Tuesday, February 12, 2013

Breaking into Kaba Door Locks

This is an older issue that was resolved by an update from the manufacturer, but it's still an interesting story.

Continuing from yesterday, Marc Weber Tobias also was instrumental in getting Kaba to update their Simplex push-button mechanical combination locks.  On those door locks, which have seen near ubiquitous deployment, a mechanical combination is entered into a push-button key pad, which unlocks the door.  Some models include other features, like "bypass" which allows a person inside to egress through the door without pushing the combination.  It's this feature on the Kaba lock that Tobias learned could be defeated with a rare earth magnet.

Here's a (slightly dry) walk through of how the lock is defeated using just a magnet, leaving no forensic evidence of unauthorized entry whatsoever:

One aspect of this story that will be interesting for computer security professionals is the element of "responsible disclosure" used by Tobias to attempt to force the hand of the manufacturer to fix the problem, followed by the manufacturer's all too familiar "there is no such problem" response (yet they did fix it).

Monday, February 11, 2013

Breaking Physical Locks

Recently, Wired Magazine ran an article about just how easy it is for children to break into certain models of gun safes.  Their findings are interesting, but not totally surprising.  Watch for yourself if you haven't already seen it:

We did our own review of pistol safes here, but more or less comparing features of safes, not attempting to penetrate them as the article describes.

One of the researchers, Marc Weber Tobias, has a variety of other very interesting (but dry) videos describing physical lock security and some of the particular products that are defeated.  His YouTube channel is worth a review.