Tweet
Bill Graydon - Defeating Moving Elements in High Security Keys
Bill Graydon, Principal, Physical Security Analytics, GGR Security (He/Him)
Presentation Title: Defeating Moving Elements in High Security Keys
Length of presentation: 45 Minutes
Tool, Exploit
A recent trend in high security locks is to add a moving element to the key: this prevents casting, 3D printing and many other forms of unauthorised duplication. Pioneered by the Mul-T-Lock Interactive locks, we see the technique used in recent Mul-T-Lock iterations, the Abloy Protec 2 and most recently, the Medeco M4, which is only rolling out to customers now.
We have identified a major vulnerability in this technology, and have developed a number of techniques to unlock these locks using a key made from a solid piece of material, which defeats all of the benefits of an interactive key. I’ll demonstrate how it can be applied to Mul-T-Lock Interactive, Mul-T-Lock MT5+ and the Medeco M4, allowing keys to be duplicated by casting, 3D printing and more. I’ll also cover other techniques to defeat moving elements in a key, such as printing a compliant mechanism and printing a captive element directly. With this talk, we’re also releasing a web application for anyone to generate 3D printable files based on this exploit.
Finally, I’ll also discuss the responsible disclosure process, and working with the lock manufacturers to patch the vulnerability and mitigate the risk.
Speaker Bio:
Bill Graydon is a principal researcher at GGR Security, where he hacks everything from locks and alarms to critical infrastructure; this has given him some very fine-tuned skills for breaking stuff. He’s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running DEF CON’s Lock Bypass Village. He’s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in cyber security, anti-money laundering, and infectious disease detection.
https://twitter.com/access_ctrl
https://github.com/bgraydon
https://www.youtube.com/channel/UCzZ...oCPFO5g/videos
REFERENCES:
[1] B. Graydon and R. Graydon, Duplicating Restricted Mechanical Keys: DEF CON 27, August 8-11, 2019, Las Vegas, NV, USA. Available:https://www.youtube.com/watch?v=ij0c-236O0k
[2] m010ch, Please Do Not Duplicate Attacking the Knox Box: DEF CON 26, August 9-12, 2018, Las Vegas, NV, USA. Available:https://www.youtube.com/watch?v=f4rPDF993qs
[3] M. W. Tobias and T. Bluzmanis, Open in Thirty Seconds, Sioux Falls, SD: Pine Hill Press, 2008
[4] B. A. Nadel, Building Security, New York, NY: McGraw Hill, 2004
[5] B. Phillips, The Complete Book of Locks and Locksmithing, 7th ed., New York: McGraw-Hill Professional, 2017.
[6] datagram, "Mul-T-Lock: Design and Security", Oct. 11, 2012. Available: http://www.lockpickingforensics.com/...mul_t_lock.pdf
[7] S. Hampton, Modern High Security Locks, Boulder, CO: Paladin Press, 2002
[8] Physical Security, FM 19-30, Department of the Army, Washington, DC, USA, Mar. 1, 1979. [Online]. Available: https://www.jumpjet.info/Emergency-P...l_Security.pdf
[]
Bill Graydon, Principal, Physical Security Analytics, GGR Security (He/Him)
Presentation Title: Defeating Moving Elements in High Security Keys
Length of presentation: 45 Minutes
Tool, Exploit
A recent trend in high security locks is to add a moving element to the key: this prevents casting, 3D printing and many other forms of unauthorised duplication. Pioneered by the Mul-T-Lock Interactive locks, we see the technique used in recent Mul-T-Lock iterations, the Abloy Protec 2 and most recently, the Medeco M4, which is only rolling out to customers now.
We have identified a major vulnerability in this technology, and have developed a number of techniques to unlock these locks using a key made from a solid piece of material, which defeats all of the benefits of an interactive key. I’ll demonstrate how it can be applied to Mul-T-Lock Interactive, Mul-T-Lock MT5+ and the Medeco M4, allowing keys to be duplicated by casting, 3D printing and more. I’ll also cover other techniques to defeat moving elements in a key, such as printing a compliant mechanism and printing a captive element directly. With this talk, we’re also releasing a web application for anyone to generate 3D printable files based on this exploit.
Finally, I’ll also discuss the responsible disclosure process, and working with the lock manufacturers to patch the vulnerability and mitigate the risk.
Speaker Bio:
Bill Graydon is a principal researcher at GGR Security, where he hacks everything from locks and alarms to critical infrastructure; this has given him some very fine-tuned skills for breaking stuff. He’s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running DEF CON’s Lock Bypass Village. He’s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in cyber security, anti-money laundering, and infectious disease detection.
https://twitter.com/access_ctrl
https://github.com/bgraydon
https://www.youtube.com/channel/UCzZ...oCPFO5g/videos
REFERENCES:
[1] B. Graydon and R. Graydon, Duplicating Restricted Mechanical Keys: DEF CON 27, August 8-11, 2019, Las Vegas, NV, USA. Available:https://www.youtube.com/watch?v=ij0c-236O0k
[2] m010ch, Please Do Not Duplicate Attacking the Knox Box: DEF CON 26, August 9-12, 2018, Las Vegas, NV, USA. Available:https://www.youtube.com/watch?v=f4rPDF993qs
[3] M. W. Tobias and T. Bluzmanis, Open in Thirty Seconds, Sioux Falls, SD: Pine Hill Press, 2008
[4] B. A. Nadel, Building Security, New York, NY: McGraw Hill, 2004
[5] B. Phillips, The Complete Book of Locks and Locksmithing, 7th ed., New York: McGraw-Hill Professional, 2017.
[6] datagram, "Mul-T-Lock: Design and Security", Oct. 11, 2012. Available: http://www.lockpickingforensics.com/...mul_t_lock.pdf
[7] S. Hampton, Modern High Security Locks, Boulder, CO: Paladin Press, 2002
[8] Physical Security, FM 19-30, Department of the Army, Washington, DC, USA, Mar. 1, 1979. [Online]. Available: https://www.jumpjet.info/Emergency-P...l_Security.pdf
[]