Presentation is loading. Please wait.

Presentation is loading. Please wait.

How To Make Friends & Influence Lock Manufacturers Schuyler Towne & Jon King DEFCON 16, 2008 Reviewing this on the DEFCON 16 DVD? Be sure to check ndemag.com/DC16.

Published byJob Patterson Modified over 8 years ago

Similar presentations

Presentation on theme: "How To Make Friends & Influence Lock Manufacturers Schuyler Towne & Jon King DEFCON 16, 2008 Reviewing this on the DEFCON 16 DVD? Be sure to check ndemag.com/DC16."— Presentation transcript:

1 How To Make Friends & Influence Lock Manufacturers Schuyler Towne & Jon King DEFCON 16, 2008 Reviewing this on the DEFCON 16 DVD? Be sure to check ndemag.com/DC16 for updates.ndemag.com/DC16 Much of the material covered in this talk is on-going. This document has been prepared more than a month prior to publication. Any omissions or inaccuracies in this version will have to be forgiven. Please consult the current version for accurate information. Thank you.

2 9/26/20162 LOCK-AND-KEY: n. The distinguishing device of civilization and enlightenment. – Ambrose Bierce – Ambrose Bierce

3 6/30/083 Let's Talk RoboKey System: Developed with the locksport community Kwikset / Weiser's Smartkey Responded to bumping with complete redesign ABUS Plus Fixed flaw found by lockpicker & issued new challenge Medeco Worked with Jon King to mutually release exploit Q&A / Super-secret announcement

4 9/26/20164 The RoboKey System John Laughlin with Barry Wels of TOOOL “It's easy to love your own baby, but we wanted to get this out to the community. We figured they wouldn't be shy about telling us what was wrong with it.” –John Laughlin, Stanton Concepts “It's easy to love your own baby, but we wanted to get this out to the community. We figured they wouldn't be shy about telling us what was wrong with it.” –John Laughlin, Stanton Concepts

5 9/26/20165 Background John & Bob Laughlin John was a communications engineer Bob was a retired lock engineer When telcom bust John started working with his father Inspiration Both have a healthy interest in security World more interested in security than ever before Opportunity to address a lot of areas that hadn't received the scrutiny they were due How can we secure containers that have to change hands multiple times / survive tough environments

6 9/26/20166 Basic Operation Disc-Detainer type mechanism Looks like an Abloy style cylinder Has flies like a combo lock Extremely rugged for environmental conditions Automatic dialer Operator does not need to know combo, just has to be a valid user Various potential forms of authentication – password, RFID, embedded dialer in cell phone, matched pair, etc. Manual dialer Physical lock can still be operated manually

7 9/26/20167 Community Scrutiny First Introductions Bob Laughlin met Han Fey via eBay/both avid collectors Met in Holland in early 2006 to see RKS Han invited John to the Dutch Open Dutch Open “The people were very generous with their knowledge” Panel on viable attacks & applications ALOA Attended ALOA with Han & Barry Showcased RKS & other products Article in Locksmith Ledger as a result

8 9/26/20168 Open Source Future Open source developer kits Looking to license their product Wanted to get the ball rolling while seeking a deal Open source software and microcontroller Add whatever functionality you want Aiming to get total package, lock & dialer kit for ~$300 Would love to hear from you John has always kept in touch with folks in the locksport community Answering questions and fielding commentary about the NDE article at lockpickology.com

9 9/26/20169 Smartkey Photo courtesy Mike Brewerton “At least one lock maker says the hobbyists can help companies...” –Wall Street Journal “At least one lock maker says the hobbyists can help companies...” –Wall Street Journal

10 9/26/201610 Bump In The Night How blind were we? Walt Strader told the WSJ he heard of bumping via locksport groups Told them this in 2006 Smartkey is launched Lock is 100% bump proof Rekeyable (NOT U-Change)‏ Subdued marketing campaign – no initial mention of bumping Rigorous testing process

11 9/26/201611 How Does It Work? Breakdowns courtesy Zeke

12 9/26/201612 Testing 2006 Dutch Open Prototype from an unnamed company Arthurmeister! Definite challenge Japan Different culture of entry Interesting methods of testing Passed the 15 minute attacks with flying colors

13 9/26/201613 Smartkey 2 The new generation Updated materials for destructive entry (DE) concerns Similarly subdued roll-out to first generation Out now! What does the future hold? Black and Decker employees now keep an active eye on the locksport community Led to current advances & additional free feedback Excited for future collaboration

14 9/26/201614 ABUS Plus System Photo & Quote by Jaakko Fagerlund “I suppose that nobody thought you could actually “look” behind the discs...”

15 9/26/201615 The Exploit Background Zeke's Contest Everyone missed the flaw – forest for the trees Created proof of concept How it works: Photos Courtesy Jaakko Fagerlund

16 9/26/201616 Simplification The goal Build the simplest version of Jaakko's tool possible Build the least expensive version possible The tool At the advice of a fellow lockpicker we used the filed down head of a nail Many impressioning mediums were tried before we settled on white glue

17 9/26/201617 Alerting ABUS First Contact Arranged by an LP101 member “mh” Initial response was polite, but non-commital Proof is in the pudding - Jaakko's PDF got attention The Response A brief silence Updated all current production Challenged Jaakko to defeat the new mixed cylinder Jaakko could only get the keys to the lock if he uncovered the bitting

18 9/26/201618 Current Events Jaakko's ABUS Plus Pick A brief silence Community funded Successfully picked the challenge lock!

19 9/26/201619 Medecoder Photo & Quote by Jaakko Fagerlund “I suppose that nobody thought you could actually "look" behind the discs...” “Who is Jon King and what is he doing with our locks?” –Peter Field, Medeco

20 9/26/201620 Who is this guy? Jon King JK_the_CJer, JK, etc. Navy Locksport Hobbiest Security Geek I am NOT Speaking on behalf of the Navy Speaking on behalf of Medeco

21 9/26/201621 My Obsession Why Medeco? Holy Grail of pin tumblers Pins must lift and rotate Lots of attempts by the community OK – Show me...in one picture

22 9/26/201622 The Problems Open Grooves OMG Wire! Even Spacing

23 9/26/201623 Humble Beginnings Early tool designs aimed at rotating all of the pins at once “I suppose that nobody thought you could actually "look" behind the discs...”

24 9/26/201624 Let's Simplify Maybe I'll try hooking into one pin first

25 9/26/201625 The Early Tools + =

26 9/26/201626 Purdy

27 9/26/201627 The Community Lockpicking101.com Schuyler Towne Doug Farre Mitch Capper Everyone else... Public release & NDE Wanted to publicly release via NDE Magazine “Let's get a manufacturer reaction”

28 9/26/201628 Quite A Reaction Peter Field Head of R&D at Medeco drove to my house Lock talk, history, other exploits, etc. Closed Grooves Medeco reimplements the ARX closed groove pins

29 9/26/201629 The Future Keep going! Nothing is impossible! Think before disclosure! Don't get wrapped up, have fun!

30 9/26/201630 Final Thoughts Please help We're getting our feet in the door Our communities are merging Physical security disclosure is DIFFERENT than digital security disclosure Want to help? schuyler@ndemag.com And finally, that super-secret announcement...

31 9/26/201631 The NDE Grant Misson Our goal is to help get tools and supplies into the hands of hobbyists who are doing legitimate lock research. Once an exploit is discovered and verified we work with the researcher(s) to communicate with the manufacturer. I have privately funded a few research projects, but this is not sustainable for me financially, so I'm opening the funding up to public donations. For more details, please visit: ndemag.com/grantndemag.com/grant

32 9/26/201632 Thank You! And thanks to: Zeke79 Raimundo & DB Mike Brewerton Lockpickology.com & LP101 Jon King Peter Fields Walt Strader John Laughlin Jaakko Fagerlund ABUS

33 9/26/201633 FOR LOCKSPORT!

Download ppt "How To Make Friends & Influence Lock Manufacturers Schuyler Towne & Jon King DEFCON 16, 2008 Reviewing this on the DEFCON 16 DVD? Be sure to check ndemag.com/DC16."

Similar presentations

Substitute FAQs SubFinder Overview. FAQs Do I have to have touch-tone service to use SubFinder? No, but you do need a telephone that can be switched from.

Substitute FAQs SubFinder Overview. FAQs Do I have to have touch-tone service to use SubFinder? No, but you do need a telephone that can be switched from.
NETWORKING TECHNIQUES: How to Develop and Utilize your Network.

NETWORKING TECHNIQUES: How to Develop and Utilize your Network.
Watercolor Designs Edith Bowen 1 st grade. Intro Kids sat on rug to start lesson The class was set up with tables grouped together, about 5 kids per group.

Watercolor Designs Edith Bowen 1 st grade. Intro Kids sat on rug to start lesson The class was set up with tables grouped together, about 5 kids per group.
Building Blocks solid foundation for a How to Build the FOUNDATION! & Maintain Solid Growth In your FHTM Business!

Building Blocks solid foundation for a How to Build the FOUNDATION! & Maintain Solid Growth In your FHTM Business!
Tele-Sales Force (TSF) Lead Generation Campaign Script.

Tele-Sales Force (TSF) Lead Generation Campaign Script.
Networking 101: A few tips and pointers By Jennifer L. Bowie, Ph.D.

Networking 101: A few tips and pointers By Jennifer L. Bowie, Ph.D.
Welcome to the wonderful world of……. E-Mail. A Quick & Easy Guide.  What IS E-mail?  A quick, easy and convenient way to send a letter to friends, family.

Welcome to the wonderful world of……. . A Quick & Easy Guide.  What IS ?  A quick, easy and convenient way to send a letter to friends, family.
Customer Surveys Robert & Diana Olivan Regional Directors.

Customer Surveys Robert & Diana Olivan Regional Directors.
Selby McRae Dan Schlacter

Selby McRae Dan Schlacter
APPROACH AND CONTACT (STEP 2 OF THE SYSTEM MANUAL)

APPROACH AND CONTACT (STEP 2 OF THE SYSTEM MANUAL)
Mtivity Client Support System Quick start guide. Mtivity Client Support System We are very pleased to announce the launch of a new Client Support System.

Mtivity Client Support System Quick start guide. Mtivity Client Support System We are very pleased to announce the launch of a new Client Support System.
Locksport An Emerging Subculture By Schuyler Towne DEFCON 15 Aug. 5 2007.

Locksport An Emerging Subculture By Schuyler Towne DEFCON 15 Aug
This work is licensed under a Creative Commons 3.0 Attribution License Wikispaces for Teachers A Guide to Using Them in Your Classroom.

This work is licensed under a Creative Commons 3.0 Attribution License Wikispaces for Teachers A Guide to Using Them in Your Classroom.
Corporate Etiquette. Explain What is Corporate Etiquette List the Benefits of Corporate Etiquette Explain How to Show Etiquette in Communication List.

Corporate Etiquette. Explain What is Corporate Etiquette List the Benefits of Corporate Etiquette Explain How to Show Etiquette in Communication List.
This work is licensed under a Creative Commons 3.0 Attribution License Wikispaces for Teachers A Guide to Using Them in Your Classroom.

This work is licensed under a Creative Commons 3.0 Attribution License Wikispaces for Teachers A Guide to Using Them in Your Classroom.
Writing your Lab Report and Using the Google Drive By Ms. Ninfa.

Writing your Lab Report and Using the Google Drive By Ms. Ninfa.
The Lock Talk at Secure State Schuyler Towne. Parts of the Lock HOUSING KEYWAY PLUG.

The Lock Talk at Secure State Schuyler Towne. Parts of the Lock HOUSING KEYWAY PLUG.
Avalon Science and Engineering Fair 2015 Let’s Get Started Science and Engineering Fair packets will go home this week. All 2 nd, 3 rd, 4 th and 5 th.

Avalon Science and Engineering Fair 2015 Let’s Get Started Science and Engineering Fair packets will go home this week. All 2 nd, 3 rd, 4 th and 5 th.
Networking: The Gateway to your Dream Job

Networking: The Gateway to your Dream Job
Facilitation fiesta Ilona Luukko Hi, my name is Ilona.

Facilitation fiesta Ilona Luukko Hi, my name is Ilona.

Similar presentations

Ads by Google