Wire pops lock certified for US defense facilities

Aug 07, 2011

Hackers at a DefCon gathering were shown how a high-security lock certified for use in sensitive US government facilities can be easily opened with just a piece of wire.

Security specialist Marc Weber Tobias had plans to meet in Switzerland with lock-maker Kaba to discuss ways that the Swiss company's Access Control E-Plex 5800 model and its predecessor can be foiled.

"It is a threat to the government," Tobias told AFP after his presentation at DefCon, which wraps up in Las Vegas on Sunday.

"I am serious about it because I don't know where they have been installed," he continued. "They could be at the Pentagon."

The Kaba 5800 was described as the first lock certified as meeting new US requirements for coded access that keeps track of which contractors or federal workers open which doors.

The lock is designed to be opened by swiping a key card and then entering a long number code.

Tobias and cohort Toby Bluzmanis showed how a Kaba 5800 could be opened by poking a piece of wire through the casing of a small LED light on the lock face and short-circuiting underlying electronics.

Red and green LED lights on the lock are part of a feature that lets a receptionist open a door remotely with a push of a button.

The lock could also be opened with the thump of a mallet or by removing an inside plate and inserting a wire in a way that lets someone, from that point forward, open the door by pushing a handle up instead of down, according to the duo.

"We figured out nine different ways to break 5800," Tobias said.

"You are not going to get away with some of these techniques at the Pentagon; you would have a nine-millimeter pistol pointed at you."

Tobias and his team began to scrutinize the lock after learning that several years ago members of the Jewish community figured out that an earlier Kaba keypad access model could be opened using a magnet.

Keypad locks had found a niche in the Jewish community because the religion prohibits using keys on the Sabbath, according to Tobias.

"A Jewish geek squad was helping elderly people open their doors when they couldn't remember key codes," Tobias said. "They figured out you could open the locks with a magnet."

The Kaba 5800 model is priced at more than a thousand dollars and the company was said to have sold fewer than 2000 units, with the new DHS standard not being in place until next year.

"Kaba is a good company," Tobias said. "This is a problem endemic in the lock industry, they think like engineers not hackers."

Explore further: Voice, image give clues in hunt for Foley's killer

add to favorites email to friend print save as pdf

Related Stories

Hackers crack high-tech locks

Aug 01, 2010

Security maverick Marc Tobias showed hackers on Saturday how simple it is to defeat some of the world's top high-tech locks.

The first molecular keypad lock

Jan 08, 2007

How can defense or intelligence agencies safeguard the security of top-secret data protected by a computation device the size of a single molecule?

A chemical 'keypad lock' for biomolecular computers

Mar 24, 2008

Researchers in New York are reporting an advance toward a new generation of ultra-powerful computers built from DNA and enzymes, rather than transistors, silicon chips, and plastic. Their report on development of a key component ...

Chemical 'Keypad Lock' for Biomolecular Computers

Mar 19, 2008

Chemists are reporting development of a "keypad lock" for accessing data from biomolecular computers, which promise to be powerful tools in many fields, including medicine and personal security.

Internet warriors hone skills at Black Hat - DefCon

Jul 26, 2010

Internet warriors are gathering this week to explore chinks in the armors of computers, bank teller machines, mobile phones, power grids, and other "smart" devices intrinsic to modern life.

Hackers school next generation at DEFCON Kids

Jun 26, 2011

DEFCON hackers will share their skills with the next generation at a first-ever children's version of the infamous gathering of software renegades, lock pickers and social engineers.

Recommended for you

Voice, image give clues in hunt for Foley's killer

Aug 21, 2014

Police and intelligence services are using image analysis and voice-recognition software, studying social media postings and seeking human tips as they scramble to identify the militant recorded on a video ...

Smartphone-loss anxiety disorder

Aug 21, 2014

The smart phone has changed our behavior, sometimes for the better as we are now able to connect and engage with many more people than ever before, sometimes for the worse in that we may have become over-reliant on the connectivity ...

Why conspiracy theorists won't give up on MH17 and MH370

Aug 20, 2014

A huge criminal investigation is underway in the Netherlands, following the downing of flight MH17. Ten Dutch prosecutors and 200 policemen are involved in collecting evidence to present at the International Criminal Court in the Hague. The inv ...

Here's how you find out who shot down MH17

Aug 20, 2014

More than a month has passed since Malaysia Airlines flight MH17 crashed with the loss of all 298 lives on board. But despite the disturbances at the crash site near the small town of Grabovo, near Donetsk ...

Assange talks of leaving embassy, sowing confusion

Aug 18, 2014

WikiLeaks founder Julian Assange sowed confusion Monday with an announcement that appeared to indicate he was leaving his embassy bolt hole, but his spokesman later clarified that that would not happen unless ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

Isaacsname
not rated yet Aug 08, 2011
Yup, don't forget social manipulation. I convinced a tech for Diebold to tell me things he shouldn't have, ....years ago.( for legitimate purposes ) Most locks are easily defeated,...jus' sayin'.....
scidog
not rated yet Aug 08, 2011
a lock of course is just to protect people on the outside,pop that lock to sneak in will get you a good beating by the MP's or whatever.
david_42
not rated yet Aug 08, 2011
When I was in the Navy, we have mechanical cipher locks. The security officer took great joy in changing the codes, then keying the new code and saying, "Got that?". The keypad had a shield over it so you couldn't see what keys he was punching, but I almost always "got the code" just by watching the tendons flex in the back of his hand. Nothing is perfect.