The Lockdown: Deadbolt walking
by Marc Weber Tobias 
posted Aug 23rd 2007 at 12:21PM
These Medeco systems are relied upon in many different applications including high security installations throughout the world. The locks contain many levels of security including sidebars, sliders and special security pins. Unfortunately, all of that security can be circumvented in seconds with tools such as a simple screwdriver as shown above.
Bypass of these Medeco systems by means of forced entry has been difficult, even with expensive tools available to professionals. But these pro-lockpicking tools are not the variety you should fear, since cost and access to them prevents their proliferation. The tools we should fear are the ones everyone -- including your average burglar -- have lying around the house.
Underwriters Laboratory and BHMA / ANSI have certified these Medeco locks as immune to physical attack for at least five minutes through their testing protocol, yet we have been able to open them in less than a minute using implements that can be had for a few dollars at any hardware store. I have filed a formal petition for review of this and other issues relating to high security locks with Underwriters Laboratories so that UL may consider revising the standards to protect the public from the certification of locks that can be compromised by such techniques.
How can all of the security of these locks be bypassed in seconds? We discovered a serious security flaw in certain of Medeco deadbolt designs. The company has confirmed this; they are scrambling to fix the problem that may have been unknown for twenty years. Within the last couple of weeks the factory had planned on modifying their production line to stop the simple defeat that we announced at Defcon.
Part of the problem results from a widening of the keyway in the m3 as discussed previously (that link again). This method of attack can be carried out with extremely simple and inexpensive tools and requires very little skill, just like bumping. In certain instances this method of bypass can even be simpler than a bumping attack on a conventional cylinder.
This video shows the result of bypass of internal components with a simple screwdriver. (The demonstration has been edited so as not to disclose the precise techniques that are employed to allow the deadbolt mechanism to be bypassed. Shown is a standard six-inch screwdriver that is inserted into the keyway of a Medeco m3 high security cylinder, which can be used to easily retract the deadbolt.)
This is not the only security vulnerability that we have documented in Medeco high security locks. At Defcon, Jenna Lynn, now twelve years old, was able to bump open the Medeco Biaxial three different times. You will recall that this young lady bumped the Kwikset and other locks last year at Defcon 14. She told me that she wanted to "maintain her reputation." She certainly has! An upcoming series of articles will continue our analysis of security issues regarding bumping, picking, and other forms of compromise for Medeco cylinders.
Notes: A detailed analysis is available together with a video demonstration that clearly shows the method of bypass, but this publication has been restricted to locksmiths and the professional security community because of the simplicity of the technique and the potential security ramifications that could result from a public disclosure of the exact method. If you have security responsibility you may contact the author for access to the restricted document.
Marc will also be presenting with regard to high security locks and the Medeco design issues at the HITB Security conference in Kuala Lumpur, Malaysia the first week in September.
Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. He has authored five police textbooks, including Locks, Safes, and Security, which is recognized as the primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book is also available online. His website is security.org and his blog is in.security.org, Marc welcomes reader comments and email.
Reader Comments (Page 1 of 1)
Jamie Nelson @ Aug 23rd 2007 12:33PM
I have seen a report on bumping and the like and this actually happened to me. The folks at engadget will probably sympathize with me, the perps stold my 55" Hitachi plasma screen and my 360!!!
I have since put in special security locks from a company called Bi-Lock. They work great, I tested them and have been unable to bump or pick them in any way.
fistpittingnork @ Aug 23rd 2007 12:36PM
Long shot here, but Jamie Nelson with 72 CS?
Tim UF @ Aug 23rd 2007 1:05PM
Through all this, Is there a recommendation for the best deadbolt systems? Is the Medeco the current best in class?
are keyless any better?
Scaring your readers without really giving a better option amounts only to sensationalism....
jptech @ Aug 23rd 2007 1:15PM
well, I'm switching my locks as soon as I can!
JoeX @ Aug 23rd 2007 3:34PM
So is Medeco planning on replacing the old locks? I have four M3s that were put in about 15 months ago. Those are expensive locks and one of the reasons I bought them was because I thought they would be good for 25 yrs.
If I remember correctly the bumping story broke about a year ago - which was a few months after I bought the locks. Not sure if I can find the warranty info that came with the locks but it seems to me that Medeco has basically been selling a defective product and so I should be entitled to a refund/replacement.
This whole story is really annoying to me. I'm not blaming the people who found the fault in the locks (that would be stupid) - I'm blaming Medeco!
Sean Shrum @ Aug 23rd 2007 1:43PM
Why all the fuss...I can break thru a lock without touching it...go through the window next to the door (unless of course there are bars on them).
Jerome @ Aug 23rd 2007 1:47PM
hey Sean
When people have windows next to the lock I use to tell buyer to get deadbolt with a double key for the door(don't know the real term). So, when you want to lock your door, you need your key to lock it.
This prevent people like you to just break the window :P
Alex Nunley @ Aug 24th 2007 12:51AM
@Jerome.. I dont get exactly what you are trying to say. If I break the window, get inside.. why do I care if the door is locked? I go right back out the still broken window.
Ed @ Aug 23rd 2007 3:40PM
Yeah...a double key *is* a good idea...in theory. But you will find that in practice, I would say that 99.999% of all doors with a double-key dead-bolt will have a key on the inside keyway for convenience. This is just human nature. Technology is great, but you can't use technology against human stupidity or laziness.
Ed
web/gadget guru
Bloobie @ Aug 24th 2007 1:50AM
Get a captive-key deadbolt. Both Medeco and Mul-T-Lock manufacture them. The thumbturn is removable, so you can convert it from a single-cylinder to a double-cylinder when you leave the house. If someone breaks the glass door, they have nothing to turn when they stick their arm inside. Most residential areas have fire codes preventing homeowners from installing a double-cylinder deadbolt on their front door.
Jerome @ Aug 23rd 2007 1:43PM
That video is insane! WOW that is fast!
What was bumping again... oh yes! I made a key like this and you bump with the hammer. It never unlock anything...
Jerome
sodakar @ Aug 23rd 2007 1:54PM
Hmm, so much for the Medeco recommendations from the last round of articles... ...what's left? A personal security guard? :p
Jeff @ Aug 23rd 2007 1:55PM
"Hmm, so much for the Medeco recommendations from the last round of articles... ...what's left? A personal security guard? :p"
The simplest of monitored alarm systems will defeat absolutely any intruder coming in through your front door.
Hell, a *sign* will do the trick most of the time.
Kevin R @ Aug 23rd 2007 2:09PM
An alarm system doesn't stop anyone from getting it, it just alerts SOMEONE that the intruder is inside.
Kyrra @ Aug 23rd 2007 2:14PM
@Kevin R
There is really no true safe-guard for protecting your house or car. All you can try to do is deter people as much as possible from breaking into your house/car.
spamfast @ Aug 23rd 2007 2:34PM
@Jeff
"The simplest of monitored alarm systems will defeat absolutely any intruder coming in through your front door."
BS! In what way does a passive electronic device 'defeat' an intruder?...let alone protect my family, myself, or our possessions?
Methinks you watch too many TV advertisements.
I characterize a person that is willing to hack his way through a locked door as 'determined'. A buzzer is unlikely to discourage such an attack.
At best, if a random attack, they may choose another target, but I'm not willing to risk my safety on the ability of a criminal to make a rational choice. Are you?
Ed @ Aug 23rd 2007 3:40PM
Certainly...a Rottweiler, Doberman or German Shepard, properly trained is one hell of a deterrant...
As a sign on a fence depicting a sillouette of a doberman..."I can reach the fence in 3 seconds, can you?" I for one would not want to test that time trial!
Ed
web/gadget guru
Nogami @ Aug 24th 2007 1:41AM
Well, alarms also scare off a lot of criminals (many of whom are cowards and druggies who will run if confronted).
You need to layer your security - alarms, good locks, decent lighting at night, etc. No lock or alarm will keep a really determined thief out, but the idea is to make someone else's house more of an appealing target than your own.
Obvious @ Aug 23rd 2007 1:52PM
@Tim: Not true... Engadget has no responsibility for going out and researching this topic past the point of the bulletin. If you want a safer alternative, use this instance as a 'grain of salt' when conducting your own research against widely-trusted *cough*kryptonite*cough* brands (which should include understanding the basic concepts of lockpicking, as well as what tools are available to the would-be burglar).
Had this been an article on such research, then I would have agreed with your criticism.
All that aside, I love posts like this... much better than the standard 'heads-up, there's a new camera' fare. :)
Arthur Nonamiss @ Aug 23rd 2007 2:29PM
I'm conflicted as to whether or not the actual mechanism for defeating the lock should be made public. On one hand, I can definitely see the logic in not publicising this to all criminals. On the other hand, how can I, as a business owner that has Medeco locks, make sure that I'm protected. (Aside from replacing them...)
I think that when someone reveals something like this, there should be a "twilight period" during which the "secret" isn't revealed so that Medeco can fix the problem, but after that period, it should be disclosed. You can't fight a security flaw with ignorance...
John McCloskey @ Aug 23rd 2007 3:07PM
Excellent comment.
jroc @ Aug 23rd 2007 2:38PM
Yes, finally, now it's time to get some serious stealing done with me trusty screwdriver.
JediFonger @ Aug 23rd 2007 3:03PM
since when is deadlocks a "gadgets"? i haven't seen you guys create engadget "SECURITY?"
mattydread @ Aug 23rd 2007 3:16PM
I consider a lock a gadget. It's also a type of technology that never stops progressing. JMHO
JediFonger @ Aug 23rd 2007 3:52PM
for it to be a gadget, it's gotta be electronic. r u saying an abacus is also a "gadget"?
Matthew Corley @ Aug 23rd 2007 4:16PM
"A gadget or gizmo is a device that has a useful specific purpose and function. Gadgets tend to be more unusual or cleverly designed than normal technology." - Wikipedia
"Appliance: a device or control that is very useful for a particular job." Princeton WordNet
You know, I'm thinking that these locks (given the mechanisms described) are cleverer than your average technology. Gadget does not necessarily mean electronic, and everything that is technologically advanced doesn't necessarily come with a microchip. Way to narrow the horizon.
Matt
Mehdi Cheddadi @ Aug 23rd 2007 3:31PM
In Canada, we leave the doors unlocked. :^)
jbcaro @ Aug 23rd 2007 6:04PM
Well, there you go. It's official. Canada has nothing to steal. ;-))
adrenaline @ Aug 23rd 2007 3:36PM
now my cats are demaning rediculous pay increases for guarding my house :(
adrenaline @ Aug 23rd 2007 3:47PM
All joking aside, nobody who has anything of value should depend merely on a lock to stop theft. Alarm systems, motion detectors, alarm monitoring etc etc are pretty standard unless you have a 20 ft boa constrictor as a pet.
Having a good lock on the door makes it harder for insurance companies to disclaim losses. The real question is: will this discovery make the use of Medeco locks less trusted by insurers?
Harkonian @ Aug 23rd 2007 4:30PM
In Japan we control doorlocks with our smartphones! Boohoo for you!
Chris @ Aug 23rd 2007 6:17PM
The abloy protec is pretty much undefeatable and uses a pick and bump proof disc system like those found in high security bank vault locks and on the whitehouse..it is the BEST deadbolt you can buy for the price..the dude over at bay area locks is an authorized dealer (one of only a few in the USA) they are far better than the Medeco from what I know..and I have done my research trust me!
http://www.bayarealocks.com/product_info.php?manufacturers_id=10&products_id=28
Fzzt @ Aug 23rd 2007 6:30PM
Considering the amount of glass around my doors there's no point in spending gobs of money on a lock system when someone can simply smash some glass and walk in.
julian @ Aug 23rd 2007 8:25PM
haha i live in canada!!!!!!!! and its so true alot of poeple do haha
attention if u wnat to stop all breaks ins like this there i s a simple and cheap soution
takke out all your doors and windows and use some old fasion brick and motor lmao
Darwin @ Aug 24th 2007 10:43AM
What am I supposed to do with the motor?
Brandon L @ Aug 24th 2007 1:45AM
This is all well and good... however... to verify this really is an issue we should all go to the corporate headquarters of Medeco and see which locks they have on their doors. If they are using their own, and if they haven't replaced their old technology with new, then all of us who have purchased one of their locks have the right to just deadbolt walking right in into their building and... well... you know (get reimbursed ;)).
lol @ Aug 24th 2007 3:09PM
You realize that this doesn't change anything, right? I've watched a few vids on lock bumping and such, and it's been generally accepted that the more complex the lock, the easier it is to bump open.
This isn't an issue for medeco. This is an issue for the lock industry, period. It's gone untouched, for the most part. I think that's mainly because a lot of people who do lock bumping and such only do it for the hell of it, not to steal. A vid I saw actually had a bit of a club going; they'd gather just to pick locks. I think it's on yikers or something of that sort, I don't have the link on hand.
Anyway, I'd opt for those round headed keys, or something a little more unorthodox (as opposed to expensive) but those things are usually not easy to copy (if you lose them).
Double deadbolts are illegal in NYC, as they're a blatant fire hazard. Hey, my house is on fire, I can leave through my door, but wait, where's my key?? In the fire? Darn.
Perry @ Aug 26th 2007 2:14AM
Smith and Wesson or sawed off shot gun... my personal favorites
James @ Sep 12th 2007 8:12PM
There are several locks such as BiLock that are bump-proof -- see http://antibumplocks.com