As security professionals, it is easy to get focused only on the technical side of security and forget about the importance of physical security.The beauty of security and hacking, however, is that the thinking that goes into circumventing security controls on a computer system can be abstracted and applied to other areas like physical security--bypassing electronic access controls, circumventing physical security systems, and picking locks.
One of the always-popular areas during Defcon is the lock- picking village where attendees can try their hand at picking locks of all types. From padlocks to deadbolts, the lock-picking village is a playground for those new to the practice, hobbyists, and those who treat it as a sport to see who can pick a series of locks the fastest.
I've not spent much time in the lock-picking village in the past, but every year I have friends come back with new sets of lock picks, practice locks, and a passion for "hacking" locks. There has been an entire community that has sprung up from lock picking into what is called "locksport," and this year has seen a couple of new projects to help bring lock-picking to the mainstream.
The first was the release of "Practical Lock Picking: A Physical Penetration Tester's Training Guide" by Deviant Ollam. This is a fantastic book that I highly recommend if you have any interest in physical security. It's a great reference and guide book for getting started with lock picking, learning how locks work, and really motivates you to want to get your hands dirty trying out the techniques covered in the book.
The other project was by Schuyler Towne who created the Kickstarter project called "Lockpicks by Open Locksport." I met Schuyler in the Las Vegas airport on my way back home from Defcon and was instantly impressed with his passion for lock-picking. We talked a bit about Defcon, the "Gringo Warrior" contest, and he pointed out a reference to himself in the book above.
After I got back, I started seeing some chatter on Twitter about the Kickstarter project to create custom lock-picks that included templates, practice locks, and much more depending on the amount you pledged in support of the project. It didn't surprise me to see Schuyler's name and face as the creator after having spent only about 15 minutes with him in the airport.
What's incredible about Schuyler's project is that he started out only trying to raise $6,000 and ended up with nearly 1,200 supporters and $87,407. It's amazing to see the support an and interest in lock-picking.
Just like computer security, the people out there finding vulnerabilities in locks are helping advance the field by demonstrating how easy it is to exploit them. Congrats to Deviant Ollam and Schuyler for helping to educate and bring awareness to the rest of the world.
John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.