There has never been such a great time to be a thief. All you have to do is get $15 worth of tools, and you can steal just about anything that has a lock on it. That sounds pretty scary, doesn’t it? You might be trying to reassure yourself by thinking about how much you paid for your $200 biometric security safe. I hope you still have the receipt because a price tag alone isn’t going to protect you from a 2 minute YouTube video. An item on Amazon averaging four stars with 227 reviews should not be so easily exploited. Sadly, this isn’t just a single case of a widely available lock being opened so easily. Almost every lock you can buy at a Homedepot or a Wallmart can be opened in a matter of seconds by an experienced picker with relatively cheap tools.

One of the most venerable and most common locks on the market is the Tubular Lock. These locks are everywhere, and most wouldn’t even think that they could be opened without calling a locksmith. But with just a $20 impressioning tool, you can open just about every one of these in a matter of seconds. What makes this especially concerning me is where these terrible locks are used. I have seen them on elevators, lockboxes, and worst of all, gun safes. Instilling this false sense of confidence leads consumers to use these terrible locks as their only security on these critical devices.


How to open a Tubular Lock in 30 seconds.

Shimming

So let’s look at another type of lock that everyone has seen, a padlock. Almost every consumer-grade padlock sold in a retail store like Homedepot pre-2010 was venerable to what’s known as a shimming attack (and many still are). Sliding two pieces of metal in between the shackle and the lock body can push the locking bar out of the way, which instantly opens the lock. Opening the lock-in almost the same time it would have taken to dig the key out of your backpack completely defeats the purpose of the lock. If the goal were to prevent an intruder from entering your shed, it would be several times more effective just to throw the lock at the trespasser.

/assets/lock shimed.png Shimming open a padlock with shims made out of a soda can. Tutorial

The primary cause of this issue is the design of the locking bar. There are angled cuts at the ends of the bar, which allow the lock to be closed while the bar is in the closed position. This also contributes to the audible “click” you hear when you close a padlock. There are many ways to fix this issue, all with varying complexity. The most common fix is to modify the design to use a ball-bearing cammed on the main cylinder instead of a wedged bar.

Picking

To understand these attacks, we have to look at how a pin tumbler lock is designed. Firstly there are the pins. These are going to be the orange and blue cylinders in the diagram. These pins stacks are pushed up in varying amounts by the pointy bits (bitting) on the key. If the right key is inserted, the cylinders will meet at the shear line, and this is what allows the lock cylinder to turn.

/assets/lock diagram.png Cross-sectional view of a lock.

Any pins above or below the shear line will block the cylinder from rotating. The bitting on the key pushes the pins into the correct position.

No lock is created perfect, there’s always going to be a little bit of slop in the mechanism from the manufacturing process. This slop is often referred to as a tolerance. Low tolerance locks are cheaper to produce but also open the lock to a bevy of attacks.

The most common attack is called single-pin picking. This attack works by applying leverage to the keyway (where the key goes in) with a tool and individually lining the pins up at the sheer line to make it think a valid key was inserted. Since the holes are not and cannot be drilled in a perfectly straight line, some pins will rub against the sides of the lock more than others. This means that if you apply leverage to a lock, there will be one pin that is noticeably more difficult to move than the others. Once the “difficult” pin is lined up at the shear line, another pin will become difficult to move. Repeat this process a few times, and you can fool a lock into opening.

Special tools can be bought or made for this task. There are several tutorials on the internet showing how to make your own if you don’t want to buy any.

Manipulating individual pins inside a lock with a simple tool. Imagine this is your door.

Every lock on the market is susceptible to this exploit to varying degrees. Tighter tolerances during the machining process and the usage of security pins make the lock more difficult to pick to the point where only a highly experienced lock picker could open them. It would be great if more lock security features were present in the consumer space, but that just isn’t reality.

The lock market is swamped by cheap, unbranded, locks from China that are laughably bad. That seems to be the case with this Chinese padlock I bought from Aliexpress a few months ago. By just inserting an indiscriminate piece of metal into the lock, I can somehow fool the lock into opening.

The Marketing Wankateering

With all these cheap locks in the market, an average consumer can’t assess the safety of a particular lock. Locks in stores are branded as “High Security”, “Double Security”, and “Maximum Security” and this useless marketing doublespeak misleads and flat-out confuses consumers to the point where they pick whatever one’s the cheapest because they all look the same.

/assets/lock marketing.png Lock packaging can often over-promise.

In the instance where you are short a paperweight, this may not be a bad option. A much greater concern is when the same garbage is bought to protect critical items such as a firearm in a house, opioids in a hospital, or your $100,000 Tesla in your garage.

A wide-spread adaptation of a standardized numerical rating these locks based on tolerances and other standard security features would undoubtedly help consumers understand what locks are meant to be used where. Who knows, something like this might even encourage manufacturers to divert some of their focus from marketing to design.

So I’m Screwed?

Bob Marley famously said, “every little thing is gonna be alright,” and the same applies here. Protecting yourself just involves a little bit of due diligence. I find it most comfortable to defer to people who do this for a living. There are several YouTube channels and websites that focus specifically on lock security. My personal favorites are the LockPickingLawyer and BosnianBill. Watching a few of these videos can give you a good idea of what brands to avoid and what locks are worth your money. Next time you need to buy a lock, look through their recommendations. You never know, it might one day pay off.