It is well known that the password, while the most widespread information security mechanism, is also one of the most insecure. It comes down to the fact that the average person can’t create and maintain secure passwords.
When it comes to physical locks, the average lock on your home and in your office is equally insecure. How insecure it in? In two fascinating books on the topic, Deviant Ollam writes in Practical Lock Picking, Second Edition: A Physical Penetration Tester's Training Guide and Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks that it is really not that difficult.
When it comes to information security penetration tests done on the client site, the testers will most often have permission to be inside the facility. On rare occasions, the testers need to find alternative means to gain entrance. Sometimes that means picking the locks.
All of the information in the books is long known to professional locksmiths. For those whose responsibilities include physical security, it is hoped that they are at least at the level of the locksmiths, and have designed their physical security plant accordingly.
In Practical Lock Picking, Second Edition: A Physical Penetration Tester's Training Guide and Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks, Deviant Ollam shares his passion for lock picking, which is manifest throughout the books.
Ollam is a member of The Open Organisation Of Lockpickers (TOOOL), a group whose goal is to advance the general public knowledge about locks and lock picking. TOOLS mantra is that the more that people know about lock technology, the better they are capable of understanding how and where certain weaknesses are present. This makes them well-equipped to participate in sport picking endeavors and also helps them simply be better consumers in the marketplace, making decisions based on sound fact and research. In these books, Ollam stays true to that mantra.
The two books have some overlap. Practical Lock Picking is meant as beginners guide to lock picking, and is intended to be a hands-on guide with hundreds of pictures and diagrams.
Ollam writes in a clear-cut and systematic manner, describing all of the details needed. Nearly every page includes pictures and diagrams to illustrate the point. In 6 easily readable chapters, Ollam covers the core areas needed to gain a comprehensive understanding of the topic of lock picking. By the end of the book, you won’t be a locksmith or even close. But for those that have locksmithing in their blood, or want to get greater insights, the book will be a great resource that will help them get there.
Chapter 1 starts the book on the fundamentals of pin tumbler and wafer locks; which are two of the most common types of locks in use. Ollam notes that while there are a multitude of lock designs on the market today produced by many different manufactures, the bulk of these locks are not in widespread use. With that, he notes that if the reader can understand the basics of just a few styles of locks, he is confident that the reader should be able to open with great ease at least 75% of the locks they are likely to encounter, and even more as you become more skilled with them.
After the introduction, chapter 2 gets into the basics of lock picking and how to exploit weaknesses that most locks have. Many of these weaknesses are due to errors in the manufacturing process, which the book details. Information security guru has observed that “security is a tax on the honest majority”. He writes that security often does not keep the bad guys out. Similarly, insecure physical locks will do little to keep the bad guys out, which Ollam so persuasively writes about.
In chapter 5, Ollam details what he terms quick-entry tricks, which is done via shimming, bumping and bypassing. Lock bumping has gotten a lot of media exposure in the last few years, but has been around for nearly 100 years. Specifically, it is a pin tumbler lock picking technique using a special bump key. Not that there is a universal bump key that can open all locks. Rather the bump key must correspond to the lock in question. Ollam shows that if one has such a key, many of these locks can quickly be compromised.
The book closes with an appendix that provides a list to the types of tools and toolkits necessary to pick locks.
After completing Practical Lock Picking, one should check out Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks, which is a great follow-on reference.
The main difference between the two is that the latter provides a lot of details on impressioning, which is a covert technique to create a usable key for a lock without picking the lock or taking it apart, in addition to some other types of more sophisticated attacks.
Chapter 2 of the book is on soft medium attacks and is particularly fascinating. Ollam writes of mold-and-cast attacks, which is a technique of opening a lock by covertly copying a legitimate key by making a cast of it in a soft material, then using it to imprint and fabricate a working key. Such a technique was used in real-life and detailed in the 1979 movie The First Great Train Robbery. Ollam writes how the movie was very true to the methods and technology available at that time, when the train robbery occurred in the 1850’s.
The chapter walks the reader through the Quick-Key duplication kit method, in which most common key forms can be replicated with the kits molding and casting forms. The kit Ollam references is for the serious student of the craft, as it costs over $700- and can only be purchased from a firm in Germany.
Chapter 3 on master-keyed systems is particularly interesting as Ollam shows how a master key privilege escalation attack can often be easily done. Master-key systems make the logistics of granting access easier. But with that ease of use, comes the potential for abuse, as that single key will now have global access to the physical site.
Ollam writes that dedicated attackers who have the ability to spend a bit of time will often have the ability to compromise the code for the top master key (the one with the most access privileges) in nearly all master-keyed systems, even with only a small amount of preliminary information and a small number of blank keys.
In the same way that passwords often provide very little network security, Keys to the Kingdom shows that much of the security provided by physical locks is an illusion, given the ease at which these keys can be manipulated and copied.
Practical Lock Picking, Second Edition: A Physical Penetration Tester's Training Guide is a great introduction to the topic of lock picking, while Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks takes that base knowledge and builds upon.
For those who perform physical penetration testing, these two books will prove to be invaluable. For those that simply want to understand what their locks are and aren’t doing, they will find these to be a fascinating read.