Re: Kwikset SmartKey Padlock
Neilau wrote:I recall hearing, quite a few years back, that TOOOL in the Nederlands discovered a major security flaw in a common door lock and the manufacture did not address it when it was pointed out. They went public and the manufacturer had to recall a lot of locks and replace them for free.
I do not remember if it was Barry Wels or Toool that uncovered the vulnerability, but this certainly happened(free replacement locks) with the Kryptonite bicycle locks which used a tubular lock, when the Bic pen lid bypass (more accurately a self-impressioning attack) became widely publicised.
In fact as I type this(I must be getting old-timer's, too!), I remember Barry did post about vulnerability in a bike lock that used a wafer lock - it was an over lifting attack, whereby a blank key was inserted, tensioned & quickly withdrawn from the lock, thus opening it.
Barry was not the first to discover the attack - firstly this is an old & well known method of opening many wafer locks & furthermore, in this instance it was independently discovered by a group of bicycle enthusiasts, who in turn reported it to the police, who then claimed credit for the 'discovery' for themselves...
Barry heard about it, acquired a couple of the locks, and some blank keys, started experimenting & then figured out the vulnerability himself. It seems that until then, he was unaware of this method of opening wafer locks.
Interestingly the attack only worked on 50% of the Axa locks. The lock was available with two keyway profiles, which were mirror images of each other. Only one keyway profile was vulnerable to this attack.
The company (Axa) offered a 50% discount on a replacement lock when a popular news program, Kassa, did an article about the attack on prime time TV. In this instance, I don't think Barry chose to notify the manufacturer of the vulnerability before going public.
It is years since I read about this, so I may have got part of the story or it's timeline mixed up .
There is more detail here :
http://blackbag.nl/?p=151
http://blackbag.nl/?p=152
http://blackbag.nl/?p=153
On a side-note, I have always been curious as to whether Kryptonite offered free replacement locks here in Australia. I suspect they didn't.
...Mark
EDIT : a door lock vulnerability that springs to mind when I think of Barry Wels & Toool is the locks found to be vulnerable to the magnetic ring attack (a drill was used to spin an aluminium ring, containing magnets, which induced a current in certain electric motor actuated electro-mechanical locks). This was not discovered by Toool, it surfaced on YouTube, the lock exploited was made by Uhlmann & Zacher.
Toool investigated if the bypass was a myth & when they found that it worked, they tested the bypass on a wide variety of electromechanical locks. They found many supposedly high-security locks to be vulnerable & chose not to list them & notified the manufacturers. I do not know how the vulnerable lock's manufacturers responded.