Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:41 PM
John H. Sawyer
John H. Sawyer

Lock-Picking Popularity Grows

As security professionals, it is easy to get focused only on the technical side of security and forget about the importance of physical security.

As security professionals, it is easy to get focused only on the technical side of security and forget about the importance of physical security.The beauty of security and hacking, however, is that the thinking that goes into circumventing security controls on a computer system can be abstracted and applied to other areas like physical security--bypassing electronic access controls, circumventing physical security systems, and picking locks.

One of the always-popular areas during Defcon is the lock- picking village where attendees can try their hand at picking locks of all types. From padlocks to deadbolts, the lock-picking village is a playground for those new to the practice, hobbyists, and those who treat it as a sport to see who can pick a series of locks the fastest.

I've not spent much time in the lock-picking village in the past, but every year I have friends come back with new sets of lock picks, practice locks, and a passion for "hacking" locks. There has been an entire community that has sprung up from lock picking into what is called "locksport," and this year has seen a couple of new projects to help bring lock-picking to the mainstream.

The first was the release of "Practical Lock Picking: A Physical Penetration Tester's Training Guide" by Deviant Ollam. This is a fantastic book that I highly recommend if you have any interest in physical security. It's a great reference and guide book for getting started with lock picking, learning how locks work, and really motivates you to want to get your hands dirty trying out the techniques covered in the book.

The other project was by Schuyler Towne who created the Kickstarter project called "Lockpicks by Open Locksport." I met Schuyler in the Las Vegas airport on my way back home from Defcon and was instantly impressed with his passion for lock-picking. We talked a bit about Defcon, the "Gringo Warrior" contest, and he pointed out a reference to himself in the book above.

After I got back, I started seeing some chatter on Twitter about the Kickstarter project to create custom lock-picks that included templates, practice locks, and much more depending on the amount you pledged in support of the project. It didn't surprise me to see Schuyler's name and face as the creator after having spent only about 15 minutes with him in the airport.

What's incredible about Schuyler's project is that he started out only trying to raise $6,000 and ended up with nearly 1,200 supporters and $87,407. It's amazing to see the support an and interest in lock-picking.

Just like computer security, the people out there finding vulnerabilities in locks are helping advance the field by demonstrating how easy it is to exploit them. Congrats to Deviant Ollam and Schuyler for helping to educate and bring awareness to the rest of the world.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Apprentice
4/21/2012 | 7:57:35 PM
re: Lock-Picking Popularity Grows
Lockpicking is awesome!
http://www.lockpickwinkel.nl is a good shop for tools if u need any :)
itsin Europe tho
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-14
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
PUBLISHED: 2021-05-14
Hexagon G!nius Auskunftsportal before allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
PUBLISHED: 2021-05-13
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the ca...
PUBLISHED: 2021-05-13
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with ...