Hacking Medeco locks

A presentation at the Last HOPE hacker conference focuses on the undoing of high-security electronic locks.

The Last HOPE conference, now being held in New York City, is as much for people interested in hacking the real world as it is for computer techies.

One such real world presentation on Friday was called "Undoing Complexity--From Paper Clips to Ball Point Pens." Despite the title, it was about hacking high-security electronic locks from Medeco. (The paper clip in the title is a reference to using one as a way of bypassing one type of security in Medeco locks.) The presentation was very well attended, SRO in a large room.

The presenters, Matt Fiddler and Marc Tobias, didn't seem to hold a grudge. They said nice things about Medeco and its locks, which they claimed are used to protect the White House and England's royal family, among many other high value targets, such as server farms. But after 18 months of research, they claim to be able to hack into almost any Medeco high-security lock with ease. They also claimed to have had a good relationship with Medeco, until recently. Still, they must be Medeco's worst nightmare.

Much of the technical hacking details went over my head, but one thing came through loud and clear: don't trust the claims of vendors when it comes to the security of their locks. It was fascinating to hear how Medeco initially made a strong claim about its locks ability to resist one particular type of attack, then how it had to re-word that claim when that was proven untrue, and eventually, how it had to re-word the claim yet again to the point where it sounds good but has no real meaning at all.

Tobias was a guest, on the 2600 radio show Off The Hook on WBAI back on May 21. That show, is available for download here. He also spoke on "Lockpicking: Exploits for Mechanical Locks" at the prior HOPE conference. Audio of that talk is also available.

See a summary of all my Defensive Computing postings.

About the author

    Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

    He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.

    Disclosure.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    The best tech products of 2014
    Does this Wi-Fi-enabled doorbell Ring true? (pictures)
    Seven tips for securing your Facebook account
    The best 3D-printing projects of 2014 (pictures)
    15 crazy old phones from a Korean museum (pictures)
    10 gloriously geeky highlights from 2014 (pictures)