Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:41 PM
John H. Sawyer
John H. Sawyer

Lock-Picking Popularity Grows

As security professionals, it is easy to get focused only on the technical side of security and forget about the importance of physical security.

As security professionals, it is easy to get focused only on the technical side of security and forget about the importance of physical security.The beauty of security and hacking, however, is that the thinking that goes into circumventing security controls on a computer system can be abstracted and applied to other areas like physical security--bypassing electronic access controls, circumventing physical security systems, and picking locks.

One of the always-popular areas during Defcon is the lock- picking village where attendees can try their hand at picking locks of all types. From padlocks to deadbolts, the lock-picking village is a playground for those new to the practice, hobbyists, and those who treat it as a sport to see who can pick a series of locks the fastest.

I've not spent much time in the lock-picking village in the past, but every year I have friends come back with new sets of lock picks, practice locks, and a passion for "hacking" locks. There has been an entire community that has sprung up from lock picking into what is called "locksport," and this year has seen a couple of new projects to help bring lock-picking to the mainstream.

The first was the release of "Practical Lock Picking: A Physical Penetration Tester's Training Guide" by Deviant Ollam. This is a fantastic book that I highly recommend if you have any interest in physical security. It's a great reference and guide book for getting started with lock picking, learning how locks work, and really motivates you to want to get your hands dirty trying out the techniques covered in the book.

The other project was by Schuyler Towne who created the Kickstarter project called "Lockpicks by Open Locksport." I met Schuyler in the Las Vegas airport on my way back home from Defcon and was instantly impressed with his passion for lock-picking. We talked a bit about Defcon, the "Gringo Warrior" contest, and he pointed out a reference to himself in the book above.

After I got back, I started seeing some chatter on Twitter about the Kickstarter project to create custom lock-picks that included templates, practice locks, and much more depending on the amount you pledged in support of the project. It didn't surprise me to see Schuyler's name and face as the creator after having spent only about 15 minutes with him in the airport.

What's incredible about Schuyler's project is that he started out only trying to raise $6,000 and ended up with nearly 1,200 supporters and $87,407. It's amazing to see the support an and interest in lock-picking.

Just like computer security, the people out there finding vulnerabilities in locks are helping advance the field by demonstrating how easy it is to exploit them. Congrats to Deviant Ollam and Schuyler for helping to educate and bring awareness to the rest of the world.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/21/2012 | 7:57:35 PM
re: Lock-Picking Popularity Grows
Lockpicking is awesome!
http://www.lockpickwinkel.nl is a good shop for tools if u need any :)
itsin Europe tho
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version, that could allow unauthorized access to the driver's device object.
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version, that could cause systems to experience a blue screen error.
PUBLISHED: 2021-04-13
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
PUBLISHED: 2021-04-13
An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exist...