Medeco is the predominant high security lock manufacturer in the United States and has been trusted for more than thirty-five years to provide cylinder and hardware security for the private, commercial and government sectors. Their sidebar technology was unique when first introduced and has presented a continuing obstacle to both covert and forced methods of entry. As detailed in the Government version of LSS+ some very sophisticated decoders have been developed for law enforcement and intelligence agencies to bypass the original two layers of security within the Medeco design. As described in the first article of a four part series, Medeco introduced the m3 cylinder which incorporated a third level of security through the implementation of a slider. Their latest product is a modified m3 called the Bilevel. This is a lock that does not utilize the traditional Medeco sidebar design and is a cheapened version that is no more secure than a conventional pin tumbler cylinder and in fact may allow systems that integrate the Bilevel to be more vulnerable because of the limited number of sidebar codes that are available.
When the threat from bumping was made public in the United States last July and August, consumers, risk managers, security experts and locksmiths from both the private and public sectors began to question the real security of the locks that they depend upon to protect people, facilities, and assets. It was more than unsettling to think that perhaps there was little protection against a procedure that a kid could learn and rapidly execute to open a high percentage of pin tumbler locks. At the same time, everyone was led to believe that the threat from bumping did not extend to high security locks.
Beginning last August, high security lock manufacturers were quick to announce the heightened security of their cylinders against bumping. This included Medeco, Mul-T-Lock and Assa: they all produce locks with UL437 or similar high security ratings.
Some announced that their locks were “bump proof” or “virtually bump proof” and that the consumer should have no fear that their security was in jeopardy. In all fairness, many of these manufacturers did not fully understand the threat or techniques that could be applied to bypass their internal security. Some still do not believe that such attacks are possible and continue to publicly decry any who make statements about bumping or picking of their cylinders, stating that any demonstration of bypass was a trick or “smoke and mirrors.”
The accompanying article specifically deals with the Medeco m3 and why we do not believe it provides any significant measure of key control security against a determined attack. In subsequent articles we will describe in detail how we determined that the Medeco and other high security locks could be bumped, picked open, or mechanically bypassed within minutes, if not seconds, thus rendering the ten minute minimum specification for UL 437 or fifteen minute standard for ANSI 156.30 as essentially meaningless. We thought it would be prudent to briefly analyze just what security the Medeco technology does provide against both casual and determined attacks and to hopefully dispel any confusion that may result from these articles as to whether the security provided by these locks is sufficient to protect you.
LOCKS AND THE CONCEPT OF SECURITY
“Security” is a generic term that can mean many things. In the world of locks, its definition has to be qualified by asking several core questions. Specifically, what are you trying to protect, and where? What is the value of the target for which these locks are providing security? Against what threat or whom are these locks designed to stop or delay entry? How sophisticated or determined is the attacker likely to be? Finally, does the lock provide the only barrier or is it one control in a “defense in depth” strategy, meaning that there are other measures of security such as alarms, video, guards, perimeter barriers, or other systems to back up the locks.
Many are surely asking whether their Medeco locks are secure enough, especially after Medeco has repeatedly issued press releases, advertising statements and even a DVD categorically stating that their locks were “bump proof” and lately “virtually bump proof.” Recently we asked a senior representative of Medeco just exactly what “virtually bump proof” exactly meant? We thought it was a fair question especially since the term “virtually bump proof” in my view is like “virtual reality.” It means nothing but is a phrase that my fellow lawyers have devised to shield a manufacturer from potential liability for material misrepresentation. Saying that something is “virtually secure” is a qualification based upon no measurable standard so it is an illusion. And the answer that we were given by Medeco: “Virtually bump proof means that you have about as much chance of opening our locks as you do of winning the lottery!” Well, if that is the case, I will place my bet on collecting from Medeco because my odds are a great deal better in opening their locks than in winning a lottery.
So, you have spent perhaps three or four times the money to install Medeco cylinders than you would have for conventional non-high security rated mechanisms, believing that the cost difference was worth it. But exactly what security is provided for all that extra money? We will try to answer that question by briefly analyzing what your Medeco cylinders offer in the way of protection.
MEDECO SECURITY: What is it?
So why is Medeco perceived and touted as one of the most secure locks on the planet? Why are they relied upon by the U.S. government for installations such as the White House and Pentagon? The answer is simple: Medeco makes quality products of the highest order. This does not mean they necessarily outperform other high security lock manufacturers or that their sidebar approach is any better or more secure than others who have different design philosophies.
At the end of the day each manufacturer’s design has its strengths and weaknesses but all lock security can be reduced to three issues: forced entry protection, covert and surreptitious attacks, and key control. In fact, these are precisely the criteria and requirements that are addressed in the ANSI 156.30 high security standard.
Medeco locks are secure in part based upon the following features and issues:
• High quality components
• High tolerance mechanisms
• Excellent engineering and design
• Five or six pin tumblers
• Integrated pins that incorporate elevation and rotation
• Sidebar technology
• Slider technology and key control
• Legal protection of keys
• Special cutters are required to duplicate keys
• The ability to utilize multiple sidebar codes within one master key system to separate and protect secure areas
• Difficult to pick
• Impossible to bump without the correct or operable sidebar code
• Availability of the ARX pin for added pick and decoding resistance
• Forced entry protection
• More difficult to progress keys when extrapolating the top level master key
We believe that Medeco locks are secure for most venues but also have certain vulnerabilities that must be addressed in certain locations. Those vulnerabilities may allow certain Medeco cylinders to be rapidly bypassed by bumping and picking and circumvention of key control.
Lets take forced entry first. Medeco, as with most other high security lock manufacturers, implement hardened inserts and components to resist most forms of drilling of the plug, shear line, or sidebar. These are the three vital areas that are most vulnerable. Almost everyone utilizes special steel pins, bearings and other blocking technologies to resist such attacks, at least for a minimum of five minutes. Some of these locks are incredibly tough, although the type of attack and amount of force must always be considered. In Part I of this series, force is not seen as the real threat: covert attacks and compromise of key control are.
Key control relates to the protection of keys from duplication, replication, and simulation. It also deals with system expansion, the number of secure key changes, ability to set up large master key systems, and an alternative to the use of sectional keyways.
The Medeco m3 specifically touts its key control as secure, flexible and effective. In fact, the m3 was designed primarily for enhanced key control as a way of extending the Biaxial patent that expired in 2005. In doing so, Medeco also claimed that the security of the cylinder was enhanced with the addition of the internal slider. So exactly what does the m3 and its slider accomplish?
There is no doubt that key control is enhanced to the extent that legal protection applies for the next twenty years, thereby preventing others from commercially manufacturing, selling or distributing blanks for the m3 that contain the patented protrusion on the side of the key. That’s it! There is no more protection against cutting keys with angled cuts, nor for replicating keys for the original or Biaxial locks. No, you cannot go to the local hardware store or Home Depot and obtain m3 blanks or have keys copied. If you have a system with a commercial keyway then your local locksmith may be able to legally replicate your keys. If the keyways are restricted or proprietary, then you are out of luck, but criminals may not be.
The m3 is subject to bypass of its key control features because the slider can be easily defeated with a piece of wire or a paper clip. In addition, restricted blanks can be synthesized or replicated, thereby potentially bypassing all of the key control you thought you had obtained when purchasing the Medeco brand. Is such bypass relevant? Again, it depends if you have a high value target to protect.
If you are a residential customer or own a small business, the likelihood that your locks will be compromised in this manner is pretty remote. Certainly it is not impossible but the chances are slim. What you need to understand is that the third layer of security that is provided by the slider is essentially non-existent given its ease of bypass. And that bypass can make the lock much more insecure to secondary and more advanced forms of attack such as bumping and picking. If you choose to implement Bilevel into an m3 system there is even less security but the locks are also less expensive.
Covert and Surreptitious Methods of Entry
In my view the real threat is from covert methods of entry. Notwithstanding their statements to the contrary, certain Medeco locks can indeed be bumped and picked, some with little difficulty. Did Medeco know this last year when they began their public information campaign of invulnerability to bumping? In fairness, probably they did not. In fact, they went so far as to have their locks tested against bumping attacks by a testing lab in Europe. They were pronounced secure according to Medeco.
Should Medeco have conducted more tests to make certain that their locks were immune to bumping? Probably, because they represent that they are experts in high security locks and that their customers can rely upon their expertise and statements. When Medeco categorically states that their locks are “bump proof” then they are surely believed because of their reputation, customer base, ethics, and expertise during the course of the past third of a century. All in the industry know that Medeco is a prime supplier to the U.S. and some foreign governments and that they did not earn their reputation or win those contracts without being one of the best at what they do. Everyone takes Medeco at their word about security.
So just what protection against covert attack does Medeco provide? In the m3, there are three levels of security, all of which are interrelated. The compromise of one level of protection will not result in the lock being opened. All three separate and parallel systems must be defeated before the lock can successfully be neutralized.
The primary security for a Medeco cylinder has always been its unique sidebar design which is controlled by rotating pin tumblers. This invention can be likened to the modification of the Egyptian pin tumbler lock by Linus Yale. The concept of the rotating pin was revolutionary and had never been done before, which is why Medeco received several ground-breaking patents almost forty years ago.
The requirement that pins be both elevated and lifted in order to align two different locking systems (shear line and sidebar) at one time set Medeco apart from all other high security lock manufacturers. This combination makes picking extremely difficult because pin tumblers must be manipulated at the same time for two different systems (rotation and elevation). Many have tried to reliably defeat Medeco, most with limited or little success. For that reason Medeco has thrived as a primary provider of high security locks.
For the vast majority of users this dual layer of security was and is more than sufficient. Then came the introduction of the m3, with another alleged layer of security: the slider.
I would be the first to acknowledge that for the average thief, whether casual or determined, Medeco provides a significant barrier against any covert form of attack that involves the compromise of the pin tumbler mechanism. But Medeco cylinders are not just employed in “average” installations requiring medium security. They are relied upon everywhere, often to protect incredibly high value targets where criminals, spies, and even insiders will expend a great deal of time, energy and money to defeat these systems. So they have to be secure. In fact, not just secure but very secure, and that is where we believe the problem begins.
I draw an analogy between Medeco (and other high security lock manufacturers) to the communication common carriers and the provision of broadband Internet services. Almost every carrier has fiber optic cable to transport data across the country or across the world. Where the system breaks down is in the last mile where copper wires rather than fiber feed individual locations. It is the last mile that I am most concerned with in high security locks; an equivalent to the last five to ten percent of protection that really matters against competent and determined criminals.
In a nutshell my problem is this: the highly respected Medeco m3 lock, the new star in the Medeco flagship, can be bypassed with a paper clip, followed by a specially designed key which can be used to open it by bumping or picking. For sure, not all of their cylinders can be opened in the manner described in these articles, but many can. And what is a tolerable percentage that can be bypassed? This is a very good question for Medeco. Unfortunately, as will be demonstrated in the Fourth article in this series, the problems with Medeco security does not stop with bypassing the slider or sidebar. It is more basic and involves mechanical bypass which can be far more sinister than manipulating the internal components with bump keys or picks. We believe it is a failure of imagination on the part of Medeco design engineers to perceive of certain threats.
Most of the high security lock manufacturers offer cylinders that will provide more than ample protection and meet the security requirements for the vast majority of their customers. However, if you have what you perceive as high value or critical targets to protect then you just might want to research this matter further. You should not solely rely upon the so called high security standards promulgated by UL, BHMA and ANSI. The reality is that these organizations really do not test for certain forms of bypass. We believe that if they did then many of their “certified” locks would lose such designation.
This article began by asking the question whether your Medeco locks are “secure enough?” In my view there is no question that they are one of the best available cylinders but of course that comes with many caveats. The perceived level of threat should determine whether Medeco or some other vendor produces the locks that will afford the needed protection. The alternative, of course, is to prohibit the possession of paper clips in any facility where the m3 is installed!
® Medeco and Biaxial are registered trademark of Medeco Security Locks, Inc.