We just returned from DEFCON 16 in Las Vegas. The conference organizers report the largest attendance ever, and that was evident at our two-hour presentation on Friday afternoon. Matt Fiddler, Tobias Bluzmanis, and I did a three-part presentation on Medeco high security locks, demonstrating how all of their security layers have been compromised.
You would expect to be able to simulate a plastic key for a Kwikset cylinder, but not for a high security lock like Medeco. This key easily opens the Kwikset. We accomplished the same result with a Medeco m3. So much for key security!
A credit card was cut to form a key for a Medeco m3. It incorporated both the vertical bitting and angles needed to open the lock.
A Medeco mortise m3 cylinder can be easily compromised with a plastic key. We graphically demonstrated this vulnerability to a Wired Magazine reporter, both with a credit card, and Shrinky Dinks plastic. The full story of how this key was emailed by the reporter to us prior to Defcon will be posted shortly, and documents the threat that is posed by a lack of key control.
An inexpensive HP copier/scanner was used to produce a replica of an m3 key on Shrinky Dinks plastic. We demonstrated the ability to compromise the security of a mortise cylinder using this key.
We also discussed the security threat that is posed by a camera within a cell phone. In this case, we used the image of a Medeco key that was captured by a Blackberry Curve.
JennaLynn did it again this year. At age 13, she opened a five-pin Biaxial profile cylinder. But this was not an ordinary lock, as you will see in the interview.
We will post our Powerpoint presentation together with all of the video files from Defcon.
At our Defcon presentation, we talked about the methodology that we employed to break the locks and the lessons that should be learned from our experience. Then, we discussed the ability to totally compromise the key control of the m3, and many Biaxial cylinders, using plastic or Shrinky Dinks keys. We introduced the concept of Key-Mail, and warned of the threat from emailing restricted keys from within a high security facility.
Finally, we discussed the concept of Responsible Disclosure v. Irresponsible Non-Disclosure upon the part of a lock manufacturer. We took many questions from the overflow audience at the end of our presentation.
JennaLynn demonstrated her ability to bump open a Medeco Biaxial cylinder once again this year. You will recall that she did the same thing at Defcon 15. Medeco claimed that the demonstration was not true, and that the locks had been modified or altered so that she could open them. This, of course, was not true, and the cylinder was subsequently verified by independent experts a few weeks later that it conformed to factory standards, and indeed could be repeatedly bumped open. To our knowledge, Medeco has never admitted publicly that this is possible.
So, the lock that JennaLynn, at age 13, bumped open was no ordinary cylinder. And this year we decided to have her do the demonstration in front of about 25 participants at the lock picking village, where both amateurs and experts converged to try their skills at openeing a wide variety of locks. Not only did she open the lock twice in a few seconds, but we had an indpendent expert immediately confirm that the lock was configured as we represented, which would prevent Medeco from claiming that this was a staged demonstration.
Han Fey, as he examines the Biaxial lock that JennaLynn easily bumped open in a few seconds.
We asked Han Fey to be our independent observer. Han is from the Netherlands and works with Barry Wels and Toool, and is recognized as an expert in his field. More importantly, if you read our book, he is also recognized by Medeco as an expert. We offered a pre-release copy of the video to Medeco last week, so that they could include comments when it was posted. We have not heard from them since that offer.
Han and Barry came to Defcon 16 this year, in part to view our presentation on key security, as a follow-up to a detailed presentation that Barry gave at HOPE a few weeks before in New York.
Stay tuned for the demonstration by JennaLynn, and a discussion of how we compromised Medeco key control. Both topics should be of interest to security professionals who are responsible for insuring the integrity of their locks and keys.1 comment