Homeowners, apartment complexes, and businesses throughout the United States and Canada have purchased locks from one of the leading manufacturers in the country in the belief that they were secure. Advertising represents they are the highest grade of residential security available as a result of security ratings from different Standards organizations. While the design of this lock effectively resists certain forms of covert and forced entry that are common with other mechanical cylinders, there are also what we perceive as serious design flaws that will allow these locks to be opened, bypassed, or decoded in seconds. Because this is one of the most popular locks in America, the consumer needs to understand the inherent security vulnerabilities in order to assess their risk.
In this presentation we analyze the design of this lock and earlier similar designs implemented by other manufacturers. The focus is on a failure of the design engineers to understand different methods of bypass and to protect against them, and why standards and what they purport to define may be misleading and misrepresent the real security of a product.
Consumers rely upon the representations of manufacturers and the security ratings of locks by Underwriters Laboratory and the Builders Hardware Manufacturers Association to assure them of the quality and resistance to attack of the locks they buy. We present evidence that millions of homeowners and businesses that have implemented these locks can be vulnerable to simple methods of entry of which they may not be aware.
This is a classic example of insecurity engineering in a very clever and unique mechanical lock. Unfortunately, the very unique mechanism also provides the basis for several incredibly simple attacks that can be performed with a minimum of time, tools and training.
Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He is the principal attorney for Investigative Law Offices, P.C. and as part of his practice represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. Marc and his associates also conduct technical fraud investigations and deal with related legal issues. Marc has authored five police textbooks, including "Locks, Safes, and Security", which is recognized as a primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two- volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book (LSS+) is also available online. Marc has written extensively about the security vulnerabilities of products and has appeared in numerous television and radio interviews and news reports as well as magazine articles during the past thirty years. He is a member of several professional organizations including the American Bar Association (ABA, American Society for Industrial Security (ASIS), Associated Locksmiths of America (ALOA), Association of Firearms and Tool mark Examiners (AFTE), American Polygraph Association (APA) and the American Police Polygraph Association (APPA).
Tobias Bluzmanis was born in Caracas, Venezuela. Tobias came to the United States in 1995 and was granted citizenship in 2000. He has been a professional locksmith for the past 20 years. Tobias is an expert in Covert Methods of Entry and has developed many unique forms of bypass, custom tools, including a decoder for Medeco locks, which was the impetus for the book "Open in Thirty Seconds".