“Bump keying” can open most any tumbler lock.

Now here’s something real to keep you awake at night. Just about any tumbler lock can be defeated with a worn down key and a couple of light taps by the average person with no special training. Watch and be horrified:

The really scary part is that this isn’t anything new. It’s been known about for quite some time, but hadn’t really been much of a problem until recently. There’s an excellent article about bump keying at Engadget that goes into detail on the theory behind it and the security threat it poses. Here’s a small excerpt:

Security against covert entry can be measured by what I refer to as the 3T-2R rule. All locks can be gauged by this standard, and all standards organization, UL included, essentially employ the same formula. Simply stated, it relates to the amount of time, the sophistication of the tools and the amount of training that is required to open the lock. Then, the reliability and repeatability of the process must be assured. The lower the requirements for the 3Ts, then the greater the threat to security. The problem is compounded if the reliability and repeatability of the process of compromising the lock is relatively high.

Bumping poses a serious security threat because the training to bump open a lock is minimal to non-existent. This was evidenced by three separate experiences that I had: a reporter that interviewed me in a recent television story, a correspondent for Newsweek, and the eleven year old at DEFCON were all shown the basic technique of bumping, and within a couple of minutes each was able to open five and six pin cylinders. The tools required are readily available. I have opened thousands of locks using screwdriver handles, a plastic mallet, and even wooden sticks.

Fortunately this flaw isn’t universal and there will soon be a Part 2 to the article at Engadget that will discuss which locks are and aren’t secure against bump keying. I’ll probably post a link to it once it’s available.

6 thoughts on ““Bump keying” can open most any tumbler lock.

  1. I’ve never been mechanical – mechanics are like the gods to me, all holding secrets and mysteries – just like coincidences.
    A mate sent me this overnight. Wooo. LOL

  2. Locks always have been for honest people. There is an interesting technique for creating a “master key” too.

    It needs one key for each tumbler (key tooth), a known key, and a file. You start with the known key (like a key that opens just one office where the master would open them all).

    Cut a duplicate of it, except make the only last “tooth” full-height. Cut another duplicate, making the only second-to-last full height. You end up with, say, seven different keys each with one “tooth” full height but otherwise matching the original.

    Take the first key, try the lock. If it opens, you know the last tooth on the master is full height. If it doesn’t work, file the long tooth down just a bit and try again. Make sure you “skip” the tooth size that matches the original key… you already know that tooth spot is for the original key, not the master.

    Repeat this process for your set of keys. Once done, your master key can be cut using the tooth-height from each duplicate that you were filing down.

    With practice, you know how much to file each time and the whole process doesn’t take more that about five minutes.

    This works because these simple “locks with master key” have two shear lines for each tumbler instead of one. (Shear line picture)

  3. in my younger days of repo-ing cars, i learned a few tricks of the trade.  one trick with 80’s ford’s was you could take a blank ford key, blacken it with a lighter, instert it in the keyhole, and wiggle it around.  the tumbler would leave a mark at each spot.  you file it down a bit and repeat the process on each tumbler section until no more marks were made in those spots.  also, even though a fords were double-sided, only one side was needed in order to turn the key.  so instead of breaking the lock out, you could just make a key!

    good times.  good times.  that is until i had a gun pointed at me and was told i wasn’t repoing their car.  i quit that day.

  4. Sun System & Network Admin manual … it is important to realize that any lock can be picked with a big enough hammer.

    Jeff: that is until i had a gun pointed at me and was told i wasn’t repoing their car.  i quit that day.

    Yeah, I can see how that’d work. wink

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.