A detailed article in Wired Magazine was published in July 2009 regarding the research project by Marc Tobias and Tobias Bluzmanis analyzing the security of Medeco High-Security locks. The eighteen-month project resulted in the filing of four patents and the publication of a book, “Open in Thirty Seconds.” See “Patents” on this site for copies of the Medeco patents that have been issued.
Watch the video with Charles Graeber author of the Wired Article. This was shot at Wired corporate offices in February, 2009.
3D-printed keys can be generated from a computer program for thousands of keyways, including high-security locks and safes. Alexander Triffault in France has spent several years developing such a program and providing it to French police agencies. AT Security is one of the leading suppliers of specialized software for law enforcement agencies.
Watch the accompanying video that I shot in the Czech Republic during LockFest.
A company called CleverMade produces a product to protect against the theft of packages from a secure container that can be opened by delivery people from UPS, USPS, and FedEx. The CEO, in an article in Forbes, said the container was a good deterrent. That may be, but it is definitely not secure. Read the article in Forbes and watch the video segment that we produced.
In Europe, secure doors and glass meet higher standards than in the United States for forced entry. Doors can cost up to seven thousand dollars.
Watch Addi Wendt demonstrate attacks on glass, and describe the construction of doors. Addi was the president of the Lockmasters European Security Group and developed a global reputation for innovation in the design and manufacture and sale of covert and forced entry tools. He died in 2019, and his two sons, Sascha and Enrico are now running the company from Bergheim, German. They maintain a training and security center and serve locksmiths and government agencies worldwide.
Professor Ross Anderson is one of the leading experts in the world on computer network systems and their attack. He has written one of the best references on “what can go wrong” with system design in his classic book “Security Engineering.” The book is in its third edition and I highly recommend it to every software and hardware engineer.
Watch my interview with Ross Anderson at Cambridge.
Marty Cooper is a legend in the cellular communications industry. He was Director of Research and Development at Motorola and was responsible for developing cellular. He made the first cellular telephone call in the world, using the technology his team developed. While at Motorola, he wrote the foreword for my book entitled “Police Communications,” which was a treatise on law enforcement radio systems, published in 1974.
I met with him for an afternoon in San Diego to discuss cellular, and also the use of phones in aircraft, which our Federal Communications Commission has forbid.
Dade Lock and Key was one of the premiere Medeco dealers and lock shops in the Miami, Florida area. George was a Cuban refugee who turned his business into one of the most respected and successful security service facilities in southern Florida. George allowed us to use his shop to do our research for “Open in Thirty Seconds,” our book about how we compromised Medeco high security locks.
Watch my interview with George the day before he retired.
Lasershield alarm systems were heavily advertised a few yeas ago as an easy-to-install alarm system for apartments, dormitories, and residences. The systems is abased upon a totally wireless approach, operating at 433 MHz. We analysed this system and met with their design engineers and determined that the systems could be easily compromised with a handheld two way radio transmitting on the operating frequency for the alarm receiver.
Watch my demonstration. This should be a wake up call for other alarm systems, some of which can be easily defeated.
i interviewed Jim Christy in 2014 at the U.S. Cyber Crime conference, a major gathering of experts near Washington, D.C that was organized by Jim Christy. He is the most famous for his investigation in 1986 of the famous hacking case from Hanover, Germany that attacked computers in the United States and was the basis of the book Cuckoo’s Egg by Clifford Stoll.
Watch my interview with Jim at the Cyber Crime Conference.
At the same conference I interviewed Phil Zimmerman, developed of PGP encryption. Read my article on Forbes. Phil was threatened with prosecution by the Federal government for disclosing the ability to encrypt communications.
Wayne Barnes was in the FBI for 29 years, much of which in Foreign Counter Intelligence. His most famous case was an assignment to identify the spy in the Bureau in the late 1990s which led to the arrest and conviction of Robert Hanssen, who is now serving a life sentence. Wayne works as a private investigator in the Miami area and works assignments for law firms, corporations, and private individuals.
he is also responsible for the development of the Personal Security Interview (PSI) in 1986 which is now standard for individuals that require a security clearance for the U.S. Government. Watch his interview about the PSI and how it cam about, and the importance of conducting thorough background investigations.
Wayne is also famous in the Bureau for what is known as the “Pizza Call.” Watch the video about this humorous story that took place in San Diego at a psychiatric hospital that was raided for fraud by about twenty agents.
Wayne Barnes gave a presentation at the Miami FIBA (Florida International Bankers Association) meeting on background investigations and security. Watch the interview:
Communications on cruise ships are sophisticated and quite complex, including navigation, cellular telephone, and internet. Watch my tour of the top deck of the ms. Rotterdam and interview with the chief communications officer Marnik Rommelaere.
Cruise ships are incredibly complicated in order to remain secure at sea. I was allowed to spend a couple of hours on the Bridge with Captain De Boer, a seventeen-year veteran with Holland America Lines. Watch the description of the various safety, security, and navigation systems.
INMARSAT is the communications corporation that provides maritime communications via satellite on a global basis to all of the shipping industry and aircraft for communications and navigation. Their radio system allows constant communications and GPS location service throughout the world with fixed and handheld radios. Read my article on Forbes regarding satellite phones, and watch the interview I did in London at Inmarsat Operations Center.
Interview by Marc Weber Tobias and Bashar Al Zubaidi of FLIR Corporation, at InterSec security conference in Dubai on January 17, 2012. I spoke with him with regard to the heat sensing and infrared technology developed by FLIR in the United States. We discussed different applications for security, medicine, energy and other uses for FLIR devices. See my article on Forbes.
Japanese puzzle boxes were developed 150 years ago to store worker’s tools in boxes that had no locks and could not be opened without knowing the intricate sequence of sliding panels. We use them for teaching security concepts to both kids and engineers. Watch the video with Kenji and read my article in Forbes.
The Air Traffic Control Center (ATC) in Iceland controls all of the air traffic over the North Pole and from North America to Europe. Read my story in Forbes and watch my interview with Asgeir Palsson., the Director of ATC.
Grey market cameras may be less expensive, but you get what you pay for, and in the end, you may receive less value than you anticipated. I interviewed Henry Posner at B&H Photo Video in New York about these products and why consumers should be careful. Read the story on Forbes.
Marc Weber Tobias interview with Nick Nugent of HID Corporation in Woking, England, discussing the security of passports and other identification documents. HID is responsible for the electronic security within passports in more than forty countries.
Trigger locks for handguns provide a low level of security. Watch how this Remington lock, sold for about eight dollars at Dicks Sporting Goods, Amazon, and other stores, can be removed from a revolver without a key. This is model 18491 and in our view is not secure.
Bellock in Canada produces a trigger lock that in our view, is not secure and is worthless. This product is sold by Dick’s Sporting Goods, who appear to care less about the security of their customers and have repeatedly misrepresented the security of trigger locks, so they can continue to make a profit. Watch the demonstration regarding BellLocks.
A company in New York, Keyme, has invented and deployed more than a thousand key machines throughout the United States for consumers to duplicate many common keys, including car keys and RFID key fobs. Read my article in Forbes and watch the interview with the CEO of Keyme, Greg Marsh.
Security Laboratories is part of the European Lockmasters Group. It is a collection of experts in locks, safes, covert entry tools, and vehicle security systems. it was founded twenty-five years ago by Addi Wendt, a pioneer in the industry and provider of tools throughout the world.
The photograph shows the members at the European Locksmiths Group meeting in 2010.
The Prime Minister of Sweden, Olof Palme, was shot and killed outside the theater near his office in 1986 by a lone gunman. In 1996, Sigvard Cedegren gave a deathbed confession that he provided the gun that killed Palme to Christer Pettersson, the prime suspect in the killing.
Marc Tobias was flown to Stockholm in 1996 to conduct a polygraph examination of Cedegren to verify his story. Tobias determined, based upon the results of the examination, that the individual was telling the truth. A few weeks later, Tobias was interviewed on national television with regard to his results.
Watch the interview on the STRIX national television network. Part is in Swedish, and part in English (beginning at 3:05 into the recording).
The Magnetic Ring Attack on Electronic Locks – Schneier on Security is a round aluminum enclosure about four inches in diameter that contains several magnets in a concentric circle. When spun around some of the earlier designs of electronic cylinders, it would cause them to open. This was a significant security issue for lock manufacturers. Watch the video with Marc Tobias and Addi Wendt, President of the Lockmasters Security Group in Europe.[/vc_column_text][/vc_column][/vc_row]
Magnetic Ring with four magnets positioned with opposite poles
The photograph shows the Devils Ring, with metallic rings that are attracted to the internal magnets to show their position. There are four magnets within the ring.
Opening locks by bumping in five seconds or less: is it really a threat to physical security? Marc Weber Tobias gave a lecture at the University of Cambridge Computer Security Lab on the design issues that allowed pin tumbler locks to be opened in seconds. Security Seminar – 23 May 2006_ Marc Weber Tobias, Investigative Law Offices
The subject of lock bumping was introduced at Def Con in 2006 by Marc Tobias and Matt Fiddler. an eleven year old girl, Jenna Lynn demonstrated how to bump open popular locks at the Lock Picking Village and in the lecture by Tobias and Fiddler. watch the video.
The following year she demonstrated how to bump the Medeco high security locks with ARX high security pins. Watch the video. The demonstration was viewed by many experts and verified.
The book “Open in thirty seconds” by Marc Tobias and Tobias Bluzmanis fully explore the ability to bump and pick Medeco and other high security locks.
Security Labs, Marc Tobias and Tobias Bluzmanis conducted a detailed examination of the iLoq electronic cylinder produced in Finland. The company had several design errors that allowed us to open these locks in a variety of ways without any evidence of entry.
The design of the locks are very clever and are self-powered, They are extremely popular in the Finland market, and are expanding their reach into other areas of Europe. We produced an animation of each of the components to show how they work together. This video is used for teaching product design.
The death of Ryan Owens likely could have been prevented if Stack-On Corporation had designed their safe properly so it could not be jiggled open. In our opinion, they had no idea what they were doing and the consequences in using a solenoid design to keep their safes locked. Ed Owens, the father, filed a lawsuit against the sheriffs department in Vancouver, Washington and one that suit. The media reported on the death and the lawsuit. Watch the TV reports where Marc Tobias demonstrated how to open the suspect safe model from Stack-On. The safe was provided by the Sheriffs Office for testing.
Bill Sherlock was the head of the Forensic Section of the Illinois State Police in Chicago. He was one of the pioneers in the forensic analysis of locks and safes as part of criminal investigations. Watch the video that Bill made with Marc Tobias in Chicago. The material supplements that which is contained in LSS+ Multimedia Edition of Locks, Safes, and Security.
John Falle, in Jersey, Channel Islands, UK is one of the world experts in the design of covert entry tools. His company sells these tools and training courses to government agencies everywhere. His tools are also sold by Wendt in Germany, and MBA in the United States.
The Government Edition of Locks, Safes, and Security features many videos with John and Marc Tobias, detailing the design and use of his specialized picking, impressioning, and decoding tools.
The Easy Entrie milling machine was developed in Germany and is capable of replicating or simulating thousands of different key profiles. It is known as the “pink box” and is used by locksmiths and law enforcement agencies to generate blank keys. it will not cut the bitting but simply the profile. Another key machine is used to actually cut the bitting pattern. Marc Tobias and Mahmod Abu Shanab demonstrate how the machine works. There is additional documentation in LSS+ Multimedia edition of Locks, Safes, and Security.
Many safe manufacturers utilize solenoids to accomplish locking and prevention of the bolt works from moving. Typically a keypad or biometric authentication such as fingerprint is utilized to trigger the solenoid and retract the locking pin.
A solenoid is actually a coil with a ferrous pin in the center. When the coil is energized with a voltage, the pin will retract. The problem with using solenoids as the primary locking system is that they can be vibrated to the open position, often quite easily. This was the case with the Stack-On safe that was the subject of a Class Action lawsuit by Tobias and Drury in 2012, and also the subject of the Def Con lecture in 2012.
Security Laboratories was retained by Ed Owens, the father of the three-year-old victim, to determine why the safe could be opened by jiggling. We utilized a high speed camera to photograph the actual movement of the pin in the lock position.
This was also part of the problem with the Sentry fire safe that we analyzed in Vancouver, Washington. In that case, we were able to retract the magnetic pin from outside of the safe and allow it to open.
Disk locks are very popular for different security applications, including bike locks. Kryptonite faced serious legal and security issues in 2003 because the locks could be impressioned in seconds with a ball point pen. As a result, manufacturers moved away from pin tumbler locks in favor of disk locks, first invented by Abloy in 1907. Abloy is the largest lock manufacturer in Finland and produces high security cylinders that use rotating disks.
Some of the less expensive locks have poor tolerances and fewer disks. They can be impressioned rapidly with several techniques. Two of them are shown in the video. One is by John Falls with his foil impressioning system. The other is demonstrated by Marc Tobias. Watch the video.
The Dubai Police crime laboratory sponsored a forensic conference at their UAE headquarters forty hours of lectures by Marc Weber Tobias, Tobias Bluzmanis, Addi Wendt (Wendt Security Group), and Jose Luis (Vicuna Company). The presentation was made possible by Lt. Nasser Al Shamsi, head of the laboratory.
Investigators and crime lab scientists from seven countries attended. Basic lock design, forensic analysis, and covert entry tools and techniques were presented. Watch the five days of video for different lectures, including an analysis of master key systems.
Day 1 lectures: Forensics
Day 2 Lectures
Day 3 Lectures
Day 4 Lectures: Morning
Day 5 Lectures: Covert entry tools with Wendt Security, and Vicuna
Post office box locks are standard five pin tumbler cylinders that can be easily bumped open, even though they have a restricted and protected keyway. Unfortunately the keys and locks can be purchased on eBay because they are surplussed out at closed military bases. Marc Tobias conducted an in-depth analysis of locks by USPS and by UPS Mail Boxes. These locks are not secure and as demonstrated in the video, can be quickly opened by bumping with an easy-to-produce blank.
Watch the special report on KELO-TV Sioux Falls about security and post office boxes.
Todd Morris is the CEO of Brickhouse Security in New York. This is one of the primary suppliers of GPS tracking hardware and software, as well as surveillance technology including miniature cameras and audio recorders. They were featured in a Forbes story written by Marc Weber Tobias.
Watch the interview with Todd Morris and Marc Tobias.
Marc Tobias was interviewed at Brickhouse Security offices in New York by Todd Morris, their CEO. Marc discusses the security of locks and insecurity engineering issues.
Security Labs analyzed the BioLock 333, produced in Hong Kong and was being sold by Brickhouse Security in New York. Our lab was asked to evaluate its design. We found it could be opened in seconds with the insertion of a paperclip into the keyway. We would not recommended that anyone purchase this lock, even though it looks secure. it is not.
The Amsec 1014 small consumer safe is not secure and can be opened in seconds by jiggling, as shown in the video by a child. This safe relies upon a solenoid to accomplish locking, but solenoids are not secure at all and can be vibrated open. See the reports on Stack-On Safes to learn what can happen. Their safe was opened by a child, which resulted in the death of a three-year old in Vancouver, Washington.
A semi-annual Science Expo is held at the University of Pittsburgh by the Swanson School of Engineering. Students demonstrate and discuss their projects in mechanical, electrical, computer, and biomedical engineering for the semester.
The Security Engineering Lab is sponsored by Investigative Law Offices and Security Labs to teach senior engineering students about product design and reverse engineering. The focus is on security and the students work different problems for Security Labs and its clients, which are primarily lock manufacturers worldwide.
Projects in 2018 included a high-tech cane for the elderly, secure prescription drug containers, and an integrated alarm-safe for home use, and a device to protect portable electronic devices such as computer laptops. Watch the interviews conducted with students for these projects.
Combined Alarm-Safe integrating a wireless alarm system with a small electronic safe.
Security Labs and the Security Engineering Lab at the University of Pittsburgh held its semi-annual seminar for students and faculty for three hours discussing different security issues and lock designs, including defective products. Students were able to open the CleverMade packaf
Photo gallery from the Security Engineering Expo at the University of Pittsburgh 2020
This is an example of one of more than one-hundred videos in the D.A.M.E course taught by Harry L. Sher for locksmiths, government agents, risk managers and security experts. D.A.M.E. is the acronym for Defenses Against Methods of Entry. It is a course that Harry has been teaching for more than twenty years, produced by Marc Weber Tobias. Originally the series was published on disk, and is now online.
This is another example of one of the videos in the Defenses Against Methods of Entry series, called DAME, by Harry Sher and produced by Marc Weber Tobias. The series is being updated and placed online.
BRAMAH25Discussion with Bramah Lock company in London regarding the design of their high-securityBRAMAH25 lock and how it was defeated by Alfred Hobs in 1851.
Many wireless alarm systems can be defeated through a Denial of Service attack. Watch the videos on how a system was defeated a few years ago by jamming the receiver that operates on a discreet alarm frequency. The two videos show normal operation, and then the system defeat.
The KBAB SIMPLEX 1000 was easily defeated with a rare earth magnet in 2009, and resulted in the filing of a class action lawsuit against the company. Watch the video that demonstrates the ease in defeating this lock. The company made design changes to fix the problem by removing a ferrous component that was critical to locking.
The KABA SIMPLEX AND E-PLEX 5000 and 5800 were subject to multiple design issues that allowed us to defeat this sophisticated electronic lock within seconds. Watch the videos that were shown at DefCon
Sputnik is produced by several companies, including Wendt and MSC, both in Germany. it is capable of manipulating multiple pin tumblers at the same time. It is also discussed in Tobias on “Locks and Insecurity Engineering.”
Watch the video with Oli Diederichsen demonstrating the Sputnik picking and decoding tool.
The Electropick is a device that can easily and rapidly pick pin tumbler locks. One of the best tools is produced by Wendt. it has special tips for bumping of difficult-to-open locks as well. Watch Addi Wendt demonstrate their pick opening pin tumbler profile cylinders.
This book details insecurity design issues for mechanical, electro-mechanical, and electronic locks. it is written for design engineers, risk managers, law enforcement, crime labs, covert entry experts, and lawyers. It is 700 pages in length and extremely comprehensive.
Read the introductory pages of the book and also preview the comprehensive index on this site. We will offer a bundled price for this book and Open in Thirty Seconds: Cracking one of the most secure locks in America. Please contact the author at mwtobias@securitylaboratories.org for information.
In 2004, Marc Tobias posted a security alert that the Kryptonite bike lock could be easily opened by impressioning with a ballpoint pen. Watch the video demonstration. by a bike lock user.
The Kaba Saflok InSync cylinder uses a simulated key with RFID to control its mechanism. While this is a very clever and popular lock, it can be opened in seconds with the insertion of a shim wire through its USB data port. This video was produced several years ago, and the manufacturer may have closed the gap that allowed this defeat to occur.
This is an excellent example of insecurity engineering and is discussed in the new book entitled Tobias on Locks and Insecurity Engineering, published by John Wiley.
Reed switches are the preferred technology for alarm trips that are used on doors, windows, and moving objects. Watch the video that was produced by Magnasphere about these vulnerabilities. Magnasphere is the leading high-security alarm trip supplier.
The lock that was developed by Rayonics and ACSYS is extremely clever but can be defeated because of insecurity engineering issues. Watch the video produced by Security Labs to provide an in-depth discussion for design engineers.
NOBLE is one of the leaders in the laptop-lock sector. They developed a “wedge lock” to mate with the small slots on computers to attach cable locks. Watch our analysis of how we developed many methods to instantly defeat this design. This is a perfect example of insecurity engineering failures.
Watch the detailed discussion of traditional and high-security balanced magnetic switches by Magnasphere Corporation. They produce UL 634-rated switches for government institutions. Watch this excellent video.
Watch Rick Kirtchner the former CEO of Magnasphere Corporation, explain how the BMS works and is defeated. The Balanced Magnetic Switch is the primary component in alarm systems for government agencies and high-security facilities.
Watch the video demonstration of how the Biolock 333 was defeated with a paperclip. This is a perfect example of insecurity engineering and is discussed in the new book by Marc Tobias, Tobias on Locks and Insecurity Engineering, published by John Wiley. This lock looks secure, but is not.
Borescopes are optical devices designed to look into very small openings in locks and safes for decoding tumbler packs. Watch the video by Wendt in Germany of the
use of a borescope with a camera and high-resolution display for reading the wheel pack.
Many safes are designed around a solenoid to block the movement of bolt systems. Most of these can be rapidly defeated by introducing shock and vibration. A tool produced by Wendt in Germany is attached to a reciprocal drill motor to generate the required energy to move the solenoid to an unlocked position. Watch the video.
CX5 Security Solutions is a Canadian company that produced a deadbolt lock that appeared to be a knockoff of the Medeco Maxum high-security deadbolt. The CX5 can be easily defeated and demonstrates insecurity engineering, as described in Tobias on Locks and Insecurity Engineering book published in 2024. Watch our video analysis.
Mar Tobias with Dr. Frank Stajano at Trinity College, Cambridge. Sir Isacc Newton is in the painting. He is the father of modern lock bumping, using his Third Law of Motion.
Motor Vehicle bypass technology and tools Addi Wendt demonstrates the Electronic Pick by Wendt security Many locks can be easily opened by a variety of simple to complex covert entry tools, produced and sold by Lockmasters and Wendt. Read my article in Forbes that discusses some of these at the LockFest meeting in the Czech[...]