High Insecurity: Locks, Lies, and Liability

Presented at DEF CON 15 (2007), Aug. 5, 2007, 2 p.m. (110 minutes)

There is a lot of hype by lock manufacturers, especially those that sell "High Security" cylinders. Terms like "pick proof" and "bump proof" often accompany UL and ANSI rated locks and cylinders. If your intent is to protect your home then you can be assured that a lock carrying a UL 437 or ANSI rating is quite sufficient. The rules drastically change however if you are going to rely upon locks to protect high value targets such as cash, sensitive information, munitions, or critical infrastructure components. It is then that you might want to do a bit more research into what really constitutes a high security lock and how they can be compromised in the real world. In this presentation we will dissect and analyze these high security standards. Covert methods of picking, bumping, and certain other bypass techniques will also be presented and demonstrated allowing even the highest rated cylinders to be compromised in well under ten minutes.


  • Marc Weber Tobias - Investigative Attorney and Security Specialist - Security.org
    Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. He has authored five police textbooks, including Locks, Safes, and Security, which is recognized as the primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. Marc is a member of a number of professional security organizations, including the American Society of Industrial Security (ASIS), Association of Firearms and Tool Marks Examiners
  • Matt Fiddler - Security Specialist - Security.org
    Matt Fiddler leads a Threat Management Team for a Fortune 100 Organization. Mr. Fiddler's research into lock bypass techniques have resulted in many public and private disclosures of critical lock design flaws. Mr. Fiddler began his career as an Intelligence Analyst with the United States Marine Corps. Since joining the commercial sector in 1992, he has spent the last 15 years enhancing his extensive expertise in the area of Unix and Network Engineering, Security Consulting, Computer Forensics, and Intrusion Analysis. Currently Mr. Fiddler is the Connecticut Chapter President and active Board Member of Locksport International.



Similar Presentations: