|
WELCOME TO
SECURITY.ORG
The Multimedia
Edition of LSS+x, the High Security Supplement to
LSS+,
is now available.
Order
the CD or book.
Check for special
reduced pricing for all Medeco dealers or commercial and
government customers in order to assess postential liability for a
compromise of security
See the ASIS
review of "Open in Thirty Seconds" in the February, 2009
issue of
Security Management magazine
ASIS
Review (pdf)
The CD version
for Government and Locksmiths, is entitled
"THE
COMPROMISE OF MEDECO HIGH SECURITY LOCKS:
New Techniques of
Forced, Covert, and Surreptitious Entry"
LSS+x
Full DVD Jacket design
LSS+x
Table of Contents and Chapter Outline
A few images from the book
are shown below.
Four code setting keys for
Biaxial and m3 locks
Macro of the three standard
rotations
Viewing the gates of an Aft
pin with an Olympus .87mm borescope
Still image from macro video
showing a specially-prepared cylinder to demonstrate setting
the sidebar code and picking the lock. The key at the left
shows the correct sidebar code. Time: under 30 seconds to
open.
Macro video that demonstrates
how we exploited the gate-sidebar leg tolerance.
Diagram of the sidebar in the
Medeco patent
Simulated blank that is a
bump key. It will work in virtually all m3 and many Biaxial
keyways
Simulated blank that is cut
to the vertical and angled bitting of this lock. It works
perfectly. |
THE COMPROMISE OF
MEDECO®
HIGH SECURITY LOCKS: New Techniques of Forced, Covert,
and Surreptitious Entry
Purchase
of the Multimedia edition of LSS+x
requires you to have the companion edition of LSS+.
This new book,
by Marc Weber Tobias and Tobias Bluzmanis, is a culmination
of eighteen months of research by the authors into all
design issues that affect security in the three generations
of Medeco cylinders. It extensively details the security
vulnerabilities of Biaxial, m3, and Bilevel locks to
techniques of forced and covert entry, and the complete
compromise of key control.
All of our
research has been supplied to Medeco, beginning in October,
2006. They were provided with the manuscript, videos, and
test locks and keys, and were asked to voice any objections,
corrections, changes, or to provide any information that
they felt should be included in the book. They have refused
all comment.
Although the
company has not made any public statements with regard to
our findings, they were forced to modify their deadbolt
design in August, 2007, as the result of our disclosure of a
forced entry technique that allows the Maxum and other
cylinders to be opened in seconds with little more than a
two dollar screwdriver. Since the release of those findings
in July, 2007, we have developed three other unique methods
of attack that involve the use of force. These are described
in the text.
The book
contains fourteen chapters, about 400 images, graphics,
tables, charts, and more than thirty video segments. We
document and demonstrate all forms of bypass, including
picking, bumping, decoding of the top level master key in
multiple sidebar code systems, and the creation of a
simulated blank to bypass virtually any m3 and many Biaxial
keyways, including those that are highly restricted.
We describe how
to pick five and six-pin Biaxial and m3 cylinders, often in
less than a minute, with conventional picking tools that are
used in combination with our patent pending code setting
keys. You will learn how to neutralize the sidebar and
slider prior to picking, and to adjust individual rotations
of pins without disturbing other pins that have already been
set. We explore in detail what we believe to be a
fundamental flaw in the Medeco design that dates back forty
years. We exploit this flaw to allow bumping and
picking of virtually all of their locks.
An extensive
analysis of second and third generation Medeco codes has
allowed us to develop four keys that can be used to bump and
pick virtually all non-master keyed Biaxial and m3 locks
that were pinned to codes in the codebook prior to December,
2007. A maximum of sixteen keys will accomplish the same
result for new locks that are pinned to Generation-3 codes
in 2008. We also describe other methods to pick virtually
all Medeco pin tumbler cylinders (master and non-master
keyed) by exploiting other design characteristics.
We document four
new methods of forced entry that can result in bypassing the
Biaxial, m3, and Bilevel cylinders in deadbolt, rim,
mortise, and IC configurations. Some of these techniques can
be accomplished very quickly, with little skill and even
fewer tools. We describe how rim, mortise, and IC cylinders
are subject to a hybrid attack that can place at risk the
security of any facility that employs them. Finally, we
examine the Bilevel cylinder and why it can adversely impact
the security of any m3 system.
We filed lengthily
patent applications to cover multiple methods of covert and
forced entry, and to protect against these same methods of
attack.
LSS+ 2008
will be released at ALOA on June 19, 2008. This latest
version contains three new volumes and approximately eight
hours of new video segments with regard to access control,
forced and covert entry, and other topics.
Master
video listing for LSS+
Master
list of updates for LSS+
from Version 5.0 |
See The
Sidebar for more information on LSS+x and LSS+
2008, and an upcoming two-part response to the editorial in the
NDE magazine by Medeco.
Security.Org contains data about locks, safes, and bypass tools, and is the
supplement to the second edition of Locks, Safes, and Security: An
International Police Reference, published by Charles
C. Thomas, Publishers.
The site provides
detailed information to law enforcement and government agencies,
security professionals, locksmiths, and safe and vault technicians
regarding the security and bypass of locks and safes throughout
the world. Sophisticated search tools allow the retrieval of text,
images and video materials pertaining to high security locks,
bypass tools and techniques, as well as comprehensive reference
information about locking mechanisms.
Locks, Safes,
and Security is a treatise on the history, technology and
bypass of locks and safes. It provides extremely detailed
information for security and law enforcement professionals. The
book may be previewed on-line.
LSS+
2008 is the
ELECTRONIC INFOBASE edition of Locks, Safes, and Security.
It was originally released in July, 2002, and is comprised of
eighteen volumes (GOVERNMENT VERSION) that contain 5000 new images, enhanced graphics, and
approximately sixty hours of audio and video. There are
four books contained within the INFOBASE, including two treatises
on locks and safes that were written at the height of the
industrial revolution in England. A special
D.A.M.E. (Defenses Against Methods of Entry) supplement
(LSS501, LSS502) in conjunction with the DAME course taught by
Harry Sher, was originally released in July, 2005 and has
been updated in three different editions. The 2010 release now
contains 79 video segments detailing many forms of bypass
and related issues.
Reviews
of Locks, Safes, and Security, and LSS+
|
|
Information contained
within this site may be quickly accessed through the link icons at
the top of the screen. SEARCH tools, relating to locks, safes, and
bypass tools, have been preformatted, and are organized by desired
search result. LSS BOOK provides information about Locks,
Safes, and Security. Search tools allow an on-line
search of the book by its index entries, or by key word. SECURITY provides access to alerts, reports, and hyperlinks to sites of
interest. BYPASS TOOLS offers information about three
manufacturers and vendors of tools for the bypass of locks. LSS-CD contains an on-line tutorial about LSS+, as well as order forms and
registration information.
We hope this site
assists you. Your comments and suggestions are welcome. ®
Medeco is a registered trademark of Medeco Security Locks,
Inc. |
