Presentation Title: How We Cracked Their Codes: A Case Study in Compromising the Most Popular High Security Lock in America - Medeco m3 and Biaxial
In the United States and Europe three primary standards organizations rate cylinders for their ability to withstand forced and covert attack and certify these locks as suitable for high security installations. Yet are the standards actually what they represent and can security professionals rely upon these certifications to protect their high value commercial or government facilities?
Many high security lock manufacturers claim that their cylinders will be impervious to covert methods of entry including picking, bumping, and decoding and that they offer high levels of key control, effectively preventing the illegal or unauthorized duplication of their keys. In this presentation, Marc Weber Tobias offers a detailed analysis of how the Medeco lock; of one of the most respected manufacturers in the United States and Europe was compromised by a methodical analysis of its physical characteristics and their code data base. These cylinders are utilized to protect the most secure areas of commerce and government, not only in America but also in many other countries but can be bypassed, often in seconds. The problem was accentuated at Defcon 15 last summer when a twelve year old girl bumped open a Medeco high security cylinder in seconds. Marc will address the many vulnerabilities that Medeco and other cylinders have with regard to different covert methods of attack.
Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. He has authored five police textbooks, including Locks, Safes, and Security, which is recognized as the primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book is also available online. His website is security.org, Marc is a member of a number of professional security organizations, including the American Society of Industrial Security (ASIS), Association of Firearms and Tool Marks Examiners (AFTE), American Polygraph Association (APA) and American Association of Police Polygraphists (AAPP).
Marc was Chief of the Organized Crime Unit, Office of Attorney General in the State of South Dakota, and as such directed many criminal investigations. He also worked special investigations for the Office of Governor, State of South Dakota for sixteen years, and was responsible for conducting internal inquiries for the executive branch of government
and for the state prison system.
Marc has lectured extensively in the United States and Europe on physical security and certain aspects of criminal investigations and interrogation technique. He holds several patents involving the bypass of locks and security systems. Marc contributes a column to engadget.com and has been featured in many publications as well as radio and television stories around the world.