back to article Take your pick: 'Hack-proof' blockchain-powered padlock defeated by Bluetooth replay attack or 1kg lump hammer

A "hack-proof" smart padlock with security based on blockchain technology could be defeated by a simple Bluetooth replay attack – or a 1kg lump hammer. The 360lock, a technologically enabled padlock (why?) was advertised by its creators as "completely hacking proof" and incorporating blockchain technology as used in the …

  1. jake Silver badge

    How was this missed? Daft question.

    It wasn't missed. The locks are intended to be sold to clueless idiots, not intelligent people. There is a vast market of clueless idiots, but not quite so many intelligent people. Who would the proverbial thinking man choose to market at? Especially if you can build a product down to a price, and then mark it up several thousand percent? It might be a short-term market, but the near-term profit should be magnificent! And the best thing is, that with a simple re-design and a slightly different buzzword filled marketing campaign you can sell it again and again! And it's perfectly legal. Cool, eh?

    See IoT, iFads and various other scams marketing triumphs.

    1. Anonymous Coward
      Anonymous Coward

      Re: How was this missed? Daft question.

      The locks are intended to be sold to clueless idiots, not intelligent people. There is a vast market of clueless idiots, but not quite so many intelligent people

      Yup, this stellar example of cutting edge tech is on Kickstarter, the go-to place for the gullibly enthusiastic. I don't really need to say any more do I...

    2. Anonymous Coward
      Anonymous Coward

      @jake - Re: How was this missed? Daft question.

      Idiots, especially clueless ones are a valuable economic resource. Same as oil for example but with advantage it is renewable. If I recall correctly, somebody once said a sucker is born every 5 minutes.

      1. jake Silver badge

        Re: @jake - How was this missed? Daft question.

        "If I recall correctly, somebody once said a sucker is born every 5 minutes."

        The canonical quote is "There's a sucker born every minute.", supposedly said by one PT Barnum (you may have heard of him).

        However, apparently it was actually said about Barnum, by David Hannum, in reference to Barnum's part in the Cardiff Giant hoax. Or so the story goes. My gut feeling is that the very same phrase was in widespread use long before humans invented writing.

        1. BillG
          Happy

          Groucho

          You can fool some of the people all of the time

          And all of the people some of the time

          And from that you can make a pretty good living.

      2. Dr Dan Holdsworth
        FAIL

        Re: @jake - How was this missed? Daft question.

        Actually the lock-making company Masterlock has for a very long time worked on the principle that 99% of the time the people they are aiming to defeat are in fact quite stunningly stupid, and unable to watch YouTube videos on how to pick locks (or, in the case of one especially crap series of Masterlock padlocks, unable to buy a specially designed defeat device).

        Padlocks which are nigh-on unpickable do exist; disc detainer locks such as those made by Abloy are well known for being extremely difficult to break, cut, destroy or pick and they are not much more expensive than truly bad designs of lock. It is just that most of the time, a crap padlock will defeat a twit of a thief.

        1. MachDiamond Silver badge

          Re: @jake - How was this missed? Daft question.

          "disc detainer locks such as those made by Abloy"

          Again, a trip to The Lock Picking Lawyer on YouTube and a small purchase at Sparrow (and some practice) the the lock is toast.

        2. Loyal Commenter Silver badge

          Re: @jake - How was this missed? Daft question.

          I wasn't sure what type of lock a "disc detainer lock" was, so I googled it. The second sponsored ad at the top of the page was, for sale, a disc detainer lock, and picking tool for such, for "training purposes".

          I think maybe the phrase you were looking for was "nigh-on easily pickable"?

  2. Rich 2 Silver badge

    Sounds familiar

    Wasn’t there a very similar product to this about a year or so ago? And that too was exposed as being utter crap.

    Of course, why the hell you would want a Bluetooth (Or any other techie nonsense) connected padlock is beyond me. Oh - got to go - just received a video email (powered by blockchain, natch) telling me the kettle has boiled!

    1. CountCadaver Bronze badge

      Re: Sounds familiar

      I could see a point for a job site storage container etc, where you could give certain people access on a one off or time controlled basis and revoke their access remotely, or even a home product - friend needs to borrow something, rings you, "i'll give you access remotely, just snap the lock shut when you get what you need"

      1. Doctor Syntax Silver badge

        Re: Sounds familiar

        It sounds as if you're thinking of something more than Bluetooth.

        1. Chris 125

          Re: Sounds familiar

          Indeed. In fact Bluetooth would only work if you were nearby the lock, in which case just give them the key.

          I have a smartlock on my house, it's ZWave controlled. I can open the door remotely if needed, such as a locked out child who forgot their key.

          I don't believe it to be unhackable, but it's certainly more secure than the cylinder locks that are installed by default. Can't snap the lock if there's nothing to snap. It would take a lot of knowledge of how the system works to gain entry and to be quite honest in that time someone will have probably just thrown a brick through the window, or used a blowtorch on the UPVC, or one of the other attack methods that's much easier than sitting there with a laptop.

          1. TRT Silver badge

            Re: Sounds familiar

            I find that it only takes one instance of a child being locked out of the house and having to sit on the doorstep in the cold doing their homework until I get home from work at the usual time. After that they tend to take better care of their keys / double check before leaving the house.

          2. Yet Another Anonymous coward Silver badge

            Re: Sounds familiar

            >Indeed. In fact Bluetooth would only work if you were nearby the lock, in which case just give them the key.

            Not if you designed it properly (ie employed a 5 year old or reasonably intelligent Labrador)

            The lock has a key generator synced once to the app on your phone, you can generate a valid key and email to your mate. The lock recognises the key code and opens. Extra points if the code is only valid once or for a certain period of time.

            1. Alan Brown Silver badge

              Re: Sounds familiar

              "Extra points if the code is only valid once or for a certain period of time."

              And if the lock happens to be on YOUR F35, with the key generators all owned by the US State Department?

              (yes, really)

          3. Anonymous Coward
            Anonymous Coward

            @Chris 125 - Re: Sounds familiar

            Up-voted for your honesty.

          4. Loyal Commenter Silver badge

            Re: Sounds familiar

            I don't believe it to be unhackable, but it's certainly more secure than the cylinder locks that are installed by default.

            I believe both have exactly the same level of security when it comes to a lump-hammer applied to the hinges on the other side of the door. Or, if you prefer the official tool of the constabulary, the "big red door knocker".

        2. CountCadaver Bronze badge

          Re: Sounds familiar

          Not really, I have seen some sold that are linked to an app and you can add/remove users remotely, they install the app, accessed granted on a one or multiple time basis and shows who has accessed and when.

          How good the lock is...is another question

          1. jake Silver badge

            Re: Sounds familiar

            "Not really, I have seen some sold that are linked to an app and you can add/remove users remotely, they install the app, accessed granted on a one or multiple time basis and shows who has accessed and when."

            Why on earth would I need such a thing? And why would I expect somebody to automatically trust me when I tell them they need to install a third-party app? So many things to go wrong, at so many levels.

    2. katrinab Silver badge
      Unhappy

      Re: Sounds familiar

      Lockpicking Lawyer has loads of them, though usually they take a little more than 9 seconds to open.

      1. quxinot Silver badge

        Re: Sounds familiar

        Anyone familiar with locksmithing will know that there's no such thing as an undefeatable padlock.

        Anyone familiar with computing securty will know something very similar.

        So the makers are either exceedingly cynical and marketing to those who know no different, or are going into business in an area in which they are terribly uninformed.

        1. Version 1.0 Silver badge

          Re: Sounds familiar

          Even the Dwarves doors were easily hacked in the Lord of the Rings.

          1. Simon Ward

            Re: Sounds familiar

            Yeah, but they didn't have blockchain did they?

            Rookie mistake, that.

            1. Andy The Hat Silver badge

              Re: Sounds familiar

              But I believe the Dwarf entrance used light reflected off the moon so technically they needed a Sun workstation to crack it ...

              1. Roger Kynaston Bronze badge
                Happy

                Re: Sounds familiar

                upvoted but they might have been using this.

                https://mithril.js.org/

                I have no connection to this project and even less idea of what it does - duckduckgo finds it though.

            2. 080

              Re: Sounds familiar

              How much a metre is this blockchain stuff, I'll get some for securing my ladder.

          2. TRT Silver badge

            Re: Sounds familiar

            Yeah... dwarfish thoughts about making something proof against hacking tends to revolve around axes.

        2. ibmalone Silver badge

          Re: Sounds familiar

          There are traditional padlocks that are very hard to defeat, and there is such a thing as strong cryptography (this being elReg I'm sure there will be people who insist that they only do banking transactions face to face, but most of us rely on computer security to look after our bank accounts). Combining the two at a given price point though... it means needing multiple engineering disciplines and extra components to marry the two together, which means more points for vulnerabilities. The best illustration of this (but not the only problem) is that many have a mechanical bypass for when the electronics don't work, you now have two opening mechanisms to attack before even contemplating the physical security blunders many of them have.

          I'm sure a secure electronic lock can be built (comparably secure to a mechanical one), it just doesn't seem that anyone has any interest in making one commercially viable.

          Oh, and blockchain. Reminds me of an argument last year about blockchain being the solution to every problem relating to electronic voting. "You can't be sure the software hasn't been compromised" "Yes you can because blockchain". Right have fun with that.

          1. fajensen Silver badge
            Pint

            Re: Sounds familiar

            The one problem electronic voting does solve solve is that the losers does not get their fweelings hurt by having their little faces rubbed in tiresome facts like maybe they ran a rubbish candidate or their program was shite or maybe everyone by now just hates their guts and wants them Gone!

            Instead they can blame The Russians for their losses and argue endlessly on how they actually won!

            1. NoKangaroosInAustria

              Re: Sounds familiar

              ...Instead and they can partly blame the Russians for their losses...

              Because, let's be honest, the Russians did meddle in their 2016 elections, so at least part of the blame should be assigned to them. And let's also not forget that the "shite candidate" was able to get more actual votes from real people - which in most (other) modern democracies is interpreted as the will of the people.

              But i'm puzzled, how on earth did we get from Padlocks to Politics?

              1. MachDiamond Silver badge

                Re: Sounds familiar

                And let's also not forget that the "shite candidate" was able to get more actual votes from real people"

                Which "shite" candidate? They were both very compromised and the "also-ran" political parties were major whack-a-doodles.

          2. NoKangaroosInAustria
            Joke

            Re: Sounds familiar

            There's an XKCD for that: https://xkcd.com/2030/

            Not quite padlocks, but close.

            1. ibmalone Silver badge
              Facepalm

              Re: Sounds familiar

              By no great coincidence, that is the very XKCD I had brought up before being told how blockchain would solve everything.

      2. DCFusor Silver badge

        Re: Sounds familiar

        LPL totally rocks - and counts the prep time most often.

        But here, I think we have a relevant saying I first heard from Bruce Schneieir -

        (paraphrased) - Anyone can create a code they can't break themselves.

        Taking that one more step of indirection - these guys probably couldn't come up with a replay attack themselves. You'd have to understand BT a little, rather than just buy a chip and stick it in, and then use apis from a pre-written framework library for some app. The inner workings of such things may as well be magic to most people - even developers, though they don't like to admit it.

        As to the hammer, well...(it's probably noisy)

        Often the lock isn't even the thing you bypass. Deviant Olam..hinge pins, under door tools, and the rest of a long list.

        I've seen massive locks on a chain link fence that a decent set of wire cutters would make a hole in. Or just pliers to untwist the twist ties holding the chain link to the posts..

        1. ibmalone Silver badge

          Re: Sounds familiar

          The thing is, if they have such a poor understanding then they shouldn't be selling locks based on it. You don't even need to understand the actual bluetooth stack to come up with a secure scheme, just use it as your transport protocol and put something that's actually secure on top of it (which does not re-use tokens, and no I wouldn't trust these people to achieve that securely either, but a replay attack is the digital equivalent of a shimmable lock).

        2. MachDiamond Silver badge

          Re: Sounds familiar

          Deviant Olam is a great presenter. I am really missing all of the hacker cons this year. (and the scotch).

      3. Anonymous Coward
        Anonymous Coward

        Re: Sounds familiar

        Thanks to LPL and his video's, I've attended a few InfoSec sessions on lock picking and advanced lock picking. It's actually really good fun and most locksmiths will provide you with the padlocks and barrels for the price of scrap - so you have things to practice on.

        I wanted initially to get one of those clear ones but the lock picker teacher I had said its better to listen to the pins and feel.

        Good fun. This blue tooth lock is pointless. Apart from the fact the battery will eventually die (my Tile tags have done so after a few years). The lock can be broken with a bolt cutter - if you just want to get into the thing. We used to have a fancy round lock on the caravan hitch lock but we had lost the key. It took a few seconds of bolt cutting. If someone wants in, they'll get in...

        1. Anonymous Coward
          Anonymous Coward

          Re: Sounds familiar

          My cousin is a locksmith and he taunted me that he could defeat the lock on my shed, he tried to pick it and failed probably because its hard when someone is laughing fit to burst next to him, then he used his angle grinder.

          He did give me another lock though !

          Then he told me to not worry to much about getting one of those closed shackle padlock or a fancy hasp where only the key part is accessible. He said you have a wooden shed, its more of a deterrent than actual security.

          p.s No Thief is going to be using a angle grinder at 3am to break into my shed so i thought he cheated.

          1. MachDiamond Silver badge

            Re: Sounds familiar

            "p.s No Thief is going to be using a angle grinder at 3am to break into my shed so i thought he cheated.

            Yes, but they might peel off some plywood or shim a window instead.

            The quality of the lock has to be proportionate to the ease of other entry. I'm not going to put £200 locks on my front door. If I'm not home, it means somebody is going in through a window or the wall and nicking my stuff anyway. A less expensive lock will be cheaper to replace than the window or wall. My stuff is history either way. These days I'd be lucky to get the filth by to take a report and that would just be to have something official to hand the insurance company.

      4. 080

        Re: Sounds familiar

        He also bypassed a combination lock quicker than he could open it with the combination!

      5. MachDiamond Silver badge

        Re: Sounds familiar

        "Lockpicking Lawyer has loads of them"

        LPL and Bosnian Bill have often stated that the high-tech locks mostly lack any of the long history of lock making art. They offer some nebulous "advantage" wrapped up in bent sheet metal or that cheap Zamak alloy. Too bad the test didn't also try a small pocket torch burner.

        I can't recall any times when I wanted to give somebody a one time option to open any lock I have had on something (business and personal). I have a couple of friends that have keys to my house for emergencies. I trust them all of the time. I also have keys to other people's homes, just in case.

        The chances that my phone will be dead or missing is far greater than a physical key being unavailable.

    3. Anonymous Coward
      Anonymous Coward

      Re: Wasn’t there a very similar product to this about a year or so ago?

      Why is it that the Nigerian scams are still successful (first one I saw was around 1990, POSTED to my father, we had a good laugh) Why is it that billions of people are on facebook. Why billions download and install useless, often scummy, but FREE!!!!! apps, etc. etc. Is there any natural pattern here or conspiracy perhaps? ;)

      1. Anonymous Coward
        Anonymous Coward

        Re: Wasn’t there a very similar product to this about a year or so ago?

        >Why billions download and install useless, often scummy, but FREE!!!!! apps, etc. etc. I

        Because the site said Flash was required.

      2. Anonymous Coward
        Anonymous Coward

        @AC - Re: Wasn’t there a very similar product to this about a year or so ago?

        "Two things are infinite: the universe and human stupidity; and I'm not sure about the universe." - Albert Einstein

        1. jake Silver badge

          Re: @AC - Wasn’t there a very similar product to this about a year or so ago?

          "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." —Albert Einstein (supposedly)

          "Apart from hydrogen, the most common thing in the universe is stupidity." —Harlan Ellison

          "There is more stupidity than hydrogen in the universe, and it has a longer shelf life." —Frank Zappa

    4. JimboSmith Silver badge

      Re: Sounds familiar

      Once upon a time I was working at a retail establishment where the shop operated on two floors. The other two floors had two flats on them accessed by a doorway next to the shop and a long corridor. All the electricity meters, master fuses and master switch for the whole building were at the wrong end of the corridor. The shop is being refurbished and there are a few shopfitters there during the day. Whereupon the power went out and I got a call on my lunch break informing me of this.

      There was a panel in the shop but nothing had tripped on that so I'd need to get into the corridor of the flats. There's a combination key safe hidden in the doorway and I'm supposed to have the code in case of emergencies. Tried the code I had and nothing opened which was frustrating so called the landlord. The jovial Irishman informed me that he'd replaced the original one after discovering "It was shite". The thick metal case was crap and easily bendable/breakable with most tools, or dropping it onto a concrete surface. Meaning you could open it very easily.

      His 'mate' had apparently sold him a few of them and he said laughing that....."They can't have fallen off the back of a lorry because they'd just have broken."

      Turned out there was an electrician working upstairs in one flat who'd turned off the juice to the whole buidling not just that flat.

      1. MachDiamond Silver badge

        Re: Sounds familiar

        " There's a combination key safe hidden in the doorway and I'm supposed to have the code in case of emergencies. "

        Here's where watching Deviant Olam comes into play. He shows real building with nice locks fitted and a whole array of key safes attached next to the door that can be opened by sneezing on them. The more active the building, the more there are of these box. Dev just looks at them to see which one uses a key he has on his key ring. He's not going to stand there trying to pick the quality lock on the door.

    5. Giles C Bronze badge

      Re: Sounds familiar

      Yes, the smart lock that can be opened with a screwdriver

      https://www.theregister.com/2018/06/15/taplock_broken_screwdriver/

  3. Scott 26

    "Nothing on 1, click on 2.... SMASH!"

    1. Andy Landy

      in any case, that's all I have for you today :)

    2. Mongrel

      You may want to check out his Ramset videos, he's fine with a little physicality to bypass a lock.

      Also Lego Spacemen...

    3. MachDiamond Silver badge

      First I'll try a pick in .223.........

  4. BPontius

    I counted two hits with the hammer. Who makes a security lock out of plastic, then has the arrogance to call it 'hack-proof'?

    1. Anonymous Coward
      Anonymous Coward

      "I counted two hits with the hammer."

      Yep, me too. Also what is the 'connector' of a padlock?

      If anything I'd assume it meant the shackle, but on the video it looks like it is the hasp that breaks rather than the lock itself.

      1. Lord Elpuss Silver badge

        ^ This. I have no doubt this padlock is sh*t beyond words, but all that video demonstrated was that the hasp the padlock was fitted to could be broken; not the padlock itself.

        1. Anonymous Coward
          Anonymous Coward

          If you freeze fame as the padlock flies off you can see that the shackle is broken.

        2. ibmalone Silver badge

          The hasp is part of the bike lock I think, so still a fail if that's the case. (Have looked at the video in slow motion and don't think the shackle breaks. There's some kind of collar on one side which means you see a dark line when it's spinning round.)

          The biggest physical crime though (if making a lock from zinc wasn't bad enough) is being able to get into the electronics and locking mechanism with a screwdriver. Seems to be the case with a lot of 'electronic' locks that they're constructed the same as other consumer electronics, just attached to a locking mechanism.

          As for cutting yes, you will be able to cut any lock with the right tools, but you're going to have a much harder time doing it with well hardened steel. LPL aficionados will be familiar with his hydraulic cutter series, they have failed (just not on padlock shackles) https://www.youtube.com/watch?v=lvn3_CNVSFs

    2. TheProf Silver badge
      Facepalm

      Suspiciously Short YouTube Video Alert

      I played the video at slow speed and it looked to me as if it was the eyelet the lock was connected to that broke off.

      Why didn't he wave the broken padlock in front of the camera? Most YT videos take 20 minutes just to say 'hello'.

      Still. Bluetooth 'security' for a padlock.

      1. idiottaxpayerhere previously ishtiaq/theghostdeejay

        Re: Suspiciously Short YouTube Video Alert

        @TheProf

        I am glad I was not the only one to think same as you.

        And to call that plastic/rubber hammer thing a "lump hammer"? Anyone who believes that has obviously never worked in an engineering environment.

        Cheers…. Ishy

      2. fidodogbreath Silver badge

        Re: Suspiciously Short YouTube Video Alert

        He didn't even remind viewers to like and subscribe. Clearly a fake.

  5. beep54
    FAIL

    I've come to believe

    that anything labeled smart [something] should have the word smart prominently in quotes.

    1. Jimmy2Cows Silver badge

      Re: I've come to believe

      "Smart" product nomenclature is a convenient warning to intelligent people to ignore the product. Smart meters being a great example.

    2. fajensen Silver badge
      Boffin

      Re: I've come to believe

      Whenever an adjective is used for marketing or in naming a protocol, it's meaining becomes inverted!

  6. nautica
    Happy

    "...so bad, it's not even wrong."--Wolfgang Pauli

    I wonder at the correlation between crap like this ("technology", and otherwise) becoming--disturbingly--more and more prevalent, and the almost infinite (well, in the billions, anyway) number of 'borgs and 'hive-minds' who subscribe to Facebook; and who might as well have a phone grafted to the side of their head, to boot (I REFUSE to refer to those things as smartphones; most all who use them are dumber than a box of rocks. "Smart" only refers to the people who make and sell the things).

    TTFN.

    1. idiottaxpayerhere previously ishtiaq/theghostdeejay

      Re: "...so bad, it's not even wrong."--Wolfgang Pauli

      @nautica

      (I REFUSE to refer to those things as smartphones; most all who use them are dumber than a box of rocks. "Smart" only refers to the people who make and sell the things).

      I go on bended knees and abase myself before your obvious superiority.

      There are 4 of us that have equal shares in our business. We make a profit margin that would make Apple envious. Our customers are happy as they run a profit margin that makes us envious.

      My son uses Facebook and several other suchlike sites. (I think Discord is the flavour of the month.) He mostly uses an iPad. His telephone, like ours, is usually in his pocket. Oh and he has a B.Sc.

      So,, smartphones are for dumb rocks?

      Cheers… Ishy

      1. MachDiamond Silver badge

        Re: "...so bad, it's not even wrong."--Wolfgang Pauli

        "My son uses Facebook and several other suchlike sites. (I think Discord is the flavour of the month.)"

        Think of how much more that could be accomplished if he didn't. (as I burn up time here on El Reg)

  7. Danny 2 Silver badge

    Confessions of a bolt cutter

    Lock picking is difficult, it's easier and quicker to use a bolt cutter to, you know, cut through the bolt.

    I've cut through a load of padlocks with ease using £10 bolt cutters, mostly at military sites, and so I learned which products to buy to deter my peers.

    I just gave my last one away to Extinction Rebellion Scotland so I forget the padlock brand, but it has an octagonal shaft with a stainless steel alloy. I bought mine in B&Q for about £20, and I couldn't cut through them.

    I am much amused that people pay more for bike locks that have in-built alarms. They are less than useless. If your bike costs more than your lock then consider bringing it indoors.

    [ETA: I don't think this is it, but it's similar ]

    1. DS999

      Re: Confessions of a bolt cutter

      Lock picking is not difficult, at least not for the sorts of standard locks on a padlock, office door or the sort of home deadbolt you'd buy at Lowes if you were only looking at the big name / low price area.

      Took me a couple hours to learn and get the feel of it, then I was able to pick most locks in 15-30 seconds. I lost my lock pick set so I haven't done it in years, but I have no doubt I'd be able to relearn quickly if I could be bothered to. A bolt cutter may be quicker, but it also renders the padlock unusable. If I pick one even if I don't have the key I still have a padlock I can attach to something I want to keep secure from anyone who doesn't know how to pick locks or isn't worried if someone sees them carrying a 10 pound bolt cutter around.

      1. Danny 2 Silver badge

        Re: Confessions of a bolt cutter

        I used to leave a new padlock and keys whenever I cut one. I've never successfully picked a lock so kudos to you for mastering that skill. Jackets hide bolt cutters.

        All the skills I learned as a peace protester would make me a formidable burglar, but luckily I am lazy and not envious.

        1. seven of five Silver badge

          Re: Confessions of a bolt cutter

          > I've never successfully picked a lock so kudos to you for mastering that skill.

          Start with cheap padlocks held in a vice so you can use both hands. Then got for one handed, then more expensive locks. Some people (my son [1]) find more expensive locks easier to open as they have less slack. Personally, I am much better with my eyes closed.

          It is really not that hard.

          [1] oh how the wife loved it when I showed him how to do that: "Why did you have to show this to him?! [short pause] And why do YOU know to do this?" :)

          1. jake Silver badge

            Re: Confessions of a bolt cutter

            Start with desk and file cabinet locks. They are easier than most padlocks, thus giving an easy rush of accompishment, and are their own built-in vice.

            1. Danny 2 Silver badge

              Re: Confessions of a bolt cutter

              Hiya Jake,

              I'm wary of responding because I was downvoted for recommending a padlock, and this rambling won't endear me.

              I used to be dexterous, I could solder small cubes of wire together. I enjoyed learning about lockpicking but I never mastered it. I never spent much time learning how to pick locks because I worked around them. I invented a pocket ladder to get over MoD fences to avoid vandalism charges for breaking locks or cutting fences.

              A "common criminal" I met recommended freezer spray to make locks brittle before smashing them with a hammer - unsubtle, but I was impressed someone outwith the electronics industry knew about freezer spray.

              Bike theft is the most common crime in Amsterdam, the stolen bikes are sold on 'Junkie Bridge' by, you know, junkies. Most bikes in Amsterdam are stolen, and so cheap to buy second hand that it's barely worth locking. Instead people who love their bikes weld features on them to make them distinct - a neighbour had huge metal antlers on their handlebars, which was funny but obviously dangerous.

              Locks give a false sense of security, but if they are easy to pick then it's a testament to human decency that they aren't picked more. Saying that I caught two local young men trying to break into my parents house and I beat them up. Funnily enough they threatened to call the cops on me. As if. Years later and they are still very polite to me in passing.

              1. Anonymous Coward
                Anonymous Coward

                Re: Confessions of a bolt cutter

                "Saying that I caught two local young men trying to break into my parents house and I beat them up."

                Interesting how you talk about cutting locks to break into military sites, but beat up guys who were breaking in to your parents place. Maybe they didn't agree with something your parents were doing so had the belief that they were allowed to break in and disturb things?

                1. Danny 2 Silver badge

                  Re: Confessions of a bolt cutter

                  Whit a weird comment, no wonder you chose anonymous. Coward.

                  I think there is an obvious moral distinction between breaking into a military site as a peace protester and breaking into elderly folks homes to rob them.

                  1. This post has been deleted by its author

                2. Sam Liddicott

                  Re: Confessions of a bolt cutter

                  Possibly they were of the belief that he served their interests and not the other way around.

              2. Anonymous Coward
                Anonymous Coward

                Re: Confessions of a bolt cutter

                >Bike theft is the most common crime in Amsterdam

                Same here in Vancouver.

                It's considered polite to buy obviously stolen bikes from junkies for $10 and post them on the local bike forums for the original owners to collect.

              3. Pat Att

                Re: Confessions of a bolt cutter

                I suspect your downvotes were because of your support for Extinction Rebellion. Just a guess though.

                1. Danny 2 Silver badge

                  Re: Confessions of a bolt cutter

                  That makes sense Pat, although I have to point out it was XR Scotland who claim to dislike and be different from XR UK. Plus I didn't teach them NVDA techniques, I merely passed on some old gear.

                  It's 20°C in Edinburgh just now, that is just unacceptably warm in September. That probably seems reasonable for non-Scots so I expect an influx of climate refugees. I'm aiming for Finland.

              4. Alan Brown Silver badge

                Re: Confessions of a bolt cutter

                > the stolen bikes are sold on 'Junkie Bridge' by, you know, junkies. Most bikes in Amsterdam are stolen, and so cheap to buy second hand that it's barely worth locking.

                There are more bikes reported stolen in Amsterdam each year than there are bikes in Amsterdam. When I lived there the standard joke was that the same bike could be sold off junkie bridge 3 times in one day

            2. seven of five Silver badge

              Re: Confessions of a bolt cutter

              Sure, but we do not have these at home. Cheap padlocks can be bought almost everywhere.

          2. MachDiamond Silver badge

            Re: Confessions of a bolt cutter

            "[1] oh how the wife loved it when I showed him how to do that: "Why did you have to show this to him?! [short pause] And why do YOU know to do this?" :)"

            It's a useful skill and it also illustrates the frailties of cheap mechanical items.

            The "bad" guys know these things and if you want to protect yourself and your stuff, you need to know what the bad guy is going to to.

            I can't count how many times I've needed to pick or bypass a lock on a server box or other computer, rack, cage, etc. When employees leave they may hand in their keys to HR, but HR then promptly tosses them in a big box or "misplaces" them and it's faster to pick the lock. The lock cylinder can then be replaced in a minute with a one that has a known key. Same goes for desks and laptop tethers.

      2. jake Silver badge

        Re: Confessions of a bolt cutter

        "I lost my lock pick set"

        You remember what they look like, right? Make your own. Cast-off street-sweeper tines are free and just about the perfect raw material. A Dremel will shape them easily. They don't have to be perfect to work nicely. Smoothish usually helps, though. And keep them lightly oiled or they will rust (very lightly oiled ... I "season" mine just like a cast iron skillet, and wick off the excess by covering in paper towels overnight).

        1. DS999

          Re: Confessions of a bolt cutter

          Well I know they are somewhere in my house. I just don't know where :)

          Without having any locks I've needed to pick for a long time, I haven't ever really looked that hard for them. I assume they will turn up someday. I very much doubt I could make my own that would function as well - I think part of the reason I was so successful is that that it was a pretty high quality set. As evidenced in this thread others haven't found it as easy as I did, and I'll bet the pick set I had versus whatever they were using is a lot of the reason - I doubt there's much "natural ability" for something like that.

          1. Symon Silver badge
            Coat

            Re: Confessions of a bolt cutter

            "I just don't know where" Locked in the safe? --->

            1. Anonymous Coward
              Anonymous Coward

              Re: Confessions of a bolt cutter

              A former neighbor of mine was a locksmith. I ran into him outside the grocery store one day as he was standing outside his truck (pickup truck, with topper and prominent decals advertising his locksmith business). He had accidentally locked his keys in the truck*. Unfortunately, his locksmithing tools were also locked in the truck.

              He resolved the problem quickly thanks to a borrowed wire coat hanger and the triangular vent windows on the F150.

              *often happened in that region/era. Most pickups were unlocked at all times, and if the keys were not in the ignition, they were in the seat pocket. You might be wondering how theft was deterred. Well, we had a facial recognition system for that. If you saw Bill's truck going down the road, but it wasn't Bill driving it, you asked some questions.

          2. Yet Another Anonymous coward Silver badge

            Re: Confessions of a bolt cutter

            >Well I know they are somewhere in my house. I just don't know where :)

            Then you need my new Bluetooth(tm) lockpick finder app

            It uses blockchain, IoT, cloud and object-orientated magic pixies to locate your lock picks using your phone

            1. Alan Brown Silver badge

              Re: Confessions of a bolt cutter

              > object-orientated magic pixies

              Beware of pictsies, they fixate on objects like sheep

              1. MachDiamond Silver badge

                Re: Confessions of a bolt cutter

                "Beware of pictsies, they fixate on objects like sheep"

                Aye, sheep.

                There is also the problem with the stealing, fighting and drinking too.

        2. Pat Att

          Re: Confessions of a bolt cutter

          Lock picks are so cheap you may as well just buy them. I think you have different sweepers in the USA too, as I've never seen such things on the roads in the UK.

          1. jake Silver badge

            Re: Confessions of a bolt cutter

            I'm pretty certain the mechanical street sweeper was invented in Blighty ... wasn't it one of Whitworth's many contributions to the modern world?

            1. Pat Att

              Re: Confessions of a bolt cutter

              You may be right. The only sweepers I've seen though seem to have brushes with plastic bristles on. It's popular in the lock picking community to use the stainless steel strips found in wiper blades as tension tools, but I've not seen them used as picks. They might be a bit too thick, and they'd certainly need a handle of some kind added too.

        3. MachDiamond Silver badge

          Re: Confessions of a bolt cutter

          "You remember what they look like, right? Make your own."

          A cheap set on AliBaba is much easier.

          I like to make some things, but for something like a lock pick set, it's too cheap to buy. I "could" take a tool steel bar and grind up a very nice flathead screwdriver that will last for hundreds of years, but my time is better spent buying the screwdriver and getting on with the project I need it for.

          In a pinch when you are caught out, those street sweeper bristles are really good material just lying about.

      3. Hubert Cumberdale Silver badge

        Re: Confessions of a bolt cutter

        Picking a padlock is almost always unnecessary. The vast majority can be non-destructively shimmed in seconds. If I ever need to padlock something, I use one that's not vulnerable to shimming (e.g. a disc padlock).

      4. gnasher729 Silver badge

        Re: Confessions of a bolt cutter

        So picking locks is for lock thieves, and bolt cutters are for bicycle thieves?

    2. jake Silver badge

      Re: Confessions of a bolt cutter

      Hydraulic bolt cutters make short work of boron carbide hasps. Available for around $200 (manually operated), or a little more for a good quality used battery powered model that'll open a dozen or more of these locks on a charge.

    3. EveryTime

      Re: Confessions of a bolt cutter

      Lock picking isn't difficult.

      But it's less predictable than bolt cutters. Bolt cutters usually work, and work quickly. If the bolt cutters aren't going to work, you'll get that answer in a few seconds.

      It's usually worth spending more money defeating bolt cutters than lock picking. Someone with bolt cutters is definitely up to no good and will cost you money. Someone that picks the lock hasn't yet demonstrated that they want to steal or destroy.

    4. davenewman

      Re: Confessions of a bolt cutter

      My (motor)bike is too big to get through the front door. So I use a disk brake lock with an alarm and a chain.

      1. jake Silver badge

        Re: Confessions of a bolt cutter

        Small door, or a trike? Even my '59 Pan fits through the front door ...

      2. ICPurvis47 Bronze badge
        Flame

        Re: Confessions of a bolt cutter

        My nephew left his motorcycle parked outside his GF's flat, with a D lock through the front disc brake and round the tele leg. When he came out later that evening, no bike. Went across to the pub opposite and asked to view their CCTV footage. White van drives up, two blokes get out and lift the whole bike into the back, and drive off. They obviously knew that they were on camera, because they kept their backs to it all the time, and there was a convenient piece of sacking covering the number plate. Mr. Plod said that the bike was probably either on its way to eastern Europe by now, or had been dismantled for spares. Insurance paid out on the CCTV evidence of theft.

        1. Symon Silver badge
          Big Brother

          Re: Confessions of a bolt cutter

          The pub's staff was probably breaking the law by showing your nephew the footage.

          https://www.gov.uk/request-cctv-footage-of-yourself

          "The CCTV owner might not be allowed to share any footage if, other people can be seen in it or they’re not able to edit out people to protect their identity"

          1. ibmalone Silver badge

            Re: Confessions of a bolt cutter

            Well, they couldn't be identified, so it was all fine!

        2. JimboSmith Silver badge

          Re: Confessions of a bolt cutter

          An ex-boss of mine had the same thing happen to her son. They thought it was secure in their front garden with a locked (but easy to open from the rear) gate and various locks on the bike. Evidently the thieves disagreed with this theory. According to the police they will just have climbed over the hedge, opened the gate from the other side, lifted the bike up and stuck it on or in the back of a truck or lorry. The insurance paid out because it was secured as required by the policy but the claims adjustor wasn't a happy man. There is now a requirement for it to be secured to something buried in the concrete front patio or bolted to the house.

          My dad had a scooter that replaced his motorcycle when he got old enough that the bike was too heavy. It was ridden to work on his outing with it and he decided he didn't like it much then. It was left in a secured car park that was manned 24/7 with CCTV to boot. It was attached to a bike post by a heavy duty padlock and chain etc. whilst at he was at work. Came out at 6pm to go home and the scooter was gone lock stock and barrel. I think somebody had parked a tall van obscuring the relevant camera. From my dim memory of the events it was suggested that they'd put bolt cutters through the chain. Then wheeled the bike into the van and driven the van off. In any case he just left it up to his insurers to dual it out with the car park insurers. He was paid but initially they were very suspicious as he'd only had the thing two days. He decided he'd had enough of scooters and spent the money on a better new car.

    5. Symon Silver badge
      Joke

      Re: Confessions of a bolt cutter

      "bike locks"

      The lighter the push bike, the more expensive it is, the bigger the lock you need. The weight of a push bike + lock required is a constant. So, don't bother shaving a few grams off the weight of the bike, you'll be lugging a big lock around anyway.

      1. jdiebdhidbsusbvwbsidnsoskebid

        Re: Confessions of a bolt cutter

        I've got a bike that a while ago I thought was important enough to insure against theft. Problem was that every insurance policy insisted on a lock that was comparable to the cost of the bike (or rather, what most policies would have paid out for a bike that was a few years old and heavily depreciated) and too heavy to practically carry round. Instead I rely on trying to park it somewhere awkward to get it out of and partially dismantling it to hopefully show down the opportunist theif just though to make them move on.

    6. fajensen Silver badge

      Re: Confessions of a bolt cutter

      and I couldn't cut through them.

      Not even with an angle grinder? These things are portable nowadays.

      1. Wellyboot Silver badge

        Re: Confessions of a bolt cutter

        Angle grinders can be a bit on the loud side.

        If there is any way of stealing anything in under a minute then some smart git will find that way.

      2. khjohansen

        Re: Confessions of a bolt cutter

        .. Angle grinders are slow - and noisy

        1. Symon Silver badge
          Joke

          Re: Confessions of a bolt cutter

          Not necessarily slow.

          https://youtu.be/IyvNt5dSF3M?t=105

          I'll give you noisy though!

  8. IGotOut Silver badge

    Security Devices don't stop theft...

    ...they simply slow the person down.

    And that is what you aim for. If the time taken makes the risk of getting caught to high, then it's worked.

    1. Joe W Silver badge

      Re: Security Devices don't stop theft...

      It's mostly that your bike lock needs to be more robust / a time sink than the next one, and your bike should look like shite...

      Yeah, this means the other person's bike gets stolen, not mine (or vice versa, I guess)

  9. EveryTime

    I'm curious at the characterization of Zamak alloys as "hard wearing".

    I think of it as "easily melted". It is able to be cast with fine surface detail and minimal shrinkage, allowing die cast parts to be used without any machining. But beyond that, it doesn't have great properties. It's not strong against impact. It might bend before breaking, but really only enough to make the cracked-off piece difficult to repair. And if it's doesn't break, it's has work hardened so it's going to break when you try to bend it back. It can be plated, but there is a good chance the surface will degrade even with no exposure to moisture or chemicals.

    1. Olivier2553 Silver badge

      Zamak is being used for good miniature toy cars. As it ends up at the ends of children it is hard wearing.

      1. Nugry Horace

        Under the name Mazak, it used to be used in pre-war toy trains. Unfortunately the processes used at the time meant impurities got into the mix, and castings from then may have become brittle or distorted - "mazak rot"

        1. Alan Brown Silver badge

          > Unfortunately the processes used at the time meant impurities got into the mix,

          You mean the makers couldn't be arsed practicing a modium of cleanliness and would shovel any old shit and floor sweepings into the melt, as it was "only for kids toys"

          1. jake Silver badge

            To be fair, it was only for kids toys. Most of which were played with and lost or broken & sent to the tip long before the rot set in. That's what happens to toys. It's only after the original owner becomes old, has money to burn, becomes nostalgic (and/or senile) and wants a part of their childhood back that any kind of value is attached to such things.

            Have you SEEN the price of cheap stamped steel ("tin") Japanese toy robots from the 1950s & 60s? And to think you used to be able to pick them up at garage sales, in the original box, for a nickle or so!

        2. Alister Silver badge

          It still is used in toy trains. Both Hornby and Bachmann models have had instances of mazac rot causing the frames to expand and distort, and even just break off.

          1. jake Silver badge

            "instances of mazac rot"

            That's pronounced mazak rot, in some places better known as zinc pest, not to be confused with tin pest. If you're into pre-1960s cast toys (including parts for some human-sized vehicles), it can be a huge problem.

  10. Alister Silver badge

    Lodge also speculated that the lock was made from Zamak, a zinc-based alloy

    Ah, pure Chinesium, that well known robust material.

    1. seven of five Silver badge

      Chinesium? That is different from the stuff they make screws from, isn' t it? You know, the other alloy there is, which become liquid as soon as a screwdriver touches the head.

      1. Strahd Ivarius Bronze badge
        Devil

        I am pretty sure that they are now using this

  11. Chairman of the Bored Silver badge

    Social engineering and pick sets

    I sometimes had to open locks in the office, for perfectly ethical reasons, such as "Need backup drives from some guy's locked container and he's on leave abroad..."

    Management was uncomfortable at best that I had the pick set.

    Solution? Teach the head secretary how to pick locks and let her hold onto the pick set and practice locks. The organization gains a powerful tool against people losing keys to random racks of crap, you gain serious political capital by helping the head admin, and you can have the pick set whenever you need - no questions asked

    1. ICPurvis47 Bronze badge
      Boffin

      Re: Social engineering and pick sets

      When I was working for a large electrical manufacturing company, in the Site Services department, one of my responsibilities was keeping a record of who had which numbered key, and to which office/workshop they were entitled to enter. One day, I had a damaged padlock to deal with, so I went to Security and borrowed their Core Key, which enables the lock barrel to be removed from the lock or padlock. Whilst I had it in my posession, I "accidentally" photocopied it before returning it. Later that day, I sorted through my stock of spare keys until I found one that was a close match, but without the extra two wards that operated the barrel release. Silver soldered a blob onto the end, and filed the key to the shape of the photocopy. I used that key for various, mainly legal, purposes until I left the company several years later. I still have that key, but the buildings are long gone, the site is now an out of town retail park :-(

      1. Yet Another Anonymous coward Silver badge

        Re: Social engineering and pick sets

        > I still have that key, but the buildings are long gone,

        <plod voice>Good evening sir, we would like to talk to you about some missing buildings .....

        1. The Oncoming Scorn Silver badge
          Pint

          Re: Social engineering and pick sets

          > I still have that key, but the buildings are long gone,

          <plod voice>Good evening Mr Pym, we would like to talk to you about some missing buildings .....

          FTFY - No charge.

          https://4.bp.blogspot.com/-cP6uy061Aak/W1fYb-9xgQI/AAAAAAAAfMk/3uxIzHVu7lMIkmpoAJ6zE4-Fwk9cIZvGQCLcBGAs/s1600/208693.gif

    2. Anonymous Coward
      Anonymous Coward

      Re: Social engineering and pick sets

      Never a bad idea to have someone else's fingerprints on a set of picks.

    3. MachDiamond Silver badge

      Re: Social engineering and pick sets

      "Management was uncomfortable at best that I had the pick set."

      They sound a bit dim. If they were smart, they'd have you tell them which locks were weak and which ones weren't. Did they mind that the bad guys have tools for getting around locks or just employees?

  12. Steve K Silver badge

    Blockchain

    I didn’t even see where blockchain is used here?

    1. Alister Silver badge

      Re: Blockchain

      In the alleged security of the Bluetooth stack

    2. James Anderson Silver badge

      Re: Blockchain

      Looks to me like a simple x509 cert security would completely solve this use case without all ti blockchain nonsense.

      1. dajames Silver badge

        Re: Blockchain

        Looks to me like a simple x509 cert security would completely solve this use case without all ti blockchain nonsense.

        Indeed.

        You don't even need a certificate. You need the private key to open the lock and if the lock opens you know the public key stored inside it is genuine.

        Certainly no need for a blockchain!

        1. Sam Liddicott

          Re: Blockchain

          That could describe what they did, but how about a replay attack?

          Perhaps you meant challenge-response using a private key.

          Ooops that could also be a known-plaintext attack to reveal the private key.

          So while it could be done, even by depending on a private key, you also accidentally also specified a failing system

    3. Ken Y-N
      Facepalm

      Re: Blockchain

      > I didn’t even see where blockchain is used here?

      Security through obscurity - there's such an obscure mechanism for using a blockchain that it might as well not be there.

    4. Jimmy2Cows Silver badge
      Facepalm

      Re: Blockchain

      Well it's a "chain", right? And chains are strong so it must be good.

      1. This post has been deleted by its author

  13. Anonymous Coward
    Anonymous Coward

    Security, both physical and digital, is important. Especially so in a smart security product

    sarcasm un-disapplied in a a very specific and limited way. Me like.

  14. BugabooSue
    FAIL

    Mallet

    It’s actually worse than it seems as it was hit with a soft-faced mallet so there was not the harsh mechanical shock you would get from a steel hammer. Not skookum.

    Junk!!

  15. Anonymous Coward
    Anonymous Coward

    Cloud and the Internet Of Things

    Two further ways to separate out the stupids from the rest of us.

  16. Lee D Silver badge

    If you want proper access control, install proper access control.

    If you can't afford proper access control (which is often cheaper than this junk!) then you are buying snake-oil. No different to a fake burglar alarm, those devices that make it look like you have the TV on at home, or a blinking LED and a sticker in your car to try to convince people it's alarmed/tracked.

    A padlock is not security. They're all easily bypassed in seconds. It's "casual" access control. Often the thing it's on is less secure than the padlock (e.g. the door, the hasp, the chain, the gate, the fence, etc.).

    Tying it into the Internet doesn't help anyone. Why you'd want to pass around access to a padlock via an app I can't really fathom - you need a better process if that's a requirement.

    Spend the extra, put proper access control on it, and then you can open the gate / door / whatever with a remote-buzz/text direct to a wired access control system that will go mad if you tamper with it.

    €65 retail for this apparently. And a piece of junk. Spend the extra and buy a cheap access control system with proper security and control.

  17. Unicornpiss Silver badge
    FAIL

    Absolutely nothing new

    For more fun with these go to YouTube and search on "Lock Picking Lawyer" or "Bosnian Bill" Some are also apparently easy to open with a powerful magnet, and I believe Bill reviewed a key box (maybe even the same one) that had the screws to take it apart 'hidden' under a sticker or similar that was easy to pry off.

    Of course there are a lot of purely mechanical padlocks and key boxes that are crap too.

    1. Jimmy2Cows Silver badge

      Re: Absolutely nothing new

      These things exist solely to part fools from their money, not to actually secure anything.

      Goes with the progressive dumbing down of society. If schools taught kids to actually think critically about things, even better if parents taught their kids to think critically about things, shit like this would be a lot harder to pass off as viable.

  18. FatGerman

    Loch Motor?

    So it's Bluetooth and has an electric motor in it, so presumably it has a battery.

    So it's a cold rainy night and your padlock won't open because the battery is flat, and the nearest shop is 5 miles away and it's closed. I do wonder what sort of world the morons who invent stuff like this inhabit.

    1. Jimmy2Cows Silver badge

      Re: Loch Motor?

      It's probably not morons that invent this. They know full well how crap it is. They are deliberately making junk products that are just viable enough for a lot of gullible morons to buy them and believe they're secure. In that they don't fall apart while still in their packaging. This crap costs pennies to make and they have massive markups.

      Too many people today have no idea how stuff works now, or what is needed to make something physically secure, and are quite willing to believe whatever they see on TV, internet, Facebook or whatever.

      No, I'd say the inventers/sellers are smart enough to notice the world is full of gullible morons, and cynical enough to manipulate them for profit.

    2. Alister Silver badge

      Re: Loch Motor?

      Only available in Scotland?

      1. FatGerman

        Re: Loch Motor?

        I spotted by typo after clicking submit but couldnae be arsed to fix it.

    3. jdiebdhidbsusbvwbsidnsoskebid

      Re: Loch Motor?

      Some electronic locks have a small generator that you have to spin a few times before opening it. Judging by how many of these our workplace has and how often any fail, they seem pretty reliable to me. That said, I don't think our workplace are buying them on the cheap so I guess you get what you pay for.

  19. Anonymous Coward
    Anonymous Coward

    Chainsaw, anyone?

    The "highly secure" office I worked in was burgled once, and the thieves took everything which wasn't bolted to the floor.

    *

    They got in by using a chainsaw to cut a door-sized hole in the drywall.....next to the "highly secure" actual door!

    1. Giles C Bronze badge

      Re: Chainsaw, anyone?

      Yep seen that an massive steel door set into a stud wall , why bother with the door when a good kick would give you access.

      Mind you the door was magnetic locked and it was on the back of the stud wall, so a smaller hole would let you pull the power to the magnets. Fortunately they didn’t put the electronics box on the outside of the room, but they almost put the computer controlling access in a room secured by itself so if the company went down you couldn’t get to it - I remember that lock would have only had one card that accessed it.

      Fortunately it was secured by a key lock and accessible from reception.....

    2. Pascal Monett Silver badge

      Re: Chainsaw, anyone?

      Well they score points for leaving a very clear message in any case.

  20. MachDiamond Silver badge

    Power needed to manage the blockchain

    What's the overhead power requirement to manage the Blockchain bit? A problem with cryptocurrencies the the huge power input to process transactions and the overhead.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020