LAS VEGAS, Nevada (AFP) — Security specialists on Sunday showed that cracking top-rated locks said to secure the US Pentagon and Britain's royal family is child's play.
Marc Tobias was in a sea of hackers practicing lock picking at a DefCon gathering in Las Vegas when he easily opened Medeco's flagship lock with a paper clip and a key cut from plastic sheets in a Shrinky Dinks toy.
"We think this is a pretty serious threat, and the government guys here we've been talking to agree," Tobias told AFP.
US federal police and defense department officials routinely attend the notorious DefCon hackers gathering in Las Vegas to assess new computer threats and recruit talent to the government's cyber security teams.
Lock picking is an appealing hobby among DefCon hackers, with a suite dedicated to tutoring, practice and competitions.
Tobias was in a packed "Lock Pick Village" when he detailed how simple it is to open Medeco locks trusted to protect fortunes, national secrets and more.
Tobias has authored books on lock picking and shown how even children can "bump" some high-security Medeco models open by essentially shoving shims in key holes and whacking them.
This newly uncovered crack is said to be troublesome because it involves copying keys; a concept quickly grasped by most people.
"If you can make a key it's over," Tobias said. "Forget about picking and all that other stuff. There is nothing abstract about making a plastic key for a lock that isn't yours."
The trick to making plastic copies of keys is to get hold of a picture or photocopy of an original. One basically uses pictures as templates and cuts out plastic versions of keys.
Tobias and his team have made keys from credit cards and Shrinky Dinks, a toy that lets children print pictures on plastic sheets.
"We no longer have that problem with key blanks, because you no longer need them," Tobias said.
Law enforcement agencies maintain that insider crime is common, and insiders tend to be trusted with keys.
"If you have someone on the inside with access to a key for ten seconds they could compromise the place," Tobias said.
The ease with which people can email pictures of keys to whomever they like has prompted Tobias to dub "key-mail" a future security threat.
US-based Medeco said it stands by the integrity of its locks and advises keeping tight control over keys.
Copyright © 2013 AFP. All rights reserved. More »