lock bypass without lockpicks (see notes for story)
DESCRIPTION
Slides from the "Lock Bypass without Lockpicks" from The Next HOPE, July 16-18 2010, a hacker conference in NYC. The presentation is built around a fictional story about a hacker who, through the course of the story, uses lock bypass techniques other than lockpicking in order to bypass physical security measures, breaking in (and out) of protected areas to achieve his goal of exposing a corrupt organization. The techniques that our protagonist Waldo uses are described as part of the presentation, and periodically throughout the story it is pointed out which techniques are put to use and how.TRANSCRIPT
![Page 1: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/1.jpg)
Lock Bypass without Lockpicks
Waldo set out to expose the GILATT corporationFor its evil deeds and lies about its products
Its phony medicine and stiff-arm legal tactics to silence oppositionAnd ended up with more than he bargained for
In a thrilling tale of...
Daniel Crowley
![Page 2: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/2.jpg)
Before the story begins...
A quick introduction of myself
A quick introduction of the topic
A quick introduction to our character
A not-so-quick introduction to the techniques
![Page 3: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/3.jpg)
Myself
Security nerd and self-imagined artist
Works for Core Security
Contact me!
@dan_crowley
Boring
You came here for the pwnageNot me
![Page 4: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/4.jpg)
Lock Bypass without Lockpicks
Security features mostly focus on picking
New tumblers don't break old attacks
Lock manufacturers determine lock quality
Lock consumers determine lock usage
No need to carry lockpicks
Illegal to own/carry in some states w/out license
Quickly learned and quickly performed
![Page 5: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/5.jpg)
Our character Waldo
A tribute to another Waldo
Hard-to-find guy
Likes red-and-white stripes
One resourceful mofo
Physical security NINJA
![Page 6: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/6.jpg)
The Techniques
How do you do the voodoo that Waldo will do?
![Page 7: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/7.jpg)
Abusing ineffective lock usage
Lock not locked
Useless lock placement
Lock affixed to movable part
Lock affixed to removable part
Weak container or mounting hardware
Destroy
Disassemble
Manipulate
![Page 8: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/8.jpg)
Problem #1: Weak mounting hardwareYou don’t need to pick or break the lock, only unscrew the bracket from the door. This is an example of issues involving disassembly.
![Page 9: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/9.jpg)
Problem #2: Lock not lockedThis is a somewhat harder to detect version of the “lock not locked” problem, though fairly easy to spot anyway. You couldn’t ride this motorcycle away, unless it was in the bed of a pickup truck.
![Page 10: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/10.jpg)
Problem #3: Weak mountingAwesome, so you’ve locked your bike to a solid post you can’t slide the lock off of. Only problem is that this wheel comes off without even needing tools. Bye-bye bicicleta.
![Page 11: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/11.jpg)
Problem #4: Lock attached to removable partThis wheel is properly secured from thieves. Too bad the rest of the bike wasn’t.
![Page 12: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/12.jpg)
Problem #5: Utter failureWhere do I even begin?
![Page 13: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/13.jpg)
Shimming attacks
Slide an object into lock to change its operation
Frequently a thin sheet of metal
Frequently targeting the hasp
Can be done with many types of locks
Padlocks
Handcuffs
Door-mounted locks
![Page 14: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/14.jpg)
Padlock shimmingGo see the TOOOL guys and try this one for yourself!
![Page 15: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/15.jpg)
Shimming a door-mounted lockAKA “The credit card trick”
![Page 16: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/16.jpg)
Passage locks
Request-to-exit motion sensor
Trigger motion sensor from outside
Chain locks
Manipulate chain through door crack
Pop-button locks
Not meant for anything but privacy
Fail-safe is easily triggered
![Page 17: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/17.jpg)
Alternate point of entry
RoofGaining roof access may be difficult/dangerous
Window2nd story or higher likely unlocked
Fire escapeMay have unlocked entry points due to fire code
Raised floors/drop tile ceilingsGo over or under
![Page 18: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/18.jpg)
DO WANT
(USD$24.95 on http://www.southord.com)
![Page 19: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/19.jpg)
Credential theft/copy
Magnetic stripesMagstripe reader
RFID chipsCan be read from far away
Vendor statistics assume a standard antenna
Pin tumbler keysMalleable material (clay, play-doh, gum)Take photos and decode visually
![Page 20: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/20.jpg)
![Page 21: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/21.jpg)
Escape from the chair
Ineffective lock placement
Lock affixed to chain
Chain not affixed to chair
![Page 22: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/22.jpg)
![Page 23: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/23.jpg)
Escape from the maintenance room
Ineffective lock usage
Exposed screws on cabinet
Door frame manipulation
Shimming
Doorknob hasp shimming
Passage locks
Chain lock
![Page 24: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/24.jpg)
![Page 25: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/25.jpg)
Gaining entry to the server room
• Alternate entry point
• Raised floor
• Passage locks
• Request-to-exit motion sensor
![Page 26: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/26.jpg)
![Page 27: Lock Bypass without Lockpicks (see notes for story)](https://reader036.vdocuments.us/reader036/viewer/2022081516/556599bad8b42a093a8b4fa5/html5/thumbnails/27.jpg)
Escaping GILATT HQ
• Credential theft
• Backup key in obvious location as fail-safe