 |
|
|
UER Store
|
|
order your copy of Access All Areas today!
|
|
|
 Spyder
      
Location: Ottawa
Gender: Male
Holy Fuck!!! There's a tree frog in the toilet!
 |  | Lock Vulnerability
< on 9/17/2004 3:41 PM >
|  | | | Great Article from the New York times on a lock Vulnerability.
"The problem could have wider consequences. Lock experts said the fault was with a particular type of cylindrical lock that is used not just in bike locks but in vending machines, cable locks for laptop computers, alarm system panels and countless other places. "
Read more of the Article....
The Pen Is Mightier Than the Lock
By LYDIA POLGREEN
Published: September 17, 2004
Many cyclists erupted in disbelief and anger this week after videos were posted on the Internet showing how a few seconds of work could pick many of the most expensive and common U-shaped locks, including several models made by Kryptonite, the most recognized brand.
Mashing the empty barrel of a ballpoint pen into the cylindrical keyhole and turning it clockwise does the trick that has struck fear into the hearts of bicycle owners, especially those in New York, where thousands of bikes are stolen each year.
"There was murmuring on various Web sites, and so I decided to go home and pick up a pen and see it if works," said Benjamin Running, a graphic designer who lives in downtown Brooklyn. "Sure enough, within 30 seconds I had broken into my $90 lock. I was in awe. My jaw literally dropped to the floor. It was so easy."
And many Internet users had the same reaction this week when they saw the homemade video he posted on his blog of his Kryptonite NY Chain popping open.
The problem could have wider consequences. Lock experts said the fault was with a particular type of cylindrical lock that is used not just in bike locks but in vending machines, cable locks for laptop computers, alarm system panels and countless other places.
Not all such locks are vulnerable, because some are built with more sophistication. Older Kryptonite locks made before 2002 appear to be less susceptible, according to bike shops that have tried to use the technique on them.
But this type of mechanism is used on most of the bicycle locks that are used by millions of people around the country, not just those made by Kryptonite (although the company said yesterday that a new and better model was on the way).
http://www.nytimes...ion/17lock.html?hp
John Marshall Mantel for The New York Times
Arone Dyer, who works at Bicycle Habitat in Manhattan, shows how a type of bike lock can be picked with a pen.
[last edit 9/17/2004 5:21 PM by Spyder - edited 1 times]
|
|
dev
Passed away September 23rd, 2006.
| | Re: Lock Vulnerability
<Reply # 1 on 9/17/2004 5:37 PM >
| | | | Yep, I saw the video posted on slashdot awhile back; they originally found the weakness on this style of lock in relation to laptop cables...
Seems pretty simple and easy to do, just torsion/pin raking, all done with the same object. Easily defeats what was previously thought to be the hardest style of lock/key to pick. WH00T! Score one for security-types!
--dev
|
|
Rust
  
I am a rustbucket
| | Re: Lock Vulnerability
<Reply # 2 on 9/17/2004 6:32 PM >
| | | | I don't even think it involves pin raking. It's some sort of mechanical defect involving applying pressure and rotating the center plug.
|
|
Gunslinger
Location: The Wasteland "Peel Region"
Gender: Male
| | Re: Lock Vulnerability
<Reply # 3 on 9/17/2004 7:27 PM >
| | | | It has nothing to do with pin raking. the pen is Malleable enough to fill in all the pin postions and push them to the shear line, so therefore you can rotate the plug.
[00:22:07] * Roadwolf prefers tampons over pads.
[19:42:01] <Roadwolf> i like penis.
17:04:43] <Avatar-X> i saw a husky outside earlier today 17:05:11] <Silent_Knight> you didn't get shagadelic on it, didya' Av? ;p [17:05:12] <Avatar-X> yeah i don't know why :P |
|
Servo
| | Re: Lock Vulnerability
<Reply # 4 on 9/17/2004 8:48 PM >
| | | | Posted by Gunslinger
It has nothing to do with pin raking. the pen is Malleable enough to fill in all the pin postions and push them to the shear line, so therefore you can rotate the plug.
|
Yeah, but the pins don't all need to be pressed to the same depth, so it's not quite as simple as that. It still seems like it's something akin to raking in a regular pin/wafer lock, just there's some defect that makes it even easier.
I think maybe the problem is that a lot of the technologies that have been introduced to make raking harder in pin tumbler locks (mushroom-headed pins that false-set, for example) haven't been used for tubular locks because people have the impression that they are inherently unpickable. In fact, you have been able to buy tubular picks for some time; this article just shows that it's even easier because you can make an effective rake out of a pen.
|
|
Freak
Location: Usually Alaska, now MSP.
Gender: Male
Hypocrite
| |  | Re: Lock Vulnerability
<Reply # 5 on 9/18/2004 12:38 AM >
| | | | Kickass, they have these locks all through the steam tunnels here, and so far they've been the strongest point 
Turn off the internet and go play outside.
http://spamusement...hp/comics/view/137 |
|
Inphenity
Gender: Male
| |  | Re: Lock Vulnerability
<Reply # 6 on 9/18/2004 1:32 AM >
| | | | anyone got a link to the video?
... well yea actually this is a flashlight in my pocket .. but im still happy to see you |
|
hemi425
Location: Birmingham, AL
Gender: Male
I'm workin' on it
| | | Re: Lock Vulnerability
<Reply # 7 on 9/18/2004 1:55 AM >
| | | | I work in a shop and need to try this as we sell lot's 'o locks. Anybody got a link to the video!
THE ABOVE WAS NOT EDDITED FOR SPELLING OF GRAMICAL ERRORS
I have an awesome collection of human bones, including a skull, they're all in pretty good condition, too. Nobody's ever said anything to me about not being allowed to keep them. They'd have a hard time getting them from me too, since they're inside my body.
-the hitman's daughter |
|
Spyder
Location: Ottawa
Gender: Male
Holy Fuck!!! There's a tree frog in the toilet!
| | Re: Lock Vulnerability
<Reply # 8 on 9/18/2004 2:10 AM >
| | | | Posted by hemi425
I work in a shop and need to try this as we sell lot's 'o locks. Anybody got a link to the video!
|
Here is a link to the video.
http://thirdrate.com/misc/krypto.mov
Spyder
|
|
darkism
Gender: Male
hop on the bandwagon
| | Re: Lock Vulnerability
<Reply # 9 on 9/18/2004 2:41 AM >
| | | | Posted by Freak
Kickass, they have these locks all through the steam tunnels here, and so far they've been the strongest point
|
I expect you to exploit this immediately and be posting about your findings on the ColExp board. 
|
|
Gunslinger
Location: The Wasteland "Peel Region"
Gender: Male
| | Re: Lock Vulnerability
<Reply # 10 on 9/18/2004 3:23 AM >
| | | | Yes i know the pins dont have to all be depressed to the same depth i own one of these locks (well not for much longer now). But its still not raking, because if i recall correctly raking is applying the apropreate shear force to lock while trying to depress the pins, which i dont think shoving a ball point pen into a tubular lock counts as raking.
[00:22:07] * Roadwolf prefers tampons over pads.
[19:42:01] <Roadwolf> i like penis.
17:04:43] <Avatar-X> i saw a husky outside earlier today 17:05:11] <Silent_Knight> you didn't get shagadelic on it, didya' Av? ;p [17:05:12] <Avatar-X> yeah i don't know why :P |
|
SnakeEyes
Gender: Male
| | Re: Lock Vulnerability
<Reply # 11 on 9/18/2004 5:31 AM >
| | | | Looks to me like this is not really "picking" and has little to do with actually manipulating the pin stacks- it's more like an individual flaw that allows the bypass of certain models of kryptonite (a specific brand) locks. For example, chances are very small that if you take a bic ben to a vending machine it will open- you are more likely to get funny looks from spectators. I have yet to try it, but more than likely it is simply dislodging some springloaded mechanism below the actual cylinder or something. The difference between picking and bypassing is that picking is manipulating the lock to have the exact same effect as using the proper key, while bypassing is any way of openeing the lock (usually 'bypassing' the lock alltogether and going right for the bolt or latch). From the video's I've watched, this is indeed a bypass of some sort. In order to pick these types of locks one usually uses some form of impressioning (from a tool such as tubular picks), even though individual pin picking is possible. I have also heard of tubular locks being picked with a toilet paper roll cut to the size to have the right diameter. For about 15 years after the tubular locks were introduced they were thought near impossible to pick, but as soon as tubular picks came out they were found actually quite easy to pick. Basicly this rant is trying to get to the point that you shouldn't rely on a bic ben for ever tubular lock that you stumble accross. Just my two cents.
Pity the poor agnostic dyslexic insomniac; he stays up all night, wondering if there really is a dog. |
|
Servo
| | Re: Lock Vulnerability
<Reply # 12 on 9/18/2004 8:46 PM >
| | | | Posted by Gunslinger
because if i recall correctly raking is applying the apropreate shear force to lock while trying to depress the pins
|
You do not recall 100% correctly. When you use a rake you do apply some torque to the tumbler, but you have a pick with randomly cut positions in it that looks similar in a key, and you pull it over the pins repeatedly. Effectively you randomly set the pins, and given enough rakes you get them all to set correctly. It works the same way as individual pin picking except you aren't doing it pin by pin, and a lot of times it won't work on better locks.
|
|
SnakeEyes
Gender: Male
| | Re: Lock Vulnerability
<Reply # 13 on 9/18/2004 9:04 PM >
| | | | You cannot rake open tubular locks- I don't know where that came from. You can only rake open wafer/pin-tumbler locks, not tubular locks. Raking is when you lift all of the pins and one time and pull your pick out (repeatedly), or when you simply stick a rake pick in and wiggle it about while pushing the tublers up- with any luck some might catch on the shear line. The only two ways of picking a tubular lock (not including bypass) is impressioning or pin picking.
Pity the poor agnostic dyslexic insomniac; he stays up all night, wondering if there really is a dog. |
|
Servo
| | Re: Lock Vulnerability
<Reply # 14 on 9/18/2004 9:16 PM >
| | | | You're right of course, because the vulnerability you're exploiting in a pin tumbler lock (the line of pins not being exactly parallel to the axis of rotation) obviously isn't present by design in tubular locks. My point was that it was similar in operation to raking. But you are probably right, this is a different vulernability altogether.
|
|
hemi425
Location: Birmingham, AL
Gender: Male
I'm workin' on it
| | | Re: Lock Vulnerability
<Reply # 15 on 9/19/2004 2:07 AM >
| | | | Well, the good news (forus anyway) is that that's a U-lock only thing. We actually stopped carrying those awile ago in exchange for cable locks because you can buy freon in a auto store, freze a I lock, hit it, and shatter it.
THE ABOVE WAS NOT EDDITED FOR SPELLING OF GRAMICAL ERRORS
I have an awesome collection of human bones, including a skull, they're all in pretty good condition, too. Nobody's ever said anything to me about not being allowed to keep them. They'd have a hard time getting them from me too, since they're inside my body.
-the hitman's daughter |
|
Silent Knight
Location: Niagara region
Gender: Male
Kastle Archives Productions Inc. (since 1999)
| | | Re: Lock Vulnerability
<Reply # 16 on 9/20/2004 10:11 PM >
| | | | I had an expensive braided cable lock on my Raleigh mountain bike - and lost the key for it. The lock was coiled around the crossbar between the seat and the handlebars, and locked in place.
Without the key, it was no longer of any use - so we cut it off the bike in less than 20 seconds with a Dremel tool.
The lock was 'guaranteed' not to fail and came with an insurance policy that if the bike was stolen, the company would replace the bike.
20 secs. with a Dremel. That's all it took. I lost all faith in cable locks after I saw how easily it was removed.
Silent Knight
You can always tell when you're watching Canadian television - the actors in the show are the same ones doing the commercials. |
|
Feztaa
Location: Victoria, Canada
Gender: Male
Hide yo kids, hide yo wife
| | Re: Lock Vulnerability
<Reply # 17 on 9/21/2004 1:22 AM >
| | | | Walking around after dark through bad neighborhoods, I have witnessed two bicycle U-style locks being disabled by a few taps of a hammer (or smaller, more like a pick). It usually goes like this: *tap* *tap* *tap* *CLINK* and then the bike is free. And then I call the cops on my cell phone and laugh as the guy gets arrested. Suckers.
(my bicycle was stolen in plain view of a security camera at a train station in broad daylight, I filed a police report and asked for copies of the tape... police found nothing and I was told by security that the cameras don't record. I am very bitter).
|
|
-MisfitStyle-
 
| | Re: Lock Vulnerability
<Reply # 18 on 9/27/2004 8:42 PM >
| | | | Posted by Feztaa
Walking around after dark through bad neighborhoods, I have witnessed two bicycle U-style locks being disabled by a few taps of a hammer (or smaller, more like a pick). It usually goes like this: *tap* *tap* *tap* *CLINK* and then the bike is free. And then I call the cops on my cell phone and laugh as the guy gets arrested. Suckers.
(my bicycle was stolen in plain view of a security camera at a train station in broad daylight, I filed a police report and asked for copies of the tape... police found nothing and I was told by security that the cameras don't record. I am very bitter).
|
They probably froze the cylinder with freon, or another similar chemical.
"I feel like I just got in a battle of wits with some kid in a helmet I found licking a window."
Need help? Please use the Contact a Mod forum — I'm slow to see PMs. |
|
Mark
Very Noble Donor
Location: South Carolina
Gender: Male
What is a lion, king of the savannah, when hes at the south pole?
| | Re: Lock Vulnerability
<Reply # 19 on 9/27/2004 11:12 PM >
| | | | It has nothing to do with freezeing. Most thugs wouldnt know how to freeze a lock if there life depended on it. What is really happening is a good swift whack on the side of nearly any ball bearing padlock will free it up no problem. Well on the cheaper locks which are plentiful. Moral of the story, dont buy a cheap lock.
"If the threat level goes up its probably because of me." "I am looking for a girl who enjoys headbutting beltbuckles" |
|
|
|
All content and images copyright © 2002-2024 UER.CA and respective creators. Graphical Design by Crossfire.
To contact webmaster, or click to email with problems or other questions about this site:
UER CONTACT
View Terms of Service |
View Privacy Policy |
Server colocation provided by Beanfield
This page was generated for you in 140 milliseconds. Since June 23, 2002, a total of 739416588 pages have been generated.
|
|
