Hypocritical locksmith community still promoting security through obscurity

Locks and building security is a funny business. The fundamental goal of a lock is to only let someone with a certain key open that lock. But they are mechanical devices, so there will always be weaknesses and ways to open them without the key – that could be as simple as “carding” the bolt (bypassing the lock altogether) or as complex as single pin picking the cylinder.

The concept of a truly unpickable lock is a fallacy. After all, if a key can open it, something that assimilates the key can also open it. That’s all that lock picking is – assimilating the key. All we can do is make the lock stronger or more pick resistant. This has been going on for years – 100 years ago simple warded lever locks were common, whereas now most house front doors will have a deadlocking nightlatch as well as one or more 5-lever mortise locks incorporating anti-pick features. The silly thing is there is nearly always a window that can be broken right next to the door.

Quite frequently it turns out that locks have design flaws, which make the lock far more vulnerable than it should be. Examples of this are padlock shims, comb picks and the now legendary Kryptonite ball point pen problem. What’s the best policy in these situations? Keep it secret so that not even the bad guys know about it? Or tell everyone so that they can make an informed decision about upgrading their locks? The locksmith community has always promoted the security through obscurity route. Whether this is for the best or not, I don’t know.

One such recent vulnerability has been termed “lock snapping”. This has been known about for years. Most UPVC doors use euro profile lock cylinders – these are oval shaped cylinders which contain just the lock itself, and they are inserted into the door inside of a locking mechanism along with a handle and deadbolt. This allows the user to chose what lock to fit to the door, and makes it easy to replace.

And there is the problem – the cylinder is removable from the lock, and hence vulnerable to attack. There are two basic methods. One is to grab the lock with a pair of mole grips (locking pliers) and bend it backwards and forwards until it snaps in the middle. The other is to drive a hardened steel screw into the keyway, and then you can pull the entire cylinder out, sometimes using mole grips, and sometimes using a slide hammer. This can take less than 30s with practice.

Manufacturers have responded in several ways:

  • Hardened steel escutcheons prevent the lock from being grabbed onto. Generally you can still pull the cylinder with a screw.
  • Sacrificial outer sections snap off first, leaving the locking mechanism intact in the middle (Mul-T-Lock Break Secure). Again, vulnerable to the screw.
  • A laminated steel plate strengthens the cylinder (the CISA Astral range). These can still be snapped.

But as predicted, the locksmith community want to keep this under wraps. I can’t work out why – there are already a large number of burglaries that are carried out using this as the method of entry – the bad guys already know how to do this. Why shouldn’t people be made aware of a problem with their locks that render them practically ineffective?

Last week, a representative from Avocet locks turned up on one of the locksmith forums. He challenged anyone to come to their workshops and try to attack one of their new locks which are supposedly not vulnerable to snapping. As part of this, he posted several videos on youtube showing successful attacks against Cisa and other locks.

These videos seemed to annoy the locksmiths, despite the fact that there are loads of other videos available, and it’s pretty obvious how to do it anyway.

The best bit is, this forum is associated with a company that sells bump keys to anyone who wants them. I detect a certain level of hypocrisy here.


Leave a Reply

Your email will not be published. Name and Email fields are required.

This site uses Akismet to reduce spam. Learn how your comment data is processed.