Ben Cantrick (mackys) wrote,
Ben Cantrick

[Digg] Bump-keying, or your pin tumbler locks are now trivially easy to pick.

It's been possible almost since they were invented to pick pin-tumbler locks. Before bump-keying, though, it at least took some somewhat specialized equipment (lock picks) and at least a couple hours of study to do it reliably. No longer. With bump keying, your lock can be picked in a few seconds by anyone with a file, a screwdriver with a rubber handle, and any key (doesn't have to be a blank) that fits your lock's keyway. And it requires almost no skill to speak of. And the more expensive and better machined lock you have, the easier it is.

I don't mean to make like this is the end of the world. When I watched the video, I was laughing my butt off every time they demonstrated how easy it was to bump a lock... that was two inches away from A GLASS WINDOW! If someone really wants to get into your house, all they have to do is pick up any rock from your yard (or the jackhandle from their car, or the ceramic top from a broken spark-plug they have in their pocket, etc, etc) and break your window.

Security is only as strong as its weakest link. It's foolish to complain about your locks being easy to pick when your windows are made of glass. The only danger the bump key creates is that it's easy for someone to get into your house without you knowing about it. If that's your concern, the counter-measure is simple: An alarm keypad that requires the correct code be entered within 30 seconds of the door being opened. Or you could switch to keyless biometric locks. But those haven't proven to be very hard to fake out either...

In fact, I think if you want real security for your house, you need to incorporate both multiple forms of authentication, and layered security. For layers, I'd suggest getting a dog. Dogs aren't fooled by a bump keys. For multiple forms of authentication, remember Schneier's three kinds of authentication: Something you know, Something you have, Something you are.

- Keys, key-cards and RFID chips are something you have.
- Secret codes for keypads or secret passwords are something you know.
- Fingerprint scans, iris scans, and retina scans are something you are.

None of these are foolproof, but using multiple methods in conjunction is always more secure than using only one. If all locks installed required both a key and a fingerprint, bump-keying would be nothing more than an interesting footnote in the obscure history of lockpicking.
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.