Lock Bypass without Lockpicks

Waldo set out to expose the GILATT corporationFor its evil deeds and lies about its products

Its phony medicine and stiff-arm legal tactics to silence oppositionAnd ended up with more than he bargained for

In a thrilling tale of...

Daniel Crowley

Before the story begins...

A quick introduction of myself

A quick introduction of the topic

A quick introduction to our character

A not-so-quick introduction to the techniques

Myself

Security nerd and self-imagined artist

Works for Core Security

Contact me!

dcrowley@coresecurity.com

@dan_crowley

Boring

You came here for the pwnageNot me

Lock Bypass without Lockpicks

Security features mostly focus on picking

New tumblers don't break old attacks

Lock manufacturers determine lock quality

Lock consumers determine lock usage

No need to carry lockpicks

Illegal to own/carry in some states w/out license

Quickly learned and quickly performed

Our character Waldo

A tribute to another Waldo

Hard-to-find guy

Likes red-and-white stripes

One resourceful mofo

Physical security NINJA

The Techniques

How do you do the voodoo that Waldo will do?

Abusing ineffective lock usage

Lock not locked

Useless lock placement

Lock affixed to movable part

Lock affixed to removable part

Weak container or mounting hardware

Destroy

Disassemble

Manipulate

Problem #1: Weak mounting hardwareYou don’t need to pick or break the lock, only unscrew the bracket from the door. This is an example of issues involving disassembly.

Problem #2: Lock not lockedThis is a somewhat harder to detect version of the “lock not locked” problem, though fairly easy to spot anyway. You couldn’t ride this motorcycle away, unless it was in the bed of a pickup truck.

Problem #3: Weak mountingAwesome, so you’ve locked your bike to a solid post you can’t slide the lock off of. Only problem is that this wheel comes off without even needing tools. Bye-bye bicicleta.

Problem #4: Lock attached to removable partThis wheel is properly secured from thieves. Too bad the rest of the bike wasn’t.

Problem #5: Utter failureWhere do I even begin?

Shimming attacks

Slide an object into lock to change its operation

Frequently a thin sheet of metal

Frequently targeting the hasp

Can be done with many types of locks

Padlocks

Handcuffs

Door-mounted locks

Padlock shimmingGo see the TOOOL guys and try this one for yourself!

Shimming a door-mounted lockAKA “The credit card trick”

Passage locks

Request-to-exit motion sensor

Trigger motion sensor from outside

Chain locks

Manipulate chain through door crack

Pop-button locks

Not meant for anything but privacy

Fail-safe is easily triggered

Alternate point of entry

RoofGaining roof access may be difficult/dangerous

Window2nd story or higher likely unlocked

Fire escapeMay have unlocked entry points due to fire code

Raised floors/drop tile ceilingsGo over or under

DO WANT

(USD$24.95 on http://www.southord.com)

Credential theft/copy

Magnetic stripesMagstripe reader

RFID chipsCan be read from far away

Vendor statistics assume a standard antenna

Pin tumbler keysMalleable material (clay, play-doh, gum)Take photos and decode visually

Escape from the chair

Ineffective lock placement

Lock affixed to chain

Chain not affixed to chair

Escape from the maintenance room

Ineffective lock usage

Exposed screws on cabinet

Door frame manipulation

Shimming

Doorknob hasp shimming

Passage locks

Chain lock

Gaining entry to the server room

• Alternate entry point

• Raised floor

• Passage locks

• Request-to-exit motion sensor

Escaping GILATT HQ

• Credential theft

• Backup key in obvious location as fail-safe

FIN

Questions?

Comments?

Suggestions?

Hate mail?

Trolling attempts?

daniel.crowley@coresecurity.com