How professional locksmiths are getting picked apart online.

Innovation, the Internet, gadgets, and more.
July 23 2008 3:39 PM

Pick a Lock, Any Lock

YouTube makes it easy to learn the finer points of breaking and entering—and locksmiths aren't happy.

(Continued from Page 1)

But locksmiths also fear being overrun by a competing philosophy of security. In the past, the lock industry would try to fix flaws in locks quietly. Secrecy, locksmiths and lockmakers reasoned, limited the chance that bad guys would learn dangerous tricks. In computer hacker-speak, this is known as "security through obscurity," a label that's rarely complimentary. Locksport fans argue that obscurity is hard to come by in a digital world: Relying on secrecy to keep locks safe is bad design because nothing is secret anymore. Locksport, consequently, works according to Linus' law, named after open-source-software guru Linus Torvalds: "Given enough eyeballs, all bugs are shallow."

You can see this philosophy play out on YouTube, which bursts with videos of amateur lock pickers doing their thing. And lock-picking forums regularly erupt over any newly discovered exploit. At the moment, there's much excitement over a new book by Marc Tobias and his colleague Tobias Bluzmanis that explains how to defeat high-security locks made by a company called Medeco. These locks are used at the White House, the Pentagon, Buckingham Palace, and hundreds of thousands of homes and businesses. Tobias' book would allow "a reasonably skilled person to open them," he says. He adds, in his defense: "I think everybody's got a right to know if there's a vulnerability in their locks."

Advertisement

Tobias' argument sounds similar to that of white-hat computer hackers who look for security flaws as a way to prevent the bad guys from getting there first. (It can also stand as a justification for writing this article—"everybody's got a right to know" is a journalist's excuse for publishing potentially mischief-making news.) But there's a hitch: Locks are physical, not virtual. When a computer scientist tells Apple that he's found a dangerous security hole in the iPhone, Apple may not welcome the negative publicity, but at least the problem is fixable—the company issues a patch to iPhone owners, and that particular hole is closed. But what should Medeco do about Tobias' findings? It can certainly try to address the newfound vulnerabilities in future versions of its locks. (Indeed, Medeco says it's fixed some of them already.) But unlike your iPhone, old locks can't be updated. And now that every would-be criminal can find out about the new flaw online, what happens to the poor souls who own vulnerable Medeco locks?

Confronted with this situation, some lockmakers have taken the (very expensive) high road. A few years ago, Tobias discovered that a ball-point pen can pick open tubular locks, and bicycle owners saw that the flaw rendered their Kryptonite-brand U-locks almost useless. Kryptonite quickly fixed the problem and eventually replaced tens of thousands of locks.

But most lockmakers don't respond this way. Often, Lock Picking 101's Josh Nekrep says, they ignore problems that outsiders bring to them. Tobias told me that he's sent Medeco reams of research documenting the flaws in its locks, and the company has never responded. Clyde Roberson, Medeco's technical director, disputes this. He says that the firm takes all information from the locksport community seriously and routinely improves its locks based on what people find. The company's director of research recently wrote an "open letter" to lock-picking enthusiasts in which he expressed hope that amateurs and professionals can come together and "continue to improve the security and safety that locks provide to the world."

But that doesn't tell you what to do if you've got a potentially vulnerable Medeco lock. Don't count on Medeco to replace it: "When you buy a lock, you don't buy a subscription," Roberson told me. Instead, he counseled, people should visit experts and determine their security needs. Locksport enthusiast Nekrep agreed—when you see on YouTube that your lock can be broken, you should do what you've always done. Call up your local locksmith.

TODAY IN SLATE

History

Slate Plus Early Read: The Self-Made Man

The story of America’s most pliable, pernicious, irrepressible myth.

Rehtaeh Parsons Was the Most Famous Victim in Canada. Now, Journalists Can’t Even Say Her Name.

Mitt Romney May Be Weighing a 2016 Run. That Would Be a Big Mistake.

Amazing Photos From Hong Kong’s Umbrella Revolution

Transparent Is the Fall’s Only Great New Show

The XX Factor

Rehtaeh Parsons Was the Most Famous Victim in Canada

Now, journalists can't even say her name.

Doublex

Lena Dunham, the Book

More shtick than honesty in Not That Kind of Girl.

What a Juicy New Book About Diane Sawyer and Katie Couric Fails to Tell Us About the TV News Business

Does Your Child Have Sluggish Cognitive Tempo? Or Is That Just a Disorder Made Up to Scare You?

  News & Politics
History
Sept. 29 2014 11:45 PM The Self-Made Man The story of America’s most pliable, pernicious, irrepressible myth.
  Business
Moneybox
Sept. 29 2014 7:01 PM We May Never Know If Larry Ellison Flew a Fighter Jet Under the Golden Gate Bridge
  Life
Dear Prudence
Sept. 29 2014 3:10 PM The Lonely Teetotaler Prudie counsels a letter writer who doesn’t drink alcohol—and is constantly harassed by others for it.
  Double X
Doublex
Sept. 29 2014 11:43 PM Lena Dunham, the Book More shtick than honesty in Not That Kind of Girl.
  Slate Plus
Slate Fare
Sept. 29 2014 8:45 AM Slate Isn’t Too Liberal, but … What readers said about the magazine’s bias and balance.
  Arts
Brow Beat
Sept. 29 2014 9:06 PM Paul Thomas Anderson’s Inherent Vice Looks Like a Comic Masterpiece
  Technology
Future Tense
Sept. 29 2014 11:56 PM Innovation Starvation, the Next Generation Humankind has lots of great ideas for the future. We need people to carry them out.
  Health & Science
Medical Examiner
Sept. 29 2014 11:32 PM The Daydream Disorder Is sluggish cognitive tempo a disease or disease mongering?
  Sports
Sports Nut
Sept. 28 2014 8:30 PM NFL Players Die Young. Or Maybe They Live Long Lives. Why it’s so hard to pin down the effects of football on players’ lives.