lock bypass without lockpicks (see notes for story)
Post on 27-May-2015
4.331 Views
Preview:
DESCRIPTION
TRANSCRIPT
Lock Bypass without Lockpicks
Waldo set out to expose the GILATT corporationFor its evil deeds and lies about its products
Its phony medicine and stiff-arm legal tactics to silence oppositionAnd ended up with more than he bargained for
In a thrilling tale of...
Daniel Crowley
Before the story begins...
A quick introduction of myself
A quick introduction of the topic
A quick introduction to our character
A not-so-quick introduction to the techniques
Myself
Security nerd and self-imagined artist
Works for Core Security
Contact me!
dcrowley@coresecurity.com
@dan_crowley
Boring
You came here for the pwnageNot me
Lock Bypass without Lockpicks
Security features mostly focus on picking
New tumblers don't break old attacks
Lock manufacturers determine lock quality
Lock consumers determine lock usage
No need to carry lockpicks
Illegal to own/carry in some states w/out license
Quickly learned and quickly performed
Our character Waldo
A tribute to another Waldo
Hard-to-find guy
Likes red-and-white stripes
One resourceful mofo
Physical security NINJA
The Techniques
How do you do the voodoo that Waldo will do?
Abusing ineffective lock usage
Lock not locked
Useless lock placement
Lock affixed to movable part
Lock affixed to removable part
Weak container or mounting hardware
Destroy
Disassemble
Manipulate
Problem #1: Weak mounting hardwareYou don’t need to pick or break the lock, only unscrew the bracket from the door. This is an example of issues involving disassembly.
Problem #2: Lock not lockedThis is a somewhat harder to detect version of the “lock not locked” problem, though fairly easy to spot anyway. You couldn’t ride this motorcycle away, unless it was in the bed of a pickup truck.
Problem #3: Weak mountingAwesome, so you’ve locked your bike to a solid post you can’t slide the lock off of. Only problem is that this wheel comes off without even needing tools. Bye-bye bicicleta.
Problem #4: Lock attached to removable partThis wheel is properly secured from thieves. Too bad the rest of the bike wasn’t.
Problem #5: Utter failureWhere do I even begin?
Shimming attacks
Slide an object into lock to change its operation
Frequently a thin sheet of metal
Frequently targeting the hasp
Can be done with many types of locks
Padlocks
Handcuffs
Door-mounted locks
Padlock shimmingGo see the TOOOL guys and try this one for yourself!
Shimming a door-mounted lockAKA “The credit card trick”
Passage locks
Request-to-exit motion sensor
Trigger motion sensor from outside
Chain locks
Manipulate chain through door crack
Pop-button locks
Not meant for anything but privacy
Fail-safe is easily triggered
Alternate point of entry
RoofGaining roof access may be difficult/dangerous
Window2nd story or higher likely unlocked
Fire escapeMay have unlocked entry points due to fire code
Raised floors/drop tile ceilingsGo over or under
DO WANT
(USD$24.95 on http://www.southord.com)
Credential theft/copy
Magnetic stripesMagstripe reader
RFID chipsCan be read from far away
Vendor statistics assume a standard antenna
Pin tumbler keysMalleable material (clay, play-doh, gum)Take photos and decode visually
Escape from the chair
Ineffective lock placement
Lock affixed to chain
Chain not affixed to chair
Escape from the maintenance room
Ineffective lock usage
Exposed screws on cabinet
Door frame manipulation
Shimming
Doorknob hasp shimming
Passage locks
Chain lock
Gaining entry to the server room
• Alternate entry point
• Raised floor
• Passage locks
• Request-to-exit motion sensor
Escaping GILATT HQ
• Credential theft
• Backup key in obvious location as fail-safe
FIN
Questions?
Comments?
Suggestions?
Hate mail?
Trolling attempts?
daniel.crowley@coresecurity.com
top related