Attack the Key, Own the Lock

DEF CON 18

Presented by: datagram, Schuyler Towne
Date: Sunday August 01, 2010
Time: 11:00 - 11:50
Location: Royale 2-3-4
Track: Track 1

Locks restrict access to anyone lacking the correct key. As security components, we depend on locks to secure our most valuable possessions. Most attacks demonstrated in recent years involve manipulation of the lock components with special picking tools, but what if we focused on using incorrect or blank keys to make a variety of tools? Bumping is a good example, but there are many other ways incorrect or modified keys can be used to defeat locks. Like the cryptography world, physical Keys are vulnerable to attack in even the highest security locks.

This talk focuses on using modified keys and key blanks to open, decode, and bypass several locking mechanisms, including many high security locks. We demonstrate and discuss the security implications of key-based attacks on modern lock designs.

Schuyler Towne

Schuyler Towne is, first and foremost, a competitive lockpicker. He has won the DefCon LockCon twice and beat the #2 picker in the world head to head at the Dutch Open (now also named LockCon) in 2008. Schuyler teaches a Locksport course at Olin College and Sprout, a community education center in MA. He runs workshops at the University of Advancing Technology and regularly speaks at various schools and conferences. DefCon was the first, and remains the favorite speaking engagement Schuyler has ever had.

datagram

datagram has taught about locks, safes, and methods to compromise them for many years, including training to private companies and government agencies. He has spoken many times on physical and digital security at various conferences and is a part-time forensic locksmith. datagram runs the popular lock and security websites lockwiki.com and lockpickingforensics.com. This is the first time he's done a serious biography and it worries him, too.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats