A little bit of bumping and grinding

Schneier on Security: Flaw in Pin-Tumbler Locks
http://www.toool.nl/bumpkey-alert.wmvhttp://www.toool.nl/bumping.pdf

That’s unnerving. Bump-bump, open. And expensive locks are easier to bump open than cheap ones.

Time for a redesign, I’d say. Makes me want to go re-read my renter’s insurance policy…

I should add a teaser for some background info instead of just giving links. Here’s the teaser from Bruce Schneier’s blog:

I found the article while browsing Bruce’s blog. It surprised me how easy it looked to do it. Business locks and home locks are easy pickings now. Between this and the Bic pens that were able to open some Kryptonite bicycle locks, things are not good for the lock industry.

a litte while ago it came out that a major bike lock company’s (kryptonite) lock’s (Evolution 2000 U-lock) could be picked with a bic pen.

I also found this pretty amazing when I stumbled upon it a few months ago.

This video is in English:

http://connectmedia.waag.org/toool/whatthebump.wmv

Later,

Jess

Why bother when you can do this?http://neistat.com/pages/video_holding/bikethief_holding.htm
Amazing Video

Yup, and Kryptonite ended up offering replacement fixes for the vulnerable locks. Send your lock to Kryptonite, they fix it and send it back.

This bump key method makes it look like pretty much every bike lock from every manufacturer is easily picked now. Bike locks are pretty much useless now for someone who has the right bump key. Car security devices like The Club and similar devices are also equally useless. Locking your expensive MTB to your Yakima bike rack on your car, go in for a Starbucks before your ride, come back and your expensive MTB is gone.

This looks to be a lock security nightmare on a big scale.

The lock manufacturers are going to have to get busy to design a bumpproof lock. And the consumers are going to have to know that they’re going to need to replace all their old locks if they want to lock up anything and have it be reasonably secure. For now, maybe combination locks are more secure than key locks.

I just re read your ealier posts, andi I didn’t even realize that you mentioned the kryptonite thing before I did! Nice work, and let me give you credit where credit is due.

This whole lock thing is pretty neat, and there is other technology out there to relpace them, but everything is going to have it’s flaws.

Someone was talking about the club before. that thing is such a joke. It takes about 3 seconds to hacksaw through a steering wheel, take off the club, and drive away. There is a better system out there, that locks a block underneath your gas pedal. much much harder to defeat. (Yes I know the club is a deterent, why steal that one when you can steal one without it)

3 seconds to hacksaw through a steering wheel? Have you ever actually tried that? They’re genreally pretty substantial and difficult to cut. I’m not familiar with the steering wheel lock that you mention, but mine requires you to cut the steering wheel rim right through in 3 seperate places before the lock can be removed. Having said that, I think i do rely more on the deterent effect, as my car can be broken in to in probably less than 10 seconds by a pro so i need something to ward them off.

That would be something similar to this brake or clutch lock.

But what difference does it make if it can be bumped open just like the majority of key locks? And why cut through a steering wheel when you can bump The Club (or similar) lock open?

That’s why I put plastic snakes on my dashboard. Would you steal a car filled with snakes? I sure wouldn’t!

That’s a big video. 97 minutes and about 461 MB and a slow download. I watched it. Interesting.

There is more info (and a link to that video) on the toool.nl web site.

All this info has me worried that even the high security bicycle locks are pretty much worthless and would all be easy to bump open if you had the right set of bump keys. Makes the bike locks pretty vulnerable. Would be easy to go around a college campus and make off with a bunch of bikes. It doesn’t attract a lot of attention to bump a lock. It’s quick if it works. Tap tap and it’s open.

For now the best defense for bikes would be to use two locks. One good key lock and one combination lock.

The big video mentioned locks that are bump proof but I don’t see any evidence of those style of locks being used for bicycle locks. I haven’t yet read the white paper on bumping (a PDF file). Maybe it has more to say.

Oh, I also noticed that Digg mentioned this bumping thing about 3 months ago. Digg gets a lot of traffic. This technique is getting around and is going to become more well known.

Steering wheels are actually made to be easy to break and bend, as they are the first point of impact for the driver durring a front end impact. I may not be able to cut through one in 3 seconds, but a pro theif could (I’ve never tried). Why do you need to cut through in three places? I’m just curious? The original only needed to have the steering wheel cut in one spot, then bent a little bit to get the club to slide up and off.

yep. My “Design For Manufacture” professor told us the story of inventing, and actually manufacturing a device similar to the break/clutch lock in the 70’s, but never bothering to patent or invest any money in it. (He also points out that there were probably several, if not hundreds of other people with the same idea, and at least a few others besides him who had gone on and actually built one, before anybody bothered to patent it).

Dang, why didn’t I think of that? Shame on you for posting this. Now I’m gonna have to go make one and test it out on my house. (the same thing happened when I realized that all of the locker locks in our school take the same masterkey, but that resulted in suspension. I hope your proud of this.)

On the bright side, you don’t need to carry as many keys anymore, as one key will fit all of your home’s locks. :slight_smile:

Probably referring to a steering wheel lock like this. It has four hooks instead of the two that’s on The Club.
I’ve also seen similar locks that have a fat area in the middle that protects the air bag that’s in the center of the steering wheel. Thieves have been known to break into a car just to steal the air bag out of a steering wheel.

holy Jesus!

tieing knots with rope may come back in style.

Things don’t appear to be so bad for the better bike locks. I did some looking around and saw that Kryptonite is now using a high security disc style cylinder on their Evolution and New York locks.

The disc tumbler locks are a different design than the pin tumbler locks and they are not vulnerable to bumping. So look to see if your bike lock uses a disc tumber. If not then it’s time to upgrade to something better.

Same goes for anything else that you want to lock up and be secure.

John Childs is correct, mine is of such a deisgn that it effectively holds at four points, so if you cut through at one point, you would not be able to bend that portion as the lock would prevent it, as it is located at two points at its other end, now i think about it you could probably do it with 2 cuts, one at eacxh end on the same side. Also the lock is a non-pin type, with a very unusual looking key, and is therefore i think not prone to bumping, i think it’s similar to the disk lock mentioned above. Sure you could get it off if you really wanted to, but then if you were driving a purple mini that you can hear 1/4 mile off you might be a little conspicuous to the police, probably wouldn’t be worth the bother to a pro.