Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

9/24/2010
04:41 PM
John H. Sawyer
John H. Sawyer
Commentary
50%
50%

Lock-Picking Popularity Grows

As security professionals, it is easy to get focused only on the technical side of security and forget about the importance of physical security.

As security professionals, it is easy to get focused only on the technical side of security and forget about the importance of physical security.The beauty of security and hacking, however, is that the thinking that goes into circumventing security controls on a computer system can be abstracted and applied to other areas like physical security--bypassing electronic access controls, circumventing physical security systems, and picking locks.

One of the always-popular areas during Defcon is the lock- picking village where attendees can try their hand at picking locks of all types. From padlocks to deadbolts, the lock-picking village is a playground for those new to the practice, hobbyists, and those who treat it as a sport to see who can pick a series of locks the fastest.

I've not spent much time in the lock-picking village in the past, but every year I have friends come back with new sets of lock picks, practice locks, and a passion for "hacking" locks. There has been an entire community that has sprung up from lock picking into what is called "locksport," and this year has seen a couple of new projects to help bring lock-picking to the mainstream.

The first was the release of "Practical Lock Picking: A Physical Penetration Tester's Training Guide" by Deviant Ollam. This is a fantastic book that I highly recommend if you have any interest in physical security. It's a great reference and guide book for getting started with lock picking, learning how locks work, and really motivates you to want to get your hands dirty trying out the techniques covered in the book.

The other project was by Schuyler Towne who created the Kickstarter project called "Lockpicks by Open Locksport." I met Schuyler in the Las Vegas airport on my way back home from Defcon and was instantly impressed with his passion for lock-picking. We talked a bit about Defcon, the "Gringo Warrior" contest, and he pointed out a reference to himself in the book above.

After I got back, I started seeing some chatter on Twitter about the Kickstarter project to create custom lock-picks that included templates, practice locks, and much more depending on the amount you pledged in support of the project. It didn't surprise me to see Schuyler's name and face as the creator after having spent only about 15 minutes with him in the airport.

What's incredible about Schuyler's project is that he started out only trying to raise $6,000 and ended up with nearly 1,200 supporters and $87,407. It's amazing to see the support an and interest in lock-picking.

Just like computer security, the people out there finding vulnerabilities in locks are helping advance the field by demonstrating how easy it is to exploit them. Congrats to Deviant Ollam and Schuyler for helping to educate and bring awareness to the rest of the world.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
LockpickWinkel-nl
50%
50%
LockpickWinkel-nl,
User Rank: Apprentice
4/21/2012 | 7:57:35 PM
re: Lock-Picking Popularity Grows
Lockpicking is awesome!
http://www.lockpickwinkel.nl is a good shop for tools if u need any :)
itsin Europe tho
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34812
PUBLISHED: 2021-06-18
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2021-34808
PUBLISHED: 2021-06-18
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.
CVE-2021-34809
PUBLISHED: 2021-06-18
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2021-34810
PUBLISHED: 2021-06-18
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2021-34811
PUBLISHED: 2021-06-18
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.