In.Security Home

THE SIDEBAR: MARC WEBER TOBIAS

LSS+x HIGH SECURITY SUPPLEMENT: Available Now

CLICK THE “ORDER” TAB to purchase the book or CD.

lss701_medeco_jacket_400.jpg

Our new book, entitled “THE COMPROMISE OF MEDECO HIGH SECURITY LOCKS: New Methods of Forced, Covert, and Surreptitious Entry” will be available in the multimedia edition on June 15, 2008. This version will only be sold to Government and Locksmiths. The softbound book will be released about July 15, 2008.

code_set_keys_400.jpg

The book presents an extensive analysis of Medeco locks and different methods to bypass them by covert and forced entry techniques. This photograph shows four keys that can be used to bump and pick Medeco Biaxial and m3 cylinders, sometimes in less than one minute. These keys will theoretically simulate the sidebar codes for all non-master keyed Biaxial and m3 cylinders that were pinned prior to December, 2007.

medeco_cutaway_350.jpg

This photograph shows a specially-prepared six-pin mortise cylinder which we used in several macro-videos that are contained in the book, to demonstrate how we neutralize the sidebar prior to picking this lock. The key with the correct sidebar code is shown to the left of the keyway. Note how the angles match those of the bottom pins. The view is from the bottom of the plug, looking up at the chisel-points of each pin. Their angles are noted on the cylinder.

The book took more than eighteen months of research and has resulted in three separate patent filings that detail multiple methods of bypass, certain technology to prevent these attacks, and mechanical modifications to secure Medeco deadbolt cylinders against certain forms of forced entry to which they are still vulnerable.

The book is about 350 pages and contains more than 400 images, tables, charts, and graphics. There are more than thirty video segments to demonstrate all forms of bypass of these cylinders. A detailed discussion of conventional and high security locks is presented, as well as an analysis of UL 437 and BHMA/ANSI 156.30 standards, and what they fail to protect against.

We believe this is the most comprehensive book ever written about Medeco locks. It discloses methods of bypass that are completely new and unique, and can allow the circumvention of all layers of security within these cylinders, often in seconds. If you have security responsibility in the commercial or government sectors, you will need to understand the vulnerabilities of high security locks to attacks against key control, bumping, picking, extrapolation of the top level master key, and forced entry. This information is provided in the book, with significant supporting documentation.

For additional information, see www.security.org.

We hope everyone enjoys the book, as much as we did in its production. We are already working on the next edition, and will provide detailed information on the bypass of the ARX pin in greater depth than we have, to date. The ARX is the Medeco high security pin that is supposed to prevent picking, bumping, and decoding attacks. We anticipate an announcement from Medeco, based upon information that we have obtained, that would indicate that they will be supplying these pins as standard in their locks, beginning later this summer, in an effort to make them more secure against the methods of attack that are described in our book, and other methods described in a recent article with regard to the bypass of Medeco locks.

Although the various ARX pin designs make bypass much more difficult, they also can provide excellent feedback with regard to our techniques of covert entry. It should indeed be an interesting year.

Matt Fiddler and I will be lecturing at Defcon 16 again this year, to provide an in-depth analysis of Medeco locks and how we broke their security. We hope everyone can attend the conference, to be held the first week in August in Las Vegas.

And for everyone who has asked what is next in the LSS+x series? The second high security supplement will describe the bypass of Mul-T-Lock cylinders and why we do not believe they are secure against a variety of attacks, or should carry a UL 437 rating.

If you have any questions, feel free to contact us. We appreciate your feedback and look forward to seeing many of you during different conferences this summer, and at Toool at Sneek in October.

Marc and Toby

Comments are off for this post

Comments are closed.

Mexico