![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Kwikset "Smartkey" locks vulnerable to some interesting attacks
Yet another DefCon demonstration. In this case, the lock is advertised as secure and flexible because it's easy for the owner to reprogram the lock for a house sitter or whatever, then change the lock back when they need to. It's not a digital lock, needs a key like most others. Two vulnerabilities are demonstrated in videos with this article. The first uses a piercing blade and a hammer, the blade is inserted in the keyway and the hammer whacks it until it pierces the thin metal of the back of the lock. A wire with a loop is then inserted to turn the tailpiece, the thing that actually engages as the lock. Once that's turned, the lock is unlocked and unless there's a very close physical inspection, you can't see that the lock is broken because your key still works in it.
There's another technique that's been around for years called Bumping, after you bump a lock any key will work in it and the lock is physically broken. This is different.
The second technique uses a screwdriver and a pair of pliers. The lock is supposedly rated to 300 pounds-force-inch of torque to turn the cylinder, turns out that it will turn with about a hundred.
Kwikset, of course, denies that these vulnerabilities exist.
http://www.wired.com/threatlevel/2013/08/kwikset-smarkey-lock-vulns/
There's another technique that's been around for years called Bumping, after you bump a lock any key will work in it and the lock is physically broken. This is different.
The second technique uses a screwdriver and a pair of pliers. The lock is supposedly rated to 300 pounds-force-inch of torque to turn the cylinder, turns out that it will turn with about a hundred.
Kwikset, of course, denies that these vulnerabilities exist.
http://www.wired.com/threatlevel/2013/08/kwikset-smarkey-lock-vulns/