Deviant Ollam | The Four Types of Locks | SOURCE Conference Boston 2010

Video Statistics and Information

Video

Captions Word Cloud

Captions

thank you so much for showing up on is this the last talk of the day and you're still here you're not at the bar you're listening to me that's touching yes I will try to make it good this talk is called the four types of locks and it shall become clear hopefully in a second what I mean because a lot of people who've seen me speak before they say man I've seen more than four types of locks in your pockets let alone like what you carry in these there's a million types of locks and what I mean by this is no it's not about styles and designs of lock it's really helpful to think of locks in for really broad categories it's the best way in my opinion to try to build a physical security framework for yourselves and I'm actually cobbling around in my own noggin up here what could become a physical security framework for companies because the standards out there are really really abysmal in case you don't know you haven't seen me bouncing around at different conferences I sort of show up in random odd places and do a lot of things with locks and physical security you can usually tell by how I'm dressed where where you're seeing me if you're seeing me in like nice shirt mode I'm with my company the core group you know wearing pants and things like that but yes we do auditing and physical assessment and training and lock forensics for proper companies if you see me in black t-shirt mode I'm with tool running some sort of hands-on workshop or other fun play area teaching your kids how to get out of handcuffs and things like that and I always enjoy when pee how many people have come by one of the tool areas and actually tried some picking at events excellent we will have a whole lockpick village going on here at source tomorrow so all the things you're seeing today you will not only learn how to do it from me you'll learn how to do it yourselves hands-on here in this exact conference but I also as I was joking with gadsden earlier I do a lot of fun stuff with firearms I'm very into physical security of that nature I travel with firearms a lot and that became a whole other field of expertise and I learned way more than I ever thought I would learn about how airlines and highways and all the different laws work so if you ever travel with firearms or you want to talk to me later it's in a bar like I'll tell you a million fun things it's not hard it's actually sometimes really really cool that's a different talk of mine but we're here today to talk about locks we're here to talk about which locks are which which ones are good here's a bunch of locks that look very similar the popular square body padlock shelf these are different brands are they're the same inside are they different how do you know when a lock is high-security what does that even mean here we have a nice selection of hi CJ do you think these locks are very high-security right yeah they're badass put them on your server room you'll be great yes why do locks matter and why do we distinguish between them why do we need to know this well it comes down to the job you're trying to do every one of you or most of you I imagine are responsible for a lot of pieces of equipment that look like this and you have to secure them and configure them correctly and patch everything and make sure all your networks are segmented just right and you can be doing all of that probably helping your company out a lot and I respect all the work you do if you or someone else at your company didn't pay attention to locks however I can stroll in with a console cable on a red team on it and really ruin your day you could have all the you know phone calls between your different offices through crypto you know connections and your well your PBX is talking to your San Francisco PBX and it's all locked down I still guarantee you somewhere in your office there's a room that looks like this with a bunch of copper just going up to everyone's desk if I get into this room with you know some alligator clips and a butt pack all those crypto phone calls suddenly are belong to us it's not really helping you out your physical security is your data security and vice versa all of your hard work everything you're doing or everything your boss is doing or everything you know your associate team is doing all of this that you do here is great don't let it get ruined here by really bad decisions walking through Home Depot that's the crux of what I'm gonna tell you about today there are four grades of locks and I kind of categorized them in different ways the first grade that I talked about is quote the lowest grade of lock or the locks you are most likely using where you don't realize it how bad are a lot of these locks and how prevalent are they well it's pretty rotten you may not know thank sweetie that most of the locks you use whether they are you know dead bolts doorknobs padlocks they look very different but you guys should understand they're all the same lock inside these are all just different form factors of what's called a pin tumbler lock in the in here in North America it is the most common lock everywhere inside what's actually happening cuz you're gonna learn this right now you're actually not gonna just get a quick spiel you're gonna learn picking itself whoo inside what's actually going on well this round part that turns when you're operating the lock is called the plug and if you look just right down the key way you know peer into some of these you know locks around you don't like messing with them but just look into locks or like looking to lock so you might have in your room you'll probably even see a little piece of a pin many of you do know and you've heard the term pin tumbler lock you might know that locks work with pins somehow what you'll never see however unless you completely strip the lock apart and imagine we cut the face right off this inside of a pin tumbler lock it's not a single pin doing a job usually it's a pair of pins called a pin stack so right now this plug can't turn we don't put a key in it because the pin stack is not in the right position shown in blue is called the driver pin and that pin is binding right now it's only if you stick your key into the lock your key rides along the key pin shown in red pushes on the pin stack just the right amount let's everything turn nice and even and clear that's the same design that Linus Yale created back in the UK ages ago and we still use it today that is all that's happening in most of your locks does this make sense so far excellent you're like halfway to be in a locksmith at this point now of course it's not a single pin stack in the lock there are series of them the more you have usually people like oh there's more security because I got more pins well yes and no all the driver pins are the same in this lock but notice the key pins are different sizes the different size key pins correspond to different heights on the blade of the key known as the bitting of the key that's how a key is different from another key is different from somebody else's key all those cuts represent different sizes of bottom pin of key pin that have to be distinct and accurate and of course if just one of those pins is a little off oh well I'll show you that in a second sorry so inside the lock you've seen diagrams you've seen some animations but you've never really seen a photo until now and unless you've carved a lock open you've probably never seen this with your own eyes understand that this is supposed to be a beautiful and you know supremely perfect world everything is lined up everything's measured just right ideally that's how the lock would work flat and true and even and flush every time actual locks as anyone who's worked in the hardware space knows anything you manufacture you send out to a Fab Lab you pay for tolerances you pay for how accurately you're milling and machining is going to be all locks will have some imperfection in the actual production process so these chambers that are drilled to hold the pin stacks they're not perfect in every way these pins weren't milled beautifully and it looks like a couple of them have even seen better days the plug chambers also can be a little sloppy a little bit different size different alignment all of these imperfections line up and cause the lock to not behave in that gorgeous pristine sort of animated way you just saw here's another animation imagine we've stripped the lock completely apart so the plug has been removed and it's on the left side here we're looking at it kind of down from above all those chambers right where they should be perfectly drilled and again we're trying to turn this plug with no key all those driver pins are binding binding binding as they should right but think about those imperfections that I just described to you think about how many locks are not this good in fact no lock is perfect perfect some come close but some locks are really bad some locks I mean this is you know misaligned a little bit wrong shape you think this is exaggerated sort of to make it visually appealing and maybe it is but not in all instances really cheap locks absolutely you can just look at them naked I be like Oh God who milled this those imperfections cause the binding process to not happen universally across all the pin stacks so whatever pin is the most misaligned like the one that's really hanging out further that one hits first and the rest of these pins aren't binding even though we're trying to turn the plug does that make sense well because of that because locks will bind one pin stack at a time you can attack them one pin stack at a time it comes back to what I said how more pins is not necessarily more secure someone might say well I'll have a really big key space because I'll make a lock that's like seven pins deep and there are some seven pin locks I've seen eight pin locks beyond that it just gets silly because it looks like you're carrying a sword around on your keychain and also because you're not really buying yourself more security yes your key space is huge it's unlikely that your key would ever accidentally line up with some other guy's key but just in terms of resisting attack more pins isn't really doing it for you with binding pins setting one at a time you can do what's called manually setting the pins into position one at a time a little bit of pressure on the plug let's resume this again a little bit of pressure will cause a pin of course to bind somewhere if you then put lifting force on the pin stack you'll eventually click it into position where it should have been you'll you know it has nowhere else to go it's going to eventually just reach the height that it should have reached with a proper key when you reach that height this pin stack is no longer binding and the plug actually can turn a little bit it can't open but it can turn just enough to hang up that driver pin does everyone see that the driver pin actually gets caught on the lip of the plug and now when it's turned a little bit now the next most misaligned pins somewhere else is the next one to bind but as long as you keep very gentle pressure on the plug that driver that you have set is never gonna fall back down into the key way you've taken it out of the equation and you can go through the whole lock pop-pop-pop hunting around trying to find which pins are binding and eventually get them all it's really really simple so here we have a lock with a plug under pressure lifting and those didn't feel like much but this pin stack you felt a little click like ooh that's interesting these are loose here's a little tight and you feel it click so you're hunting around always trying to find the tight binding pin stack and push it gently until it clicks when you eventually click click click get the last one now everything is open because nothing is holding the plug shut anymore you all I swear to you you all can do this you will be amazed at how easy it is there's another technique known as raking raking is even simpler to do if you've ever seen certain pick tools that have kind of squiggly tips on the end of them raking is just scrubbing back and forth across all the pins it's kind of like fuzzing the lock you're trying to just you know throw everything you got out and see what craps out and a lot of the times raking will pop a lock open even faster than that lifting method don't you know take my word for it because what is a good con talk without potential live demo fail we'll try to we'll try to do this right in front of you here hopefully these really poor brands which I'll cover that up you know it's it's a blaster padlock yes so hopefully you know these locks will behave properly enough for us that we can see and just you know yell at me if I'm on camera I'm no Scorsese I can't line up a shot at all only two tools I'll need a tensioning tool that's gonna just put a little bit of pressure on this plug and again you're not like oh you're not cranking down on it gentle just I'm gonna lean this right into my hand can everyone see the tension or just kind of laying in my hand that's more than enough pressure a little hook tool and I'm just gonna go in and try to reach these pins and if it was quite enough that's a loud fan and I projected you might even hear them clicking you send me up front what if I was showing my mouth absolutely you can do that absolutely not hard raking same idea here's a lock out of a deadbolt I'm gonna go in same idea tensioner tool very gentle pressure not gonna use my hook I'm gonna grab a rake tool instead and just vary your effort vary your pressure up vary your angles there we go all right look a little longer that time but again just open you are all gonna do this you're absolutely all gonna do this and what's more these are locks you're all using probably somewhere don't rely on them and think of these as magical you know impenetrable devices they're really not another type of lock you have around your company it's not a pin tumbler lock but I'm sure you've got them wafer locks incredibly popular in pre-built office furniture in a cabinets all kind of things wafer locks are even simpler than pin tumbler locks and it's one more just no brain lock it's just a sliver of metal it's not even a split piece of you know one pin another pin it's one piece of metal in the plug that can't be too low can't be too high just gonna line up right in the middle and then it turns I can't even tell you a sophisticated finesse way of attacking these other than just to say rake them or use what are called jiggler tools on them a jiggler tool shown here in the middle and the top it's essentially like almost a rake and a tensioner all in the same package practically if the locks are bad enough as most locks are here's a filing cabinet lock jiggler tools I mean you can almost use them as keys like old keys that have worn out you have to bang around and be rough with them let me see if I can do this on camera all right that's fun if you can see that but that's open yeah and this is this is got a lot there's like five wafers in here that's a lot there for wafer there's three wafer locks I've seen a to wafer lock once on a power panel so yeah don't use that lock please these are all examples of that first grade of do not use this lock lock but of course we are using these locks we're using locks like this sometimes I saw this on a wiring closet once common master combo padlock who's seen it you all have who has used it who uses it at the gym no you're saying deviant you don't know what a gym is you don't know what they have there right do you know that you can open these you guys some of you must know you can open these with beer can metal has anyone seen this before who has not seen this before okay for those of you who haven't seen this before let me try to keep everything on camera here this is piece of metal from beer can I'm gonna make a few cuts in it and a little pattern here all right make it quick fold you're all gonna learn how to do this in the village tomorrow two little bent piece of metal will go into this block slip it in down twist and turn yeah don't use this lock for anything other than your dirty socks at the gym yes beer can do anything has anyone ever heard of the bumping attack yes anyone ever not heard of bumping it's finally getting some some word in the news bumping relies on basic Newtonian physics like you all learned in high school you slap a cue ball into the billiard stack the two goes flying that's what happens inside of a lock when someone's using a locksmith pick gun you ever seen in TV show is the snap snap snap snap or maybe you've had a lockout call a guy comes to let you in your apartment they might have been what he tried to use a snapper gun just smashes on the bottom pins of a lock smashes the key pins gets the top pins to fly up a bump key is a specially cut key that does the same thing you smash on the key from the outside it bangs into all the pins potentially driving the drivers up wouldn't even try to do this on camera why not you're getting all the the we have to had no epic fail yet isn't this amazing makes it like I'm completely screwing all the other speakers who have live demo because I'm getting all the good karma and then everything else is just gonna wreck the rest of the weekend sorry guys so here we have a lock with a bump key now this key does not you know open the lock it's not bidded for this lock at all but if I take a good good bump hammer here and just kind of get my hand in position and whack with it there we go that's that's open not open open every one of you can do this where are you using these locks well unfortunately you're using these everywhere anything that's listed as a ruggedized lock for outdoor purposes is usually really bad it's usually designed to weather the elements it's not designed to protect from these sorts of attacks and of course this lock in a great neighborhood of town can control the entire power of a building and it's an awful terrible lock you know power panels all type of wafer locks on access panels power panels wiring panels these are all crummy pre-built locks locks that came with something you bought did not everything to replace because whoever thinks of that and just because you hired a locksmith at your facility to you know secure the front door and that's great I applaud you if you've done that you probably still have a lot of really lousy locks laying around and if someone can run a red team tests on you and get in the building usually with a wink and a smile not even with my lock picks once someone's in the building if they're not being challenged why it why are you in here there's a lot someone can really do why are most locks this bad it's a little outside the scope of this but if you're curious it has to do with standards most standards of locks particularly in North America are very industry-led they're very you know the industry rating itself and almost all of them pertain to matters of brute force attack locks are you know rated against how many foot-pounds of torque can you turn them with without cracking them in how much you know can you kick the door things like bumping picking even shimming they're really not in these lock standards you know picking is an instantaneous attack the some standards will say alright this must this must resist you know 15 minutes of attack or this must resist 15 minutes of bumping I don't even know what that is personally if a bump attack is gonna work it's gonna work in five seconds you're not gonna sit there hammering on the bump attack for 15 minutes involves a sledge hammer I think but yeah the idea that oh our lock is resistant for up to 15 minutes that's pretty poor if someone can just breeze through the door like that because the lock is this bad you know it's it's just gonna happen in a heartbeat it's not really it's not really being looked at the right way in terms of standards in my opinion you need some kind of response window for someone to wake up and say oh shoot someone's here you need a lock that will actually resist more and will really slow someone down so what how do you get that how do you make locks kind of better what is the next category of lock that I would say is type 2 well pick resistant locks are out there many times you hear about you know this lock is hardened or this lock is commercial-grade or this is blah blah blah those are all just marketing terms I personally have very specific categories from which I would say this is pick resistant for one thing making key ways a little tighter making key ways harder to move your tools around in the more warding you have the more angular a key way is that's definitely gonna frustrate most attacks this is a real key way you know it costs more to make but it sure it exists we can do key ways right we just don't because everyone has well I've seen this key forever and can you make me three more locks on this key the same kw1 and sc1 those two keys the Schlage and quick-set keys there's a bajillion of them out there and we're gonna keep seeing more of them why because people say oh I've got 12 of these locks and I want to have three more I should key it all the same unfortunately it's not really good thinking inside the locks you can absolutely prevent that shimming attack if you're worried about kids with beer cans running around open in all your power panels you just get an unshin Balad lock they're out there I'm a fan of them but how often do you see this talked about so when you buy it as a consumer if you're not thinking of this you're never gonna say by the way is this lock shim proof finally again this is making its way on to some packaging nowadays the double ball mechanism the idea of other types of mechanisms that can't be just popped open that's a good thing I'd like to see more of it you can change the shape of pins and make them a lot harder to pick as many of you might be able to predict this just looking at the physics and what's about to happen if you try to you know set this pin it's called a spool pin it's gonna jam on the edge it's not going to want to set there are a number of designs like that mushroom pins serrated pins Jam on everything now it's still possible to pick these with enough finesse with enough real patience and dedication but it's harder it's a great step up it is what makes this lock you know pick resistant in my mind come on there we go you can resist bumping really easily a simple way of doing that you know putting some gaps in the pin stack so the physics of bumping doesn't transfer energy correctly there's even an anti bump pin by making one pin less weighty than the other it will actually mess up the physics of how the pins fly around talk to me more in the Q&A if you really want to get into retrofitting and changing your locks I'll tell you some tips about it however please understand that everything I've just shown you in Category - you can still get around it with dedication this right here this next step up is what I really want most of you to try to take away from this talk there is a difference between pick resistant and what I would call properly high security there are whole different categories hold if it's a whole different animal but those sort of terms we get thrown around a lot because of marketing you know guys who say look put this high security display over here and you saw it was like you know commercial grade master locks fine enough lock if you want to you know keep the two-year-old out of the candy I guess but it doesn't belong in your server room what do I consider a proper high-security lock well it's something that would entirely change the game something that someone who bought the five dollar pick set or the ten dollar pick set online with like three tools in it cannot get into something you need specialized tools to attack something that needs different training and techniques and different methods beyond just the basics that you can learn like on the Internet good example of this line of thinking an old design by the Schlage company called their Everest basic pin tumbler lock but they added this extra little pin in the bottom of the plug this little what I would call a check pin and unless you have the right key the Everest key had a big groove that would reach down and scoop into that keep that pin that little pin wouldn't retract and the plug could never turn so people could sit there trying to pick it all day trying to set the top pins top I can't get it well it's because an entirely different pin was hidden somewhere else and eventually of course a special tool was made it was a special tensioning you know tool with a long finger on it some people just cut Everest keys and use them as tensioners very brilliant but it made somebody break out of their comfort zone if someone waltzed in your building with the basic tool kit that says I learned how to use this and I'm gonna get some locks would they have oh shoot I'm missing a tool I need a special tool I didn't bring with me would they need that would they need a different technique they have never trained on that is my definition of high-security proper high security nowadays because of you know the Everest of course is an older design you see a lot of sidebar based locks an entire bar running down the plug that will not fall inward unless other conditions are met sometimes it's an entire second row of pins series of pins like on this AUSA twin lock or a scorpion lock actually the scorpion you'll see in a second the AUSA twin lock the idea is it's a whole extra row of pins you're not gonna reach your tools in there and try to set these by the same method any people ever have keys for they're maybe their you know car or something that have a like a long groove running down the side of it have you ever had door keys even with long grooves running down the side that's usually the sign of what's called a slider mechanism same idea it's small bits of metal not whole pin stacks little bits of metal interacting very intricately with a side bar that has to fall inward impossible to pick with just regular tools unless you know you have three years to try it I guess maybe you could try I would not want to medico is a very popular lock for some people if you do any work in the government space you've probably seen medico locks around again it's a side bar based lock there's the side bar actually interacts directly with the bottom pin the key pin spins into position allowing fingers on the side bar to fall inward if you've ever wondered how that's achieved it's a pretty neat design actually the side bar not in these key pins is aligned because of these chisel tips and the actual bidding cuts on a Medeco key are in different directions I took a Medeco lock apart shot some video of it you know actually of the plug and you'll sort of see this it's a neat it's a neat system here these little dark spots those are the actual channel where these fingers from the side bar would fall in and you can see as you pull the key out it randomizes flips all around it's a really really neat design now it's unfortunate that this design has not really changed in the past few decades medico had such a cool design that they were able to coast on it and they never really did much more research they never really evolved it except some cosmetic changes to extend the life of their patents and copyrights because of that one dedicated man and his partner have been attacking medico for a while and now basically destroyed the lock mark Tobias and Tobias blues montes if you've never heard of this they have just wrecked medico they can bump medicos they can pick them reliably there are decoder tools because they are the lightning rod they were the big name in the industry they took a lot more heat than many other companies but also because they kind we're content to sit around did not make a lot of revisions you know they're not that they're not an unpickable lock anymore you never want to use that term in general of course but they're not the best of the best what I still call them high-security maybe you know depending on how badly you know someone has all of Marc's training and all his special tools you can get in there but I mean it's not gonna be the most common thing don't freak out if you have a lot of medico at your facility back home it becomes time to change your locks out yeah maybe you get something new rotating disc mechanisms no picking no bumping nothing like that because there are no pin stacks some locks just dispensed with pin stacks entirely beautiful type of lock that you see more in Europe than here except maybe on some of masters old kryptonite no they're not master the Kryptonite companies bike locks the rotating disk it's essentially a safe it's like a mini safe with wheels that spin now can you attack this yes you can attack it with a specialized tool with specialized training and a lot of time it takes a while to do some locks are what I would call however completely unpickable in quotes unpickable what do I reserve these special fourth category of locks what is the fourth type of lock the highest grade well in simple terms it's a lock that has no known attack or bypass that has been published or even theorized yet it's a very short list and it's a very you know finicky lover if you're on that list you can get kicked off right away if somebody releases the right paper its source or blackhat or who knows where currently if you're curious the few locks that really are my darlings on that list one is a finish lock from the ABLOY company called their pro tech it is essentially a rotating disk lock that has extra counter measures which I'll tell you about if you want to ask me later that frustrate the use of that you know rotating disk two and one tool brilliant design I used to have medico and all my stuff I've replaced it all the protex in the past I don't work by the way for any of these companies that I you know prays or any of the companies like trash they don't give us free stuff they just you know they just are so I like to remind you of that I do have friends who sell some of these in Europe though and I'm proud to say that there are my friends they're a very nice product there are really awesome magnetic locks some magnetic locks I would call basically no picking no attack nothing has known especially the Ewa company in Austria has the MCS lock unlike some magnet locks which are just little north-south magnets in an array the ewa mcs is actually a lock that has each discreet paddle with a north-south zone rotated into different positions so the inside the plug you have these little rotors that spin and align all in a row allowing a sidebar to enter I it's gorgeous it's really gorgeous and anytime you have magnets you don't have to have the inner side walls of the plug you know touching anything it's just a flat channel because magnetism radiates out through the plug and does its job there's nothing you can even touch with your tools to spin into position really really neat one more company multi lock they're based out of Israel I believe their latest generation of lock the MT 5 there is no known attack or bypass I didn't get into much of their stuff because some of their older generation locks have been picked and bumped but the if you're using a multi lock system many North American locksmiths have contracts with multi lock more than EV on ABLOY and if you see oh we've had multi lock for the longest time ask them if they can upgrade you to the MT 5 and you'll be in that unpickable category if you want if you're worried about your safes don't be too worried about your safes well maybe be kind of worried about your safe if you didn't pay a lot for it safes tend to be a little better some safes you know can be manipulated open ask us in the village if we want to teach you about safe cracking you know I'm sorry we couldn't bring a bunch of safes with us but well we could give you give you a lot of fun information about it there are manipulation proof safes that are just out there how do they work ask me during the Q&A I hope I'm not breezing too fast I want to give you all the material don't want to run long and then since we're the last talk if we have a minute or two we can chat it up a storm or meet me in the bar bar after the startup calm we're in the startup competition and then we'll be in the bar there are automatic safe dialers out there though you know there is something called a mas Hamilton soft drill it's basically just a robot that will either brute force the safe or use an amazing series of accelerometers to try to do safe manipulation to see that in action it's un-freakin'-believable if you're really completely worried about your stuff and you're safe well you can always get an electronic dial the the Kaba you know Kaaba Mosque Hamilton makes this electronic x-series safe dials anyone admit to working in a building with one of these in it okay they're sweet aren't they they're amazing the little LED display its first a completely self charging but a Zener diode that spins up you know it charges it when you're running it when you're operating it the little display for example will will have different speeds at which it'll go through the numbers so you'd be like 15 16 17 18 and maybe the next pass it'll be like 50 so it's going faster or slower just randomly if you stop at one number and turn to another number it'll jump somewhere on the dial and start proceeding maybe up or down from a different direction somewhere else so no one can kind of shoulder surf you the the logic that's gone into this design is just really really nice if the dial turns more than one and a half times without stopping it shuts down well why is that well because your arm can't do that without letting go and it knows it's a robot dialogue shots down for a few minutes it's it's that type of thinking that's gone into this mechanism and it's the reason the government continues to use them it's a great safe and costs but I know what some of you are thinking you're like what about destructive entry I could spend all this money on locks but like me and my neighbors we don't want to put crazy locks on our houses because we have windows in my office building has windows on it too and you know the doorframe is only so solid someone could crash a truck through it well yeah they could do that you can have destructive attacks coming at you but the thing is if this guy comes around to try to get into your company you're gonna know this guy was there destructive attacks leave behind very clear evidence even finesse from you know ones with a bolt cutter or even a drill attack if a locksmith is using a drill jig they're immediately obvious you come in on Monday and you're like oh crap someone's been here let's execute our policies let's put our plan in place let's do what we do you know you drill a safe sure this is this is from a safe opening weekend that our friends in Europe host about once a year asked me about that too it's a pretty funny story but of course you know you know it happened that's what you actually want to have happen you want to have the person smash their way in if they really just want to get in if you come in on Monday and it's been a non destructive attack well do you know that that happened if your front door looks fine if your home office if you come into your main office after a vacation and all its this is how I left it before if safe is in the same place doesn't have any big holes in it do you know no one's been in the safe do you not know well depending on the grade of lock you're using you can't just know for sure unless it's a proper lock you know different locks will give you that type of peace of mind that sort of unpickable lock that I mentioned like at the protec I have Pro Tech's on all of my firearms especially when I travel now there's small protex they're available in different sizes I've little ones and someone said man well you know what if someone cut the lock off and I said well actually it's a boron reinforced shackle that's probably not gonna happen but I'll grant you something I have an angle grinder someone could cut it off but there's no way they can reassemble the lock if they've done that there's nothing they can ever do to get in without me knowing immediately when I go to get my luggage and similarly the other side of that coin when I go to get my luggage and the lock is still on there I hands down no absolutely in my heart of hearts that no one's been in there it's just that peace of mind factor that you can go for basic locks once again let's go through the four categories and how do i define them and where you use some basic locks they have no protection there are a lot of the ones that you buy in a store they have no resistance of those dummy attacks shimming bumping anyone can get in resistant locks in my opinion should not be able to be attacked by the complete no brainer attacks they shouldn't be Chimel they shouldn't be bumpa Balat someone could get in with enough dedication if I if I had some training you're gonna just try it you'll probably get in in relatively short order not instantly but a relatively short order the real level up that I want you to think is the high security lock something that Nate that needs an attacker with different training different techniques entirely something that goes beyond hardening and existing design and saying let's actually reinvent the wheel here with a better design and of course the fourth category of complete badassery the unpickable there's only a handful of them out there and they have their they have their place you know if you're really really doing sensitive work were you gonna get them obviously the cheap locks are the ones you find everywhere you can get some of those pick resistant locks at your local your local shop if you know what to look for and if you can talk to someone who has the right answers or if it's on the packaging high-security lock you're not gonna find it in local sure local store you need a specialized shop you're dealing with a locksmith at that point and many of those if you really want to get into those crazy high security ones you're either finding an incredibly specialized locksmith or you're just ordering them online because a lot of locksmiths simply can't carry that amount of inventory of such a specialized item do all these locks have a purpose and you in a way they do you can use a basic lock if you're locking up your garden shed you just don't want the neighbor kid taking your hose to make a beer bong or something or taking your ladder to steal your bird feed because whatever I don't know what your neighbor kids do but you know yeah that's fine you can have that law if you're protecting $10 worth of stuff don't use the hundred dollar lock that's kind of dumb the big secret in the security world that we should all just admit to ourselves is your house nobody wants what's in your house nobody wants to if they want to get in there they're trying to steal your whiskey and cigarettes or maybe your TV a pick resistant lock is fine for your house unless you have a home office doing something very sensitive because again someone's gonna break a window if it's a residential attack don't worry about your your home worry about your company worry about your storage areas proper you know high security locks that's what we're talking about in business that's what you're talking about in a facility that you might not be back at very often you want to make sure it's fine in your absence and you know you're super sensitive stuff your servers maybe your guns who knows if you just need to know that no one was in there that's the territory of that super unpickable version are you protecting against force or finesse I kind of touched on that earlier if someone's just trying to kick their way in be mindful of that are they just you know gonna break the door down well then maybe you should reinforce the door in addition are they just going to you know I'm gonna get my way and really tightly then you really need a finesse a you know a proper high security lock it's two different sides of that problem so what is my notion of a proper physical security framework what would I love to see an idealized world what would companies be held to as a standard well you would think of all your facility in terms of three areas every door and every access panel would be one of three things external access internal access or sensitive access external means people without badges and without any credentials could probably bump into it you're usually talking about your front door maybe some outside doors if you have access panels and wiring panels internal that means somebody you would hope went through some process to get where they are standing to see this lock somebody hopefully badged in or was signed in or belongs there in the company in Tsavo that's an internal thing for my purposes and sensitive panels and doors that's something in my opinion that's termination worthy if someone is in there and shouldn't be are they terminated if someone else gets in there who shouldn't should the guy who put it in get terminated like set you to your server room your records room that kind of deal your executive washroom right right off the bat basic locks do not belong in a building and this would be honestly the hardest part if my sort of framework could be rolled into play because you're having plant ops go around everyone's desk and like take away four locks out of drawers they do not belong in the building because they encourage horrible habits that the user who writes his password it's like I'm slick man I saw that black hats talk I didn't put this under my keyboard I'll put my post-it note in my drawer woohoo you know great so you have this furniture that you got from WB Mason that has the same key I'm probably half the desks and even if it didn't it's a way for lock on every desk that just encourages dumb behavior they don't belong every door that you have external to the company I would like to see high security equipment on those sorts of doors it's basically it's not only good be just to resist every bozo coming along is it'll resist a lot of you know tampering it'll resist a lot of you know vandalism it's just proper for your external doors your internal office doors particularly all your drones who really just kind of get in the way and suck we're overhead it's fine they're their office door yeah I don't like the corporate environment you can tell sometimes you know pick resistant locks are fine someone's not trying to you know really just get into oh I got to get into Alice's office cuz I'm gonna feed her goldfish and he'll get it twice rogue rebel no I mean no one no one is really going into all these sort of doors a pick resistant lock is fine not a basic lock put a couple security pins in there make it bump proof do it a little right and of course those termination worthy sensitive areas my ideal world if I could roll a framework out I would say unpickable in quotes you know category four lock should be used but again this is just my ideal per take all this knowledge and do what's best for you that's that's really my my overall schpeel though is that it should be in any lock you use you should never have somebody using complete zero skill attacks it should leave behind signs of tampering someone should have to force their way in if they're gonna get in that's a good thing of course this is all only as effective as your people if you're not trained I mean this is what a plenty of other talks you've gone to a many conferences including source before you've heard about are you protecting yourself against is this really the FedEx guy well I don't know it kind of looks like him but his trucks not there Johnny long a friend of ours use this badge for years and years on his red teaming how long has it been since eighteen T is serviced stuff in the field but he you know I'm here or I gotta have service your phones okay sir here is our most sensitive wiring closet go nuts so of course train your people what does this have to do with training your people about social engineering this is a story let me double check we're about quarter after we got a few more minutes yeah this is a story from some of my friends in the Beltway they decided to do a test of their own facility they were authorized to but in the framework of what they did they said alright let's assume we were like fired and we came back the next day to screw around and they this is the entire thing they were armed with was a BK tender-crisp and a sprite because they said all right how we gonna do well just we'll just roll with it so tune in Rob go in and they say hey you know Gerard the security guard how you doing today man and they know the guys they know everyone knows the security guard at the desk right hey what do you guys do today are you supposed to be here no no it's our day off oh yeah I figured it was you know cuz you're not even dressed for work they had no badges or anything I said oh yeah man you know we're just we're gonna meet you know Kate for whatever for lunch but he's not around yeah I don't know if she's here either at first they said we're delivering this you know to Kate they said oh I don't think she's here oh man well you I mean did they ever give you lunch man come on and they just started bantering with him you know you work so hard do you want a BK tender-crisp I think I was so happy to get a free lunch that just on cue they Uncle Mike guy goes hey wait man didn't we've got it where we gonna pick up your laptop today oh yeah I left that well where'd you leave while I was running Network captures I think it's in the server room security guard badges them into the whole facility took them into the server room let them take equipment which was I think officially part of their purview of that test but they just kind of grabbed a laptop they saw sitting there just so they could like say they did it and like let them out again all because he knew them because they were friendly and cuz he got free meal out of it that's insane but that happens all the time at all of our companies you know training your people to stop someone and actually say wait a minute who are you what are you doing here really getting that in their head and then verifying their story actually following it up with some level of authentication that's important I've seen companies with a sign like this internally and at first I was like man that must really encourage a culture of like angriness when you're just yelling at your coat but all the company execs I've talked to they said since we did this it's been great people actually feel like they're taking responsibility for the company seriously part of the reason is they followed it up not with punishment but with reward the reason you beat this with this you say there's gonna be in the next six months someone in here doesn't belong in here whoever finds the person you don't like you know tackle them and it's just like authenticate them if you figure out who it is you win a dinner at Ruth's Chris are you in a bottle of 12-year Jameson or whatever little dumb reward like this is what a $75 reward for potentially you just hired half your staff as additional security by doing that think about that think about all of that completely separate from this but something I love to pitch because most people don't know about it there is a whole field of forensic locksmithing keys inside of locks will touch the pins in a very predictable way they will wear down the components of a lock in a very predictable way you can take a lock that's been in the field tell approximately how long has been in the field well you can't you could pay me to but um you know we could tell you how long your locks have been in service we can tell you if something has been in the lock that is not a key it is absolutely possible to identify certain scratches certain marks that are not wear and tear this is admissible evidence in court in certain instances saying oh this lock was clearly picked this lock was raped we can tell you what techniques were you if you have a break-in and it's a surreptitious break-in of some kind you will be surprised maybe how your insurance company reacts to that news when they say oh we'll send someone right out show us the door like where was is it off the hinges well no all right well I think did they come in like a window no what did they come in a roof is it missing temple show us the rope hanging down your air vent and like no dude like someone picked in companies will sometimes say insurance companies will be like well this is no we're not paying this you had bad key control you had bad management of you had a rogue employee actually being able to verify that no someone with no skill you know stood there rip this lock up or even someone with really good skill is gonna leave a couple of marks marks that are documental marks that you can testify about in court all because tools will touch pieces of the lock where they shouldn't normally be able to be touched it's really it's a field that I found amazing when I first got into it and now I in a fellow named datagram out on the west coast I've done a lot of really cool research in it he's the guy people turn to out there we're here on the East Coast if you ever have weird questions it's a it's a real real eye-opener when you think of even bumping a show if used to think I'll bumping is like a key it's gonna just touch what a key touch is right that's like a forensic problem no bumping pounds the crap out of locks bumping will jam all over the place in a lock and there's marks like that as well you shine the right light on something you really zoom in you'll see awful dents these are all pieces of evidence that you can submit and many times when my friends especially in Europe have had testimony that's turned over on discovery like just cases just get dropped like oh okay nevermind yeah you guys had someone actually picking there we didn't think that actually happened outside of like James Bond films okay here's your check please potentially really a lot of economic impact and if you understand this that's so that's why I wanted to throw that in it's something that most people don't even know is a field but knowing that this information and evidence is out there could potentially save you a lot of money so I pop that little bit of knowledge in your noggins other than that which locks are which which locks are you know different categories there's a million of them as I say there are plenty types and manufacturers out there these are just a small list of my favorite ask me later which ones are which I can talk to you forever I will bore you talking about locks before you know we run out of booze at the bar but just is this some of this making sense is it is it kind of clear I'm not putting you to sleep at the last talk of the day you're real quiet crowd I'm not used to the to the non black t-shirt crowd I hope everyone there should be beers out there I should hear bubbles but lowing and things okay yeah thank you thank you for listening I want to let you have some questions yes sir mm-hmm Gaston has what if you're using non steeled metal or just softer material to pick many times one of two things will happen either a the picking is completely frustrated like the pit tool just bends or at a micro microscopic level like you're using borescopes to detect this you'll get material transfer you'll get material in the lock little fibrous material that does not belong at all and you can at least document that yes sir an attempt versus existed that very good question not usually the question is can you tell just from the forensic side whether something was successful there would probably be ways like let's say a bypass if someone uses a shimming attack or something like a real no brain attack that will either just always succeed I'll be like alright someone knew what this thing was clearly they stuck it in the right place I imagine they must have gotten in or if marks let's say again on the shimming attack if marks are far enough down inside the shackle retention latch I'll be like well if this person didn't get in then it's like they opened the lock and walked away because clearly the tool was in the right place most of the time no you can't tell and you're relying on something like oh we've got crap missing this stuff was here and now it's not here on Monday and this is in the lock I imagine those aren't two separate events but that's that's the answer there hopefully yes sir are I think the one lock you sort of mentioned was would you say the self-powering safe dial was the one question you had that is definitely in the category of locks that have no known attack whatsoever and at that point you're like even if the best person fully legit with you know no one's gonna stop them and they're called out to your facility they're going to disassemble the lock they're gonna rip like the door out so yeah is that is nothing as you know fully unpickable like marketing style but there are some things like unpickable like in quotes yes that's a fascinating question because you don't think about it that often the gentleman says can something be too secure can you either be so secure that you're locked out or a really neat question you said is what about extra keys some companies it's really hard to get duplicate keys so if you need them you probably have them already for new hires what do you do with them I would put all those kind of you know keys like I have a lot of my keys or in one of my gun safes actually which is behind an alloy or in a safe locked with you know ammas Hamilton the idea of what if you get locked out in my opinion you should have already like that should be in your business plan the idea of like what if my company burns down and I'm down for like two hours do I have a satellite office what if I am just locked out locked out it should be can we have at least one skeleton crew inside to let us in and if not can we afford to have a locksmith do you have a locksmith on-call like it's like having a lawyer on-call because again destructive entry your servers will keep running fine with a big hole in the drywall like if a drive dies in a raid array and you're like oh crap that dudes in Aruba we can't get in kick the wall down you're supposed to be there no one's gonna arrest you so there was one in there and then you sir what kind of legal grief do we get from publishing fortunately not as much as some software guys do the DMCA I imagine could be used to apply to like a crazy crypto 2 algorithm in a lock but I've never seen it really applied to like research discussion I no locks lock companies a lot of times don't like the sport picking community sometimes you know they'll just outright slander people in the press like Ingersoll Rand owned Schlage we like a lot of Schlage products it's very painful to see how they could uh Turley just trash the picking world in in the popular press in Europe it's not like that in Europe you have companies actually coming to the picking community and say hey we made this what do you think one lock that I didn't put in the unpickable category but probably belongs there and I should take some photos of it it's called the rks lock by Stanton concepts it was a lock designed open source from the ground up he came to the hobbyist community he came to the hacker world he's like I got this idea what do you think and he's been at tool meetings and stuff for years and it's a it's as to do with container shipping shipping container security it's great but has there ever been a really bad lawsuit not from a manufacturer usually sometimes they will say no no no you completely misrepresented us and they'll try to sue that way but not like you're giving away trade secrets because dude it's hunks of metal like I didn't you know I'm didn't reverse engineer your code I just I put a like a dremel tool and I cut the lock in half and I took photos of it that kind of thing there was I know there was a question here yes mm-hmm it's an excellent point you should definitely ask me in a bar for a full story but what you're he's he's saying what about for procedures like fire access there are municipal codes in fact in many instances that require you know the fire company to get in you know in on the date back in the day they used to just have like an axe and then they would have what because they were didn't want to get sued if there was a false alarm they would and there were more and more false alarms with everything wired up together it's not just smoke coming out of a window it's like oh the ADT panel is blinking we got to get out there so then they would have big key rings for all their client like there was a town key ring and that you did not want that laying around to the firehouse which is hosting like my super sweet 16 on the weekend it just I wouldn't want my key ring there would you so what they use now is something called a Knox box it's a real interesting piece of technology it is capable of really neat security the idea is it's a high secure lock on a like embedded in the concrete box with your key behind it so the at your facility so the fire company has it has a Knox key which is usually universal throughout the whole state they don't like you to know that it's there's there's the the one medico key for every 50 states that's being changed slightly and then eventually they started to say well this is sure isn't secure so they had the keys were restricted which doesn't mean a whole lot sometimes and in the cab of the fire truck it's actually a unit called a key secure which on the nice version it takes DTMF tones over the network to authorize the removal of the key but the biggest thing you can do if you're interested in that kind of feel is ask if you're Knox box is wired into anything many modern Knox boxes actually have us a trip sensor a reed switch and you can have it as part of your system you can log that event you could have it set off alarms if the alarms already going off I mean fine but if someone plays with a Knox box and get it open because they have the fire key I mean you should set the alarm off most of those are not hooked up because think about when those get put in like you're pouring concrete you haven't even hired your electric guy yet probably but if you have a facility that's putting a Knox box in think about that too we are really tight on time is there one last quick question all right you sir and then we're all gonna go to the startup and then we're all gonna go the bar yes sir the newer electronic locks in which category that's a way bigger question then I would have time for here but we'll each buy each other a drink and we'll talk about on the bar sound good all right all right yeah it's a two-drink minimum for that quiz I approve with that you sir get one of my first drinks all right thank you so much guys thank you [Applause]

Info

Channel: Big Brain Security

Views: 44,493

Rating: 4.8705702 out of 5

Keywords: source conference, Deviant Ollam, appsec, infosec, network security

Id: vxXryID5F7M

Channel Id: undefined

Length: 54min 52sec (3292 seconds)

Published: Mon Sep 04 2017

Reddit Comments