Discover Why Your Door Locks Are Probably Useless

Bump Keys - Discover Why Your Door Locks Are Probably Useless

by kersbrook
You are about to discover something that scared the hell out of me. The locks I rely on to protect my family and my business can be opened without damage in seconds. By just about anyone, using easily found information about Bump Keys.

You don't need special tools. Or locksmith training. All you need is a normal key that you can file down with an ordinary file. Or you can buy a bump key on the internet.

Firstly - my philosophy. I don't believe in "Security by Obscurity" - where severe problems with the things that we rely on are covered up and kept secret for use by people who want to harm us. The technique of bump keying (also known as rapping) has been known for over 50 years. Lock manufacturers and criminals know all about it. While all of us poor suckers still buy crappy locks that we falsely believe will protect our families and possessions.

What 's the Problem?

There is a fundamental flaw in the design of the pin and tumbler mechanisms that are used on commonly sold latches and deadlocks. Including those rated as "high security". This flaw makes it possible for anyone to open many of these locks - even deadlocks - very quickly using a technique known as "bumping" This technique does not damage the lock. All you need is a filed down key that fits into the lock, and some practice using a certain technique,

In a bizarre twist, the more expensive locks are actually easier to open, because of their tighter tolerances, and better quality. A Dutch consumer organisation tested over 60 locks that have been approved by the police as providing High Security, and found that most of them could be bumped open.

I realise that locksmiths and criminals have always been able to open locks without keys. But this technique allows almost anyone to do it. At first, I thought Bump Keying was a joke, so I spent a large part of a weekend researching it. Unfortunately I found that the technique actually works.

Imagine This. You arrive home (or at your business), unlock the door, and discover that everything of value is missing. Your new Home Entertainment system, Computers, Stereo Equipment, etc. etc. All gone. You are devastated. But that 's nothing to what happens next. You call the police and your insurance company, and make a claim. The insurance company refuses to pay.

What 's worse - they think you did it - because there is no sign of illegal entry, and your premises are protected by high quality locks. They might even charge you with attempted fraud. Not a nice situation for an innocent, recently burgled person to find themselves in.

This situation is apparently becoming more and more common. In Australia some companies will pay out on a theft claim where there is no forced entry, as long as the theft has been reported to the police. Some won't. (Check your situation with your insurer.) And even if your premises are not burgled, are you comfortable with the fact that someone can open your locks, come in and snoop around your house, and then leave without a trace? Bump Keys make this possible.
Bump Keying - The Proof.
NOVA is a well respected European TV program. They have made a video, which includes a full demonstration of key bumping, and comments from lock experts and police. You can find the link from the resource box below. Like I said, it scared the hell out of me - especially after I tried an experiment myself, and found that everything I had discovered was true.

I obtained a bump key, and practiced on the deadlock on my back door for about 5 minutes. After about 15 tries, I got the technique right, and the lock opened. Another 10 tries - did it again. Another 5 minutes, and I could do it almost every time. I tried another lock at home - and it opened. I then went over to my sister 's house, and she was stunned when I opened her security deadlock at the second attempt. (total time taken for both attempts: - 4 seconds)

Not every lock can be bumped. I've tried 2 others without success. But experts estimate that the technique will work on the majority of commonly used house locks.

How Many People Know about This? Many Millions. There are lots of Internet sites and fully documented reports about the technique readily available on the internet. Bumping has been widely reported in Europe, and covered on several TV programs. The US magazine Newsweek also did a story on it recently, and it 's all over the social contact sites that young people use.

What To Do Next

1. If you are concerned about this, go to your locksmith and buy a bump proof lock cylinder.
I understand that Abloy disk tumbler locks, and BiLock locks cannot be opened by bumping.

2. Do some research regarding the topics discussed here.

3. Take as much (or as little) action that you feel is necessary to adequately protect your family and property.

About the Author

Eric Graudins provides information and services to Small Business internet users
at http://www.webangel.com.au/

The full version of this special article about Bump Keys can be found at http://www.bumpkey.com.au/

Article Source: Content for Reprint

Just not going to lock the doors from now on, like what is the need?

TV Converter Box Coupon Program

Analog is going bye, bye!

Get your FREE $40.00 Coupon!

Comcast Cameras to Start Watching You?

Ummmm.... If you're the one doing the watching this could very interesting or vary scary! But, to think a cable company being able to see who is in the room! This will let them gear adds and shows based on the persons passed viewing history and block shows that are rated for adults when children or teens are in the room? Well you decide what you think on this, I for one don't watch almost any TV so I'm good, but remember if you watch or hang around the room in the nude! (?)

Written by Chris Albrecht Posted Tuesday, March 18, 2008 at 11:42 AM PT

If you have some tinfoil handy, now might be a good time to fashion a hat. At the Digital Living Room conference today, Gerard Kunkel, Comcast’s senior VP of user experience, told me the cable company is experimenting with different camera technologies built into devices so it can know who’s in your living room.

The idea being that if you turn on your cable box, it recognizes you and pulls up shows already in your profile or makes recommendations. If parents are watching TV with their children, for example, parental controls could appear to block certain content from appearing on the screen. Kunkel also said this type of monitoring is the “holy grail” because it could help serve up specifically tailored ads. Yikes.

Kunkel said the system wouldn’t be based on facial recognition, so there wouldn’t be a picture of you on file (we hope). Instead, it would distinguish between different members of your household by recognizing body forms. He stressed that the system is still in the experimental phase, that there hasn’t been consumer testing, and that any rollout “must add value” to the viewing experience beyond serving ads.

Perhaps I’ve seen Enemy of the State too many times, or perhaps I’m just naive about the depths to which Comcast currently tracks my every move. I can’t trust Comcast with BitTorrent, so why should I trust them with my must-be-kept-secret, DVR-clogging addiction to Keeping Up with the Kardashians?

Kunkel also spoke on camera with me about fixing bad Comcast user experiences, the ongoing BitTorrent battle and VOD. But he mostly towed the corporate line on these issues (the monitoring your living room came up after my camera was put away).


Click on Chris Albrecht's name to see the full posting to this story!

CanSecWest PWN2OWN 2008

Hacker Super Bowl pits Mac OS vs. Linux, Vista

Not that this would change my mind about any of the three or make me go to just using one over the other, but I found it interesting that the Mac was the first to go...

Three targets, all patched. All in typical client configurations with typical user configurations. You hack it, you get to keep it.

Each has a file on them and it contains the instructions and how to claim the prize.

Targets (typical road-warrior clients):
VAIO VGN-TZ37CN running Ubuntu 7.10
Fujitsu U810 running Vista Ultimate SP1
MacBook Air running OSX 10.5.2

This year's contest will begin on March 26th, and go during the presentation hours and breaks of the conference until March 28th. The main purpose of this contest is to present new vulnerabilities in these systems so that the affected vendor(s) can address them. Participation is open to any registered attendee of CanSecWest 2008.

Once you extract your claim ticket file from a laptop (note that doing so will involve executing code on the box, simple directory traversal style bugs are inadequate), you get to keep it. You also get to participate in 3com / Tipping Point's Zero Day Initiative, with the top award for remote, pre-auth, vulnerabilities being increased this year. Fine print and details on the cash prizes are available from Tipping Point's DVLabs blog.

Quick Overview:

-Limit one laptop per contestant.
-You can't use the same vulnerability to claim more than one box, if it is a cross-platform issue.
-Thirty minute attack slots given to contestants at each box.
-Attack slots will be scheduled at the contest start by the methods selected by the judges.
-Attacks are done via crossover cable. (attacker controls default route)
-RF attacks are done offsite by special arrangement...
-No physical access to the machines.
-Major web browsers (IE, Safari, Konqueror, Firefox), widely used and deployed plugin frameworks (AIR, Silverlight), IM clients (MSN, Adium, Skype, Pigdin, AOL, Yahoo), Mail readers (Outlook, Mail.app, Thunderbird, kmail) are all in scope.

More detailed rules and fine print will be available on this site shortly. Click Here