Biometric and Other Locks Fail to Foil Hackers at DefCon

08-02-2010 • Kim Zetter via WIRED

LAS VEGAS — It wouldn’t be DefCon without a noted lock hacking team demonstrating the gross insecurity of some of the latest security locks, such as a biometric lock that could be easily cracked with a paper clip.

This year the three-member team of lock hackers, Marc Weber Tobias, Toby Bluzmanis and Matt Fiddler who have been cracking locks at DefCon for several years, also defeated an electro-mechanical lock, two deadbolts, and an electronic safe. The researchers gave Wired.com a sneak peek at their cracks and provided videos, which you can see below.

The lock that would seem to have thwarted them the most was actually one of the easiest to crack. The Biolock Model 333 is a sleek $200 lock that combines a mechanical cylinder and fingerprint reader.

“It’s a very neatly designed container,” says Tobias. “But the problem with this lock design is so elementary, frankly it defies belief. ”

The lock can be programmed with one or more “master” fingerprints, which can be used to authorize other users. To open the lock, a user touches the fingerprint pad, and a blue LED light illuminates to indicate the person is authorized, allowing the door handle to turn. The lock can also be unlocked with a remote-control.

If the fingerprint reader fails, a mechanical key can be used instead. The key entry is concealed beneath a flip door on the lever handle. And therein lies the security problem, Tobias says.