Announcement

Collapse
No announcement yet.

Bill Graydon - Defeating Moving Elements in High Security Keys

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bill Graydon - Defeating Moving Elements in High Security Keys

    Bill Graydon - Defeating Moving Elements in High Security Keys


    Bill Graydon, Principal, Physical Security Analytics, GGR Security (He/Him)


    Presentation Title: Defeating Moving Elements in High Security Keys

    Length of presentation: 45 Minutes
    Tool, Exploit



    A recent trend in high security locks is to add a moving element to the key: this prevents casting, 3D printing and many other forms of unauthorised duplication. Pioneered by the Mul-T-Lock Interactive locks, we see the technique used in recent Mul-T-Lock iterations, the Abloy Protec 2 and most recently, the Medeco M4, which is only rolling out to customers now.



    We have identified a major vulnerability in this technology, and have developed a number of techniques to unlock these locks using a key made from a solid piece of material, which defeats all of the benefits of an interactive key. I’ll demonstrate how it can be applied to Mul-T-Lock Interactive, Mul-T-Lock MT5+ and the Medeco M4, allowing keys to be duplicated by casting, 3D printing and more. I’ll also cover other techniques to defeat moving elements in a key, such as printing a compliant mechanism and printing a captive element directly. With this talk, we’re also releasing a web application for anyone to generate 3D printable files based on this exploit.

    Finally, I’ll also discuss the responsible disclosure process, and working with the lock manufacturers to patch the vulnerability and mitigate the risk.







    Speaker Bio:

    Bill Graydon is a principal researcher at GGR Security, where he hacks everything from locks and alarms to critical infrastructure; this has given him some very fine-tuned skills for breaking stuff. He’s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running DEF CON’s Lock Bypass Village. He’s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in cyber security, anti-money laundering, and infectious disease detection.



    https://twitter.com/access_ctrl

    https://github.com/bgraydon

    https://www.youtube.com/channel/UCzZ...oCPFO5g/videos



    REFERENCES:

    [1] B. Graydon and R. Graydon, Duplicating Restricted Mechanical Keys: DEF CON 27, August 8-11, 2019, Las Vegas, NV, USA. Available:https://www.youtube.com/watch?v=ij0c-236O0k




    [2] m010ch, Please Do Not Duplicate Attacking the Knox Box: DEF CON 26, August 9-12, 2018, Las Vegas, NV, USA. Available:https://www.youtube.com/watch?v=f4rPDF993qs




    [3] M. W. Tobias and T. Bluzmanis, Open in Thirty Seconds, Sioux Falls, SD: Pine Hill Press, 2008




    [4] B. A. Nadel, Building Security, New York, NY: McGraw Hill, 2004




    [5] B. Phillips, The Complete Book of Locks and Locksmithing, 7th ed., New York: McGraw-Hill Professional, 2017.




    [6] datagram, "Mul-T-Lock: Design and Security", Oct. 11, 2012. Available: http://www.lockpickingforensics.com/...mul_t_lock.pdf




    [7] S. Hampton, Modern High Security Locks, Boulder, CO: Paladin Press, 2002




    [8] Physical Security, FM 19-30, Department of the Army, Washington, DC, USA, Mar. 1, 1979. [Online]. Available: https://www.jumpjet.info/Emergency-P...l_Security.pdf




    []
Working...
X