Announcement

Collapse
No announcement yet.

Physical Hacking: Report of Medeco Lock Defeat

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • integrator97
    replied
    Bill & Silva,
    Thanks for your replies. My questions were partially rhetorical. And Silva, you got my point, and I understand where you're coming from. I hope everyone else does too.

    I too think Medeco is about as good as it gets, though I'm from the electronic side.

    Anyway, I always enjoy the forum.
    Jay

    Leave a comment:


  • Silva Consultants
    replied
    Originally posted by integrator97 View Post
    To what degree? Locks sold since they have claimed to be bump proof?

    What is the difference between bumping and picking? And was this guy claiming to bump or pick. I know a very good locksmith who told me Medecos weren't pick proof, but that there is a big difference.
    Picking and bumping are two different techniques. There are lots of articles and videos floating around on the net (i.e. You Tube) that show these techniques so I won't duplicate the effort in explaining here.

    I don't think that Medeco ever claimed to be pick proof, only highly pick resistant. To me, this means that the locks should not be able to be picked by someone with only an average level of skill in any type of reasonable time frame.

    There are, and always will be, champions in any field who can eventually defeat any security device, including high security locks. I'm not worried about these guys. I do have a concern, however, when a product that is advertised as "pick resistant" and "virtually bump proof" is shown being "bumped" open by twelve year old girl in less than a minute.

    I have been recommending Medeco products to my clients for more than twenty years so I have more than just a casual interest in this subject.

    If it is proven that a product that has been advertised as high security can be easily defeated, I expect the manufacturer of that product to come forward and correct the problem at no cost to the customer. This would be no different than an auto manufacturer issuing a recall on an automobile that had a major safety defect.

    Certainly, as time goes on, there are situations where a product that was once considered "high-security" or "state of the art" becomes outdated because of changes in technology. I wouldn't expect a manufacturer that sold me a CCTV tube camera 25 years ago to provide me with a free upgrade just because better cameras are available today. However, the alleged vulnerabilities in the Medeco lock cylinders do not fall in this category as far as I am concerned.

    Leave a comment:


  • Bill Warnock
    replied
    Originally posted by integrator97 View Post
    To what degree? Locks sold since they have claimed to be bump proof?

    What is the difference between bumping and picking? And was this guy claiming to bump or pick. I know a very good locksmith who told me Medecos weren't pick proof, but that there is a big difference.
    Integrator, please search the words lock bumping and you will have your answer. Picking and bumping are two different methodologies.
    Enjoy the day,
    Bill

    Leave a comment:


  • integrator97
    replied
    Originally posted by Silva Consultants View Post
    If a true vulnerability in the Medeco product can be proven, then the company should immediately step up to the plate to correct the problem. Corrective action should include issuing upgrades at no charge to any affected customer.
    To what degree? Locks sold since they have claimed to be bump proof?

    What is the difference between bumping and picking? And was this guy claiming to bump or pick. I know a very good locksmith who told me Medecos weren't pick proof, but that there is a big difference.

    Leave a comment:


  • Bill Warnock
    replied
    Originally posted by Security Consultant View Post
    This has served me well in the past. I'm always surprised (not really-I guess) of the number of people who still do not do this.
    Curtis, in my professional and private sector lives, I've hammered and hammered away at this very issue. (Tongue in cheek), what is a mother to do?
    Enjoy the day,
    Bill

    Leave a comment:


  • Curtis Baillie
    replied
    Originally posted by Bill Warnock View Post
    For the good of the order, our home insurance carrier was made aware of this problem in June and claims for theft using this method of entry will be handled on a case-by-case basis.
    Crime prevention specialists have urged people for years to mark all their property for later identification. They also encourage the use of camcorders or pictures of valuables for later identification. These recordings and photographs must be maintained in a safe place to support later claims of theft.Enjoy the day,
    Bill
    This has served me well in the past. I'm always surprised (not really-I guess) of the number of people who still do not do this.

    Leave a comment:


  • Bill Warnock
    replied
    For the good of the order, our home insurance carrier was made aware of this problem in June and claims for theft using this method of entry will be handled on a case-by-case basis.
    Crime prevention specialists have urged people for years to mark all their property for later identification. They also encourage the use of camcorders or pictures of valuables for later identification. These recordings and photographs must be maintained in a safe place to support later claims of theft.
    Enjoy the day,
    Bill

    Leave a comment:


  • Mr. Security
    replied
    Thanks for the additional information. Sounds like Medeco might be the victim of misleading claims.

    Leave a comment:


  • Silva Consultants
    replied
    For what its worth, I visited the Medeco booth at the ASIS show to discuss the recent publicity concerning the vulnerability of Medeco lock cylinders. The people I spoke with at Medeco claim that the gentleman who made the video showing Medeco cylinders being compromised refuses to allow Medeco engineers to examine the specific lock cylinder shown in the video.

    Further, they claim, the gentleman refuse to pick/bump a randomly chosen number of cylinders provided by Medeco so that he can prove (under the observation of witnesses) that his technique works generally rather than just with a specific lock cylinder.

    I don't know who's telling the truth here, but I think that Medeco deserves the benefit of the doubt until the claim of compromise can be proven. If a true vulnerability in the Medeco product can be proven, then the company should immediately step up to the plate to correct the problem. Corrective action should include issuing upgrades at no charge to any affected customer.

    Leave a comment:


  • Mr. Security
    replied
    Originally posted by N. A. Corbier View Post
    If you've got Medeco locks, you're worried about the professional. If someone bypasses Sergeant and Greenleaf locks, then there's a serious problem.
    I didn't realize they were so cheap. Now if you had mentioned KwikSet...

    Leave a comment:


  • N. A. Corbier
    replied
    If you've got Medeco locks, you're worried about the professional. If someone bypasses Sergeant and Greenleaf locks, then there's a serious problem.

    Leave a comment:


  • Mr. Security
    replied
    Amazing

    I am familiar with "bump keys," etc., but I am amazed that Medeco was defeated. If it's any consolation, a demonstration that makes it look easy with a professional doesn't mean that it is possible for most people. Still, it is sobering.

    Leave a comment:


  • Bill Warnock
    replied
    Originally posted by N. A. Corbier View Post
    http://it.slashdot.org/it/07/08/05/1745226.shtml

    ^ Slashdot report of an article discussing physical hacking at the recent DefCon convention.

    Those of you who know what DEFCON is, and I don't mean the NORAD Version, should be interested to know that AFP is reporting that Medeco High Security locks are pickable, with demonstration.
    Nathan, enter: Lock Bumping on your search engine and you wind up with pages of information.
    Enjoy the day,
    Bill

    Leave a comment:


  • N. A. Corbier
    started a topic Physical Hacking: Report of Medeco Lock Defeat

    Physical Hacking: Report of Medeco Lock Defeat

    http://it.slashdot.org/it/07/08/05/1745226.shtml

    ^ Slashdot report of an article discussing physical hacking at the recent DefCon convention.

    Those of you who know what DEFCON is, and I don't mean the NORAD Version, should be interested to know that AFP is reporting that Medeco High Security locks are pickable, with demonstration.

Leaderboard

Collapse
Working...
X