Owning the Unknown: Applying Lockpicking Fundamentals to Unknown Security Models

No ratings

Presented at BlackHatAbuDhabi 2010 by

Babak Javadi

In recent years, there has been a great deal of talk regarding lockpicking methods and methodology with specific regard to mechanical locks and newer electro-mechanical lock designs. However, often times too much focus is applied to specific components in a security model. Instead of evaluating an entire system, Security Engineers are patching specific components within their organization. Lock cylinders are replaced with hardened high security counterparts, sensors are upgraded, and software patches are applied, but both commercial and government facilities remain vulnerable. Stressing the system in unconventional ways can result in information leakage, Denial of Service, and complete failure to thwart intruders. This briefing will discuss how fundamentals that guide lockpicking can be applied to almost any physical security model, and how the same design oversight that has plagued the lock industry for centuries still affects security as a whole today.