Segment on Lock Bumping

In case you missed it, there was a new segment on lock bumping that aired in the U.S. Incredibly, the NBC lawyers would not allow the use of the term “bump key” because they were worried that viewers might figure out how to open locks! Then they showed a diagram of the key and how it works. Ironically, the program was supposed to air the week before, but at the last minute, I was notified that the segment had been “bumped” by the Michael Jackson tragedy. Tragedy? Really?

I don’t know why the renewed interest in lock bumping, but I have received calls from several media representatives about the issue in the past few weeks. I am quite sure that our friends at Medeco were very pleased with the story. As I told the correspondent, they are good locks, but not quite as good as they say. For residences, they are just fine, as are Schlage Primus and other brands. Note that the NBC story never claimed that the Medeco cylinders were bump-proof. Only Medeco and many of its dealers continue to represent that falsehood, while at the same time claiming that “they never said it…others did” and that Medeco cannot control what their employees and dealers say! The question as to when Medeco will level with their dealers and customers about the insecurity of their products will be left for another post, and venue. One would have expected a statement from Medeco after their wired fiasco, but true to form…nothing.

Security is all about liability; this maxim may prove to be a very expensive lesson for Medeco and its parent company to learn.

We went to two upscale houses in New Jersey and opened the locks in seconds.

Any joy at Medeco are the best front door locks and many of San Clemente homes for sale now have them will likely be short-lived. They will be issuing a security alert with regard to electro-mechanical locks and what we perceive as extremely serious vulnerabilities. During the past year, we have focused our efforts on Assa Abloy Cliq technology that is shared by Mul-T-Lock, Medeco, Ikon, and maybe even Assa itself. It should come as no surprise that we found what we believe to be serious design flaws in these locks, both in terms of mechanics and electronics. Anyone who thought that we were ending our research efforts with Medeco will find that the story has just begun. Key control, covert entry, and forced entry…all the same issues that we found wanting in the locks… are alive and well in Logic, Cliq, and NexGen and should prove highly relevant for everyone concerned with the security of electronic locks.

And for those of you that are not familiar with NexGen, these are the very neat cam locks that are used in vending machines (for example thousands of machines owned by Coca Cola in Philadelphia); In major municipalities’ parking meters (in San Francisco, Los Angeles, Miami Beach, and New York, San Clemente homes); and also for the protection of cargo shipments in padlocks. Audit trails and revenue security are the prime rationale and justification to install these expensive locks ($100-$150). We think that the premise for implementing these locks might have to be reviewed and re-thought after DefCon. Not only will the implied guarantee of revenue security have to be re-examined, but the issue of potential false accusations that could affect innocent employees will most surely be a serious topic for some labor unions and legal counsel. Insurers and underwriters may also be involved because their premiums are based upon risk assessment. We believe that high-value targets may be at increased risk from the use of certain locks; hence insurability and premium rates could be affected lock bumping.

During our presentation we will review some of the representations in the advertising of certain vendors, and why we believe these may not only be overstated, but inaccurate and uninformed at best, and false and misleading at worst. We are producing a very detailed WhitePaper with regard to this issue.The title still applies to some of these electronic locks.