Let me apologize if you came in expecting a discussion of cold-boot attacks.
A few months ago I moved to a new townhouse. The front door has an interesting handle lock/ deadbolt combination; in which the handle lock defaults to engaged with buttons on the covered side of the door which disables it. Interestingly, if the deadbolt is engaged then the buttons revert back to engage. Not knowing about that feature, the first time after moving in that I went to leave was the first time I was locked out of the house. It was a scary moment, as I didn't even know any of the neighbors yet and the landlord is out of state. Remembering a trick I was shown years ago by a neighbor helping us re-enter our apartment, I attempted to jimmy open the latch with an unused credit card. (Don’t use your primary debit card, the attempt can snap a card in half!) Thankfully, and terrifyingly, the front door opened with a soft click. My feelings about the moment were echoed back to me upon returning to the car when my house-guest stated “I’m glad you got it open but a big part of me was hoping it would be harder than that!”
That day and the sudden feeling of helplessness when the door first clicked shut told me that I don’t ever want to feel like that again. This event occurred about a month before my wedding anniversary, I informed my partner that the only gift I wanted was a set of lock picks and a how-to guide. Soon my very own copy of the “CIA Lock Picking: Field Operative Training Manual” arrived followed by a small set of lock picks. (Less than 4 stars on Amazon, not a very detailed book)
Once my picks arrived, I went searching through my house of locks to practice on. Turns out that all of the keyed lock in the house are the exterior doors; to practice I would have to sit in public picking at the lock. Something tells me that this sort of activity would not endear me to my new neighbors. So, off to Walmart I go, purchasing a Brinks deadbolt, single cylinder, spending about sixteen dollars. (Hindsight: who thinks that a sixteen dollar lock is a good choice to protect that 60 inch television?)
Television time became practice time, up to two hours a night, depending on when the days obligations finished. That first successful pick took a few weeks to occur. I kept practicing with that dead bolt until I could open it three times in a single show. The keyway scraped wide so that the tension wrench could slip without the chamber turning, so I felt it was time to retire that one.
Today I decided to try a new lock, so I picked up a Master padlock. One was labeled as “Level 5” and one was labeled as “Level 9”, so I grabbed the nine. My assumption was that it should provide me with another few weeks of practice. Wrong. Time to first pick was measured in seconds, what a waste. For the next few minutes I just kept clicking it back open. So much for “pick-resistant.”
These two locks are a significant milestone in the development of my security growth. Picking provides me an ability to assess the physical security of a space. Recommending ten to twenty dollar lock from Walmart to secure your spaces and data storage is not a recommendation I would make.
In my basement I discovered that there is a locked box from an old, disconnected security system. Fairly ironic that a metal box with the word ‘Security’ in the brand label has a lock which is trivial to pick.
Amusingly, one lock I have not yet attempted is my own front door. Not disturbing the neighbors is still the excuse I give myself, but maybe I just don’t actually want an honest assessment.
As a closing thought, I want to stress as strenuously as a newbie security blogger can that handle locks are worse than no lock. Security theater, where the lock does not do anything. An actor willing to walk into your house will likewise have no scruples against just unlatching the door. Cost required? Free, as I have found store club cards to be better than credit cards for doing this. They flex around the corners better than the stiffer credit cards and you can get more just by walking into a store and asking for one. My “pick” of choice right now is a Safeway card!
TLDR; Locks seem to really be a place where you get what you pay for! Handle locks just let you think you're secure!
Good article. Maybe you could purchase a few locks form auctions or yard sales and save some money on the equipment.
ReplyDeleteReally good idea. There is a flea market nearby each weekend, that would be good too.
DeleteI kept my first receipt and returned the first to pay for the worthless padlock.