Insecurity Engineering of Physical Security Systems: Locks, Lies, and Videotape

Presented at DEF CON 18 (2010), July 31, 2010, noon (50 minutes)

Many lock manufacturers do not understand the relationship and intersection between "mechanical engineering" and "security engineering" in their products. Typically, design engineers are fairly adept at making things work properly, but often fail to contemplate, conceive of, or identify potential or actual "real world" vulnerabilities in the locks and related hardware that they manufacture. This failure can lead to serious breaches in security, often from relatively trivial attacks by unauthorized individuals, rogue employees, and criminals. It can also result in significant liability upon the part facilities that employ specific security technology, and a failure to comply with regulatory requirements. Issues stemming from insecurity engineering are compounded by intended or unknowing misrepresentations by lock manufacturers about the security of their products. These statements by manufacturers are often relied upon by consumers, commercial enterprises, and the government sector in the decision-making process involving the purchase of security hardware. Ultimately, security relates to both the protection of people and assets, and to liability. Thus, it is imperative that security professionals understand the interrelationship between standards, hardware design, and real-world threats. Marc Tobias, Tobias Bluzmanis, and Matt Fiddler have significant experience and track record in analyzing, discovering, and exposing real-world threats in security hardware. In this presentation, they will address these issues.

Presenters:

• Marc Weber Tobias - Investigative Attorney and Director, Security Labs
  Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He is the principal attorney for Investigative Law Offices, P.C. and as part of his practice represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. Marc and his associates also conduct technical fraud investigations and deal with related legal issues. Marc has authored five police textbooks, including Locks, Safes, and Security, which is recognized as a primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book (LSS+) is also available online. Marc has written extensively about the security vulnerabilities of products and has appeared in numerous television and radio interviews and news reports as well as magazine articles during the past thirty years. He is a member of several professional organizations including the American Bar Association (ABA, American Society for Industrial Security (ASIS), Associated Locksmiths of America (ALOA), Association of Firearms and Tool mark Examiners (AFTE), American Polygraph Association (APA) and the American Police Polygraph Association (APPA)
• Matt Fiddler - Director, Security Labs
  Matt Fiddler is a registered locksmith and CISSP. Currently he is the Director of International Information Protection for a large financial services organization. Mr. Fiddler's research into lock bypass techniques have resulted in many public and private disclosures of critical lock design flaws. Mr. Fiddler began his career as an Intelligence Analyst with the United States Marine Corps. Since joining the commercial sector in 1992, he has spent the last 18 years enhancing his extensive expertise in the area of Unix and Network Engineering, Security Consulting, Computer Forensics and Intrusion Analysis.
• Tobias Bluzmanis - Director, Security Labs
  Tobias Bluzmanis was born in Caracas, Venezuela. Tobias came to the United States in 1995 and was granted citizenship in 2000. He has been a professional locksmith for the past 20 years. Tobias is an expert in Covert Methods of Entry and has developed many unique forms of bypass, custom tools, including a decoder for Medeco locks, which was the impetus for the book "Open in Thirty Seconds".

Links:

• https://defcon.org/html/defcon-18/dc-18-speakers.html#Tobias
• https://infocon.org/cons/DEF CON/DEF CON 18/DEF CON 18 video and slides/DEF CON 18 - Tobias Bluzmanis and Fiddler - Locks Lies and Video and Slidestape - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=nW7nJfQic-s

Tags:

• Locksport

Similar Presentations:

• DEF CON 16 (2008) / Open in 30 Seconds: Cracking One of the Most Secure Locks in America
• DEF CON 21 (2013) / Insecurity - A Failure of Imagination
• DEF CON 19 (2011) / Insecurity: An Analysis Of Current Commercial And Government Security Lock Designs