It also wouldn't take an Eli Whitney to turn it into an automated gadget that works as a universal key for the most common locks.
This channel does the great service of convincingly demonstrating how poorly most locks secure against a skilled attacker. And that the skill threshold is rapidly decreasing.
The only ones that really bother me are the firearm locks. A distressingly large percentage of firearm locks he talks about can be opened in seconds by an untrained teenager, which seems incredibly bad to me.
I got a $20 radio, and left my truck unlocked, with a sign.
The sign read, "Nap in the back of my truck. Use the seat to rest, but please don't break anything else."
Never happened again, and for a week someone was leaving a $10 in my glove box. Crazy?
I drive an old Toyota Truck, and most of you have nicer cars. Oh yea, I did put a kill switch in the truck.
> George and Kramer begin parking at a discount parking lot. After picking up his car George discovers a condom inside and suspects prostitutes are servicing their clients inside the cars.
To be professionally effective, a locksmith must know a lot of trivia about dozens of locks, and you can make that hundreds or thousands if they want to expand to gun safes and bike locks and cars and on and on... For that purpose, the plethora of cheap options is a decent deterrent. No normal burglar is likely to have specialized skills in opening dozens of locks.
But in a targeted attack, if you give any teenager a chance to look at the lock, then a few days to go on the Internet and see someone trivially jiggling the wafer core open, maybe buy an identical lock for $10 and practice their skills, none of the basic products are likely to be effective.
There are also laws in many states against possession of lockpicks during commission of a crime (esp. burglary). Criminals probably avoid carrying lockpicks because they if they are caught, the lockpicks will cause them to face more jail time. Carrying lockpicks while trespassing might also be used to show intent to commit burglary.
- must be approved by the insurance companies (they have a test procedure that IIRC is to have two experienced persons try to break it using anything up to and including hand held power tools)
- must weight 150kgs or
- be bolted to the floor from the inside
However, something like a pick gun can server pretty well for a wide variety of locks, with the limitation that they lose some efficacy when a lock has security pins.
These have existed for a while. https://www.youtube.com/watch?v=JKZ_vJDMJ9A
The mechanism isn't quite the same, but that's because for most common locks, if you're building a machine you don't need pin-by-pin picking.
No matter how elaborate your designs, someone will always find a way in given enough incentive. And given enough time, a tricky, narrow exploit gets widened into a highway.
Security is a red queen. You have to run fast just to stay in the same place.
I'd reverse it. When you realize you need "security" you can't just focus on one or two aspects. You have to figure out what you need security from. A padlock won't stop the government of course, but it will stop a teenager who wouldn't want to leave any trace of breaking it nor know how to pick locks.
Just like storing your cryptocurrencies on a hardware device might protect it against phishing attacks or other technological attacks but it won't stop someone from grabbing you in person and threatening you with a hammer. For that you need physical protection.
So unless you know who you're protecting yourself/your thing against, you won't be able to know what security you really need.
Be weary of anyone who makes security recommendations without first qualifying their audience's threat model. Unless they understand what they're trying to protect against, it's simply opinionated guesswork, and could even be counterproductive.
Steve/Source: my uncle had burglars while they were sleeping and the dogs never barked.
Especially when you consider how many locks (esp. high tech locks) are vulnerable to low skill attacks (rapping, shimming, magnets).
So which are some of the locks that secure better than most locks?
They're really a key recovery tool - you can read out the lock and make a key, as Lock Picking Lawyer does. He has a old manual key originating machine where you can hand-cut a key with specific notches. There are newer CNC machines for that.
These Lishi picks can be had on alibaba and aliexpress for about 1/3 to 1/2 the price he is selling them at
The inventor is Li ZhiQin and the brand is now called Li shi (meaning Mr. Li)
But also... rarely have I seen both a pro-Communist argument and an anti-Communist argument in the same sentence lol
China is as communist as north korea is democratic republic.
Just because they call themselves something it doesnt mean they are it.
You do you. I have a product I designed, and produce, knocked off by a Chinese company and sold on Alibaba. Super Cool.
Since then I've thought of locks more like deterrent than bulletproof security.
Remember, a rock to the window will get someone into your house. A bolt cutter will take off small padlocks. So yes, most locks are there to protect from the casual or opportunistic thief. That doesn't mean we don't need the of course.
Security films that dramatically up the ante on what it takes to go through windows are getting cheap and easy to install. If I had thought about it when I got my windows tinted a few years back I would have just had them added on, especially for my downstairs windows (not sure I would bother with most of the upstairs - I have no trees or easy access to most of them).
There are many simple things you can do to dramatically up the ante on what it takes for someone to molest your stuff. A recent news story talked about people using coat hangers to trip emergency garage door releases so a quick re-security it with a zip tie that will break with a solid tug for it's real use, but be too hard to break with a wire from outside is all that was needed to close that "hole".
Need a place to share this kind of stuff for homeowners. I recon it would probably be a small percentage but still a large number.
I'm sorry, but your anecdote smells. If you are robbing houses at random, the last thing you want to do is rob an occupied home. You rob an occupied home for a reason specific to that house or the owner of that house.
Most burglaries happen in the daytime when people are at work and their houses would be locked regardless.
And the most common form of home theft nowadays is package theft. Which isn't going to be thwarted by locking your home since, you know, the package is just sitting on the porch.
 i tried to find who said it, but it looks like there are a ton of variations.
And this doesn't even begin to touch on other vulnerabilities, like the hinges of doors being on the outside. Just take a screw driver and hammer and pop the pins out.
My view is that you choose lock cores based on how difficult you want it to be to pick before it makes more sense to resort to destructive entry.
For a bike lock on the street, a few minutes of picking won't look much different to pedestrians than someone simply struggling with their own bike lock. But destructive removal is much more obvious. (Unless it's a physically flimsy lock, or even a beefy one with a simple bypass vulnerability)
It's much more obvious, but nobody is going to give two craps about you taking an angle grinder to someone else's bicycle lock. Bystanders don't want to get involved, and police don't pay any attention to bicycle theft.
Hell, one time a small company I worked for had five figures of gear stolen in a break-in... and then several other businesses in the area did, too. Well over $100,000 (retail) of equipment stolen by the end. Multiple cameras at multiple businesses caught them, including their van and plate number. The cops did the same, "yeah, yeah, here's your report, we don't care" until someone called them while sitting directly behind the van in question and told them they'd found the guys and to get off their asses and do something.
AFAIK nothing was recovered anyway, but I think they were at least arrested. Yay?
I honestly don't know what they do aside from give out traffic tickets and harass people.
So, yes, destructive lock removal can still be fairly safe for the thief, but there is still a lot of increased risk if you employ a proper lock that would require an angle grinder, and most thieves probably don't bother to carry around tools like that and will simply move on to one of many ample opportunities for an easier target: A handheld compound bolt cutter will cut through inferior locks faster than opening with a key, so why bother bringing bulkier more obvious tools that increase risk even a little bit?
It's not about whether your bike can be stolen: it almost certainly can. It's about making other targets more attractive.
They're considered motorcycle alarms but work on anything with disk brakes.
It also stops the back wheel from turning.
I am thinking of getting a Boosted Rev (escooter, $1,600) and have wondered how I would secure it when going into stores. It seems as if any lock under $120 can be snapped by 3-foot bolt cutters (and the more expensive ones can still be easily picked).
I think I would probably get a decent u-lock and also a lock that makes noise and is triggered by even slight motion (to draw attention if someone is fiddling with it.
To be fair most american houses are built such that a reasonably burly person could punch through the wall. I’ve seen friends leave big holes in the wall just from falling down some stairs. Glass windows also are easy to get through.
The problem with lock-picking is that it doesn’t leave signs of a break-in.
However I’ve heard fun stories from my part of Europe where most people live in apartment buildings and own their apartment. Armored doors are a popular upgrade.
But nobody upgrades the thin brick wall holding that fancy $3000 armored door ... you can guess what started happening as thieves realized the doors are too difficult and a window on 5th floor isn’t very accessible.
And also from a darkweb guide to burglary.
"Cut a hole in the door and the alarm won't go off"
Sorta. Lock picking will leave marks/wear that no key would. So I recommend everyone try to pick their own lock today to make it look like someone picked it for up-to-no-good reasons.
Sure, some locks won't care. But there are some that can permanently jam pins if you don't know what you are doing (and, in some cases, even if you do).
Ordinary pin-tumbler locks with some wear on them are embarrassingly easy to pick. Raking or bumping usually works. Just apply some tension and stick in something that lets you move the pins.
There's a marketing reason for this. If you design a lock that wears out into a locked condition, customers eventually get locked out and are angry. If you design a lock that wears into an easier to unlock condition, customers don't notice.
So I just treat it as a useful skill to have in emergencies. I leave a set of picks in my cars' glove compartments and a very crude set (a very basic tensioner and a bunch of hairpins) in my yard. Has come in handy a couple of times when I've locked myself out.
I was able to open padlocks effortlessly, but my front door deadbolt kicked my butt.
edit: And there are a lot good lock companies producing quality locks. They just cost like $100 (and way more for doors. A quality abloy lockbody and the stuff on the frame is like $300+ without work) for a lock while a cheap one costs like $5. Though expensive does not mean good some are just scams so be careful/read up on what you are buying.
And still even these good ones are pickable just require hundreds or thousands of hours (and specialized tools) to become good enough to do it reliably instead of 5 minutes.
And for doors once you put a quality lock on it you need a skilled worker to properly install both the lock and the door. Look up some physical pen testing videos online how shitty installs the worlds is full of. Basically you can get in through so many doors with a small piece of scrap plastic.
Also once you get a really good lock a locksmith (or pretty much anyone for that matter) will not be able to pick it. So if you lose your keys it will have to be broken and then you are out your expensive $100+ lock.
Even cheap locks are good enough that in most installations they are not the weak link.
Why bother? There's no skill to angle grinding off a lock shackle, literally anyone can do it.
I'm kind of imagining that at some point, someone will "solve" locks, and create a physical equivalent of RSA. I expect that mechanical solutions will be too cost-prohibitive, so is the only route for progress through electronic lock systems? From a few videos on this channel, it looks pretty dire for those, but perhaps the incentive isn't there yet.
Point is: there is no digital solution for this problem. It will always have an analog solution.
IMO the purpose of a lock is to either 1) slow down an attacker long enough for (eg) police to show up, or 2) discourage an attacker from breaking into _your_ house in favor of your neighbor's house.
Sure they can. Lock-picking is a search for a minima. You just need a design where there's no way to tell if you're getting closer to the right combination. That is, something senses the combination on the key, saves it, and then tests the saved info while protected from manipulation. Doing this cheaply and in a small package is difficult.
Someone recently built such a lock and sent it to the Lock Picking Lawyer. No results yet.
One classic lock close to that was the Chubb Detector Lock. If any lever was pushed too high, the relocking device tripped and the lock would no longer open. Use the wrong key and you were locked out. This was usually fitted with a second mechanism so that turning the correct key in the wrong direction would reset the detector. If built without the reset feature, pick attempts or using the wrong key would disable the lock permanently. This was highly secure but inconvenient.
This is probably a solveable problem if you're willing to have a sizable box on the the door, like 19th century door locks or jail locks today. You'd want that anyway, for mechanical strength.
If you didn't encrypt HTTP, you could sniff packets on the network, walk through the front door. If it was weakly encrypted, someone with some level of expertise could basically do the same, pick the cheap lock and walk through the front door. With RSA-like encryption, this avenue of attack is basically closed, and now the options are more like "try and steal this guy's laptop" or "launch MITM attacks".
This might be useful for niche use-cases or academic reasons, but for a commercial product, the value proposition doesn't make as much sense. After a certain point of pick/bypass resistance, adding cost to a lock isn't actually protecting most users from any plausible attacker. And is more likely to prevent the authorized user from gaining access in a lockout scenario than it is to prevent a real-world attack.
In most cases where someone faces a sophisticated attacker that could bypass a security lock, you'd be better served by layering other security techniques, instead of putting your eggs all in one basket with the physical lock.
I guess I can see how they might be made to tighter tolerances and tighter keyways.
I can certainly see how such locks might be more difficult to pick, though.
I will say a product is more likely to be secure if the manufacturer is intentionally choosing a rarer style simply because they are taking security into account
That's an interesting name!
Note that the picture on the sets are of him as well.
It wouldn't be too difficult to McGyver something similar to a lishi using 3D printing with a thin metal insert.
Same goes for encryption. Your AES-256 is great today, fine tomorrow, and probably broken in 10 years.
Also, given how many electronic locks he features which are total garbage I would not buy one of those for most use cases.
When EVERY random teenager can easily access these tools and learn these tricks, it's liable to start causing some larger scale problems that could indeed force change in the industry.
This guy has a YouTube channel with nearly 3 million subscribers and he's made nearly 1,300 hundred videos. There are dozens of subreddits focused on lock picking with hundreds of thousands of users. I am not sure what the definition of "every random teenager" really is but I can do web search and find and instructional video, it's good enough for my purposes.
Many, maybe even most of his videos of locks made by companies who sell in common retail outlets demonstrate low skill attacks and still more demonstrate low effort / specialised knowledge attacks. He also has a web store where you can buy a bunch of tools for this.
So even someone like me who has lost most of the use of my right hand can open many of the big name locks on the market without much difficulty. Most cases it's a web search to a video and perhaps next day delivery of a tool kit. Many times the attack is ridiculously trivial and can be done with stuff one might find in your average garage shop.
I mean look at some of his videos... "open with a fork" "open with a shim made out of a coke can" "open with a strong magnet" "open with a lego figure" "open with a spoon" "open by raking with a rake lock pick" "open with a sharp blow with a small hammer" "open by drilling here" "open by grinding this part" "open with a pocket knife" "open with a butter knife" "open with the top of a bic pen"
This stuff has been publicly available for decades. I learned using the MIT Guide to Lock Picking from 1991, and bought a lockpicking set online, and off I went. Nowadays it's just easier and more accessible (like most things).
Of course, that's when they don't have backup key locks; then they have the old vulnerabilities on the top of the new vulnerabilities (shimming, rapping, etc).
I'm wondering what kind of victim free stuff one can easily get away with by picking locks.