he (and Medeco) agreed to participate in the same gathering that saw Toby and I teach how to circumvent the security of the their locks.
And that is exactly what we did, both in a detailed Powerpoint presentation and in a workshop where everyone could cut keys for new Biaxial profile cylinders.
Barry and Han had purchased a Medeco key machine, hundreds of profile cylinders, and thousands of blanks in preparation for LOCKCON. Why did they go to this expense and effort? I believe that it is because of the impact that our bypass techniques could have in the high security community around the world, not just for Medeco but for other lock manufacturers as well. They wanted to let everyone learn the technique from its inventors, and then do their own vetting, rather than simply relying upon what they have heard, or read in our book, or on the web. Virtually none of the participants were familiar with Medeco locks before the conference. Few had actually picked them open, so this was a real learning experience and a test of our techniques with extremely competent technicians.
So, we explained in some detail the theory behind our concepts of “code setting keys” and “setting the sidebar code” in Medeco locks. We examined Medeco’s total lack of real key control, and the ability to bump and pick their locks in seconds. After our presentation, everyone had the chance to practice and learn the techniques that were required to open these cylinders. Just about everyone got it!
They were able to understand how to set the sidebar code in order to neutralize this vital security layer. Once that was accomplished, cylinders could be picked or bumped open, sometimes in as little as five seconds for a five-pin Biaxial.
The proof, however, was in the lock picking contest on Sunday.
There were several rounds to identify the best lock pickers in the group. By three in the afternoon, there were just a few finalists. It was agreed that the final rounds would require the contestants to pick open Medeco cylinders. Four different sidebar codes that matched our four code setting keys were assigned to five-pin Biaxial locks. Each participant had ten minutes to open their lock. Then, they exchanged cylinders with their opponent. At the end of the contest, there would only be one winner; the person that was able to open the most locks, or in the least amount of time.
Keys with the correct sidebar code, but not the correct bitting, were provided to each lock picker. They were taught how to “set the sidebar code” with this key to make the sidebar irrelevant to the security equation. In order to win the round, the contestant would have to insert his key, set the code, remove it so as not to disturb the rotation angle for each pin, and then pick the lock.
All of the locks were opened during the contest. We proved that if the techniques that we taught in our book were understood and followed, the locks could be picked, sometimes with amazing speed.
31 seconds was all that was required to open the lock to win the contest!
The locks were set to bitting and sidebar codes that were determined by Barry and Han. Neither Toby nor I had anything to do with how the contest was structured, or the configuration of the locks.
What this exercise really showed was that Medeco makes very tough locks if the sidebar cannot be compromised. Although a few of the participants had picked Medeco cylinders without learning our techniques, most could not do this. The locks, as we have always said, present a serious obstacle to covert entry attacks unless you understand how to neutralize the sidebar and other security layers. Then, they can be very simple to open. That fact, compounded by the complete compromise of the vaunted Medeco key control, makes this lock, in our opinion, unsuitable for any high security application where you really have to be sure of its ability to keep intruders out.
So all in all, it was an incredible weekend, and we would like to thank Barry Wels and Han Fey for organizing LOCKCON 2008 and allowing us the opportunity to demonstrate our techniques to compromise perhaps what was once thought of as the most secure lock in America.