Got back yesterday from a sort of Busman’s Holiday. We took 6 days off and visited a really brilliant technology and security festival, held every 4 years in The Netherlands. The event is called Hacking At Random, and, as the name suggests, involved a lot of people sat behind computers in a field! However, it wasn’t just hacking servers and sniffing traffic in the virtual worlds, it also included a large section on the physical world, including the latest developments with rapid prototyping, UAVs and, of course, locks. Not forgetting a free toasti with a free domain name and socially-engineered T-shirt!
For me, highlights included the talk about breaking the key control on the EVVA MCS, possibly the world’s most secure magnetic lock, for less than the cost of one of the locks, and the use of a rapid prototyping machine to create a physical plastic copy of the Dutch & German police handcuffs. (If you know what this means, you can get the STL file from http://ke.y.nu and then 3D print your own!)
I gave my talk on British lever locks, which was well received, and a Dutch locksmith did a short hands-on picking session to demonstrate just how insecure the local 4 lever locks are. Ray gave his lecture and hands-on about handcuffs, which is always very popular, whilst many others learned that the basic first level of home security, the 5 pin cylinder lock, was, for the cheaper locks, not very secure at all.
Most mind-blowing, however, was the impressioning championship won by Jos. Impressioning is the art of making a key to an unknown lock. This is tricky but once you know how, do-able. It took me 63 minutes, and only half the competitors finished within the hour time limit. The winner, however, came in with a time of just 87 seconds! Put into context, that’s about 12.5 seconds per cut depth! To put it another way, once set up, I take about half that time to copy a key on my key machine, whilst Jos was using a hand file and did not know the key cuts, only the lock. You can see the video at BlackBag.
So, a great time was had by all. There were also some private learning sessions, covering various things, which I will not be mentioning here. But if you gave them, thanks! We all learned a lot.