Millions of Door Locks Are Easily Hacked

If there’s one common trait that gets us all in trouble when it comes to our security, it’s overconfidence.

We become so certain that our homes, businesses, computers and physical well-being are secure – because we’ve taken steps to create that security – we overlook potential security breaches that are right in front of our eyes.

Here’s an important and timely example.

For most Americans, the first line of defense when it comes to physical security is a fairly simple device.

A device that is so simple, given the hi-tech world we live in today, we take it for granted.

What is that device? The lock on our door.

The lock on all of our doors: Home, office, garage, study, bedroom, and safe/panic room if we’ve created a final defensible space in our home – as we should.

So here’s a question.

When was the last time you investigated how easy it is to hack the locks on your doors?

If you’re like me – yes, I’ll admit it – you haven’t thought about the locks on your doors in a long time.

But now you must.

Not just because you should, but because a security threat to millions of locks across America was revealed at the Def Con hacker conference in Las Vegas last week.

And while I’m going to share a web link so you can see two videos about how easily this common brand of lock is hacked, I want you to investigate the security of the locks you have installed around your home and/or office.

How do you investigate the security of your locks?

Find the brand name of the lock and put that name along with the words “hack” or “pick” or “break” in an Internet search engine. You may be surprised what you learn about the locks you have and how secure – or should I say, insecure – your locks are.

It really is that simple. Simple, but important to your security.

After all, what good is having all the hi-tech security I’ll talk about in the coming weeks and months if a burglar, stalker or home invasion team can easily breach the lock on your door?

Alright, let’s talk about the millions of locks that were revealed as insecure at Def Con.

Here’s how Kim Zetter of Wired magazine started her report, “Millions of Kwikset Smartkey Locks Vulnerable to Hacking, Say Researchers.”

“Locks that are used in millions of homes and residential buildings worldwide and that are designed specifically to thwart hacking are easily opened with both a screwdriver and wire, two researchers say.

“Kwikset smartkey locks are certified Grade 1 security for residential use by the Builders Hardware Manufacturers Association and are advertised by Kwikset as being invulnerable to being hacked with wires, screwdrivers, or anything else inserted in the keyway.

“But that’s not the case, as two noted lock hackers, Marc Weber Tobias and Toby Bluzmanis, demonstrated for WIRED…”

As Zetter points out, Tobias and Bluzmanis are very experienced when it comes to exposing the flaws in all kinds of locks.

“Tobias and Bluzmanis have been cracking locks at Def Con for years, demonstrating the ability to defeat high-security electronic locks used at the White House and other government offices, electro-mechanical locks, deadbolts, and even electronic safes used by millions of consumers.”

How common are the Kwikset smartkey locks?

“The Kwikset smartkey locks, which Kwikset introduced in 2008, have the widest distribution of any locks they’ve tested — Kwikset sells more than 20 million a year.”

Think about that. Since 2008, approximately 20 million of just this one brand of lock have been installed on doors all across America each year. And, as Tobias and Bluzmanis demonstrated at the Def Con hacker conference, the locks are easily hacked – often in just a matter of seconds.

OK. Here’s what I want you to do.

First, go to this web address for the Wired magazine article and watch the two videos on the web page – one at the beginning of the article and one at the end of the article.

http://www.wired.com/threatlevel/2013/08/kwikset-smarkey-lock-vulns/

Second, determine the brand of locks on all of the doors that you rely on to provide for your security. Hopefully, you don’t have Kwikset Smartkey locks.

Third, put that brand name along with the words “hack” or “pick” or “break” in an Internet search engine and review the search results for information concerning the true – not the advertised – security of the locks you are relying on. Look for YouTube.com results that may have videos about hacking your brand of lock.

Finally, if you determine you have a brand of lock that is easily hacked, it’s time to replace that lock as a step toward improving your security.

As I mentioned last week and earlier in this advisory, in the coming weeks and months I’ll discuss many hi-tech issues when it comes to privacy and security. But, given the demonstration at Def Con this past week, it’s important to start with the basics – the locks on your doors.

Be safe and secure,

Rob Douglas


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.