Presented at DEF CON 16 (2008)
Aug. 8, 2008, 1 p.m.
Many high security lock manufacturers claim that their cylinders are impervious to covert methods of entry including picking, bumping, and decoding and that they offer high levels of key control, effectively preventing the illegal or unauthorized duplication of their keys. New and unique methods to compromise one of the most secure locks in America by forced, covert, and surreptitious entry were developed during an eighteen month research project that has resulted in the filing of multiple patents and the ability to pick, bump, and mechanically bypass Medeco cylinders, sometimes in seconds. In this presentation we offer a detailed analysis of how the Medeco lock was compromised by a methodical analysis of its physical characteristics and their code database.
Medeco is the dominant leader in the North American high security lock sector. They protect venues that include the White House, Pentagon, and Royal Family residence in London. They are relied upon throughout the world for their security and invulnerability to attacks. As a result of disclosures by the presenters at DEFCON 15, they were forced to urgently upgrade their deadbolt locks. The new techniques of bypass that will be disclosed in this presentation will be equally significant, if not even more concerning because of their widespread security implications.
Marc Weber Tobias
- Investigative Attorney and Security Specialist - Security.org
Marc Weber Tobias Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. As part of his practice, he represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. He has authored six police textbooks, including Locks, Safes, and Security, which is recognized as the primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A fourteen-volume multimedia edition of his book is also available online. His website is security.org.
As a former prosecutor and Chief of the Organized Crime Unit for the Office of Attorney General, state of South Dakota, Marc supervised many major investigations and prosecutions. He continues to work investigations for government and private clients, mainly involving technical fraud issues.
Marc is a member of a number of professional security organizations, including the American Society of Industrial Security (ASIS), Association of Firearms and Tool Marks Examiners (AFTE), American Polygraph Association (APA) and American Association of Police Polygraphists (AAPP).
Marc has lectured extensively in the United States and Europe on physical security and certain aspects of criminal investigations and interrogation technique. He holds several patents involving the bypass of locks and security systems. Marc contributes a column to engadget.com and has been featured in many publications as well as radio and television stories around the world.
Marc will be releasing his new book, entitled OPEN IN THIRTY SECONDS: Cracking one of the most secure locks in America, at Defcon 16. This 350 page work details an eighteen month research project which culminated in the ability to bypass all layers of security of Medeco cylinders, perhaps the most respected high security lock in the United States.
- Security Specialist - Security.org
Matt Fiddler As a security researcher Matt Fiddler's analysis of lock bypass techniques have resulted in many public and private disclosures of critical lock design flaws. Mr. Fiddler began his career as an Intelligence Analyst with the United States Marine Corps. Since joining the commercial sector in 1992, he has spent the last 16 years enhancing his extensive expertise in the area of Unix and Network Engineering, Security Consulting, Computer Forensics, and Intrusion Analysis.