I was recently re-watching an old sci-fi show called First Wave. The main character is an ex-criminal turned security salesman who is framed for the murder of his wife. The details of the show don’t matter. However, seeing Cade Foster breaking into buildings episode after episode got me thinking about the nature of locks and wondering just how easy it truly is to break into a building. The results were shocking!

After doing a little research as to how locks work it was pretty surprising to realize just how simple a mechanism it actually is. I kept thinking to myself that I had to be missing some added layer of complexity. Surely it couldn’t be this easy to break into a house or business?!

A few days later, I placed an order for a small set of picks and a tension tool to put my money where my mouth was. Keep in mind that I have had no formal instruction on lock picking; only some rough diagrams obtained from a quick Google search. By trade I deal with network security, and to me personal security isn’t far outside this realm. Once the picks came I did what any sane person would do… I locked myself out of my house deadbolt and all!

[It is worth mentioning that in some states simply being in possession of lock picks can be considered a felony. Thankfully, my current state laws are a bit more flexible. If you pursue lock-picking yourself you need to research and see if they are even legal to own where you live.]

While it certainly wasn’t instantaneous, I found it was scarily simple to break into my own home in less than 10 minutes! I managed to pick the deadbolt within 5 minutes, and the door lock within another 4. I figured surely this couldn’t be right that someone with no training could get in so effortlessly and stealthily. I have since practiced on a few other locks (with the owner’s explicit permission) and I’ve managed to pick all of them as well; one such lock belonged to a friend of mine whom works for the police department!

Thankfully, my officer friend informed me that the majority of break-in’s are far less elegant… or intelligent. In fact, nearly all of the break-in’s he’s seen are either resultant from an open door/window or the thief simply breaking a window to gain entry. Even he was impressed at seeing how easily an untrained person could pick the 5-pin locks at his own home. Just imagine what a professional thief/locksmith could do!

It’s not so much a fault of the locks. They do their job. It’s just that most people buy cheaper and less secure locks. Like hacking, no lock is ever fully secure, but some are certainly more secure than others. Without going into the actual lock mechanics too much, there are pins inside each lock that must all align at a specific height, the sheer line,in order for the lock to open. Some locks may have as few as 3 pins or as many as 7. Obviously, the more pins the more difficult, but also the type of pins make a big difference as well. Most pins are simply metal cylinders that slide up and down when a key is inserted. However, there are other types of pins known as “security pins” that have alternative shapes that when picked allow them to cam slightly and make picking much more difficult. Even these can still be picked with experience.

If you think about it like this we can relate this to WIFI encryption:

  • Unlocked door = Open access point
  • Locked door = WEP Encrypted access point
  • Locked w/ Security Pins = WPA Encrypted access point

Through my talks with police officers they all feel household security is a must. However, most feel that a normal lock/deadbolt combined with an alarm system is enough to deter most thieves. This is predominately because most thieves (at least the ones caught) tend to be less intelligent and sloppy in their methodology.

The problem I have is that in my profession most thieves aren’t your typical street thug. They aren’t looking to jack your jewelry or TV to pawn. Rather, crackers & black hat hackers are often looking for more big game like credit card numbers and identities that they can sell on the black market overseas and online. Basically, I’m dealing with a better breed of criminal… a more intelligent one, and infinitely more dangerous.

The saying goes, “to catch a crook you have to first think like one.” If that’s the case then it truly is simply a matter of understanding how fundamentally insecure everything is. Approaching security from the standpoint of there being a way to prevent something will get you nowhere. Every system has flaws, and someone will find a way to exploit them.

There are reasons why people in the security field tend to come off as paranoids. It’s because we see just how vulnerable we all are on a daily basis. We have no illusions of being secure. Security is a fairy tale we tell ourselves so that we can sleep better at night. The honest to God truth is that if there is something someone wants there is nothing you can do to prevent it. The best you can hope to do is to discourage them to the point at which they opt to concede.