17 Jun

Medeco – Hiding the truth since 1968

Category:Hacking, Security

Ok, let’s get the facts straight here. Medeco, a “high-security” lock manufacturer founded in 1968 tries to hide the fact that their “high-security” locks are not foolproof. Wikipedia has a page on Medeco, and when someone tries to add a section on the weaknesses found in their “high-security” locks, it gets removed. Also it appears the history page is wiped clean, as well as the discussion, since i can’t find any of the edits (makes it harder to restore!), or any whine or gripe on the subject. There was one comment, but my feeling is that there have been much more.

Medeco locks are used in various high-security places, such as government organisations etc. The only problem is, the locks have a weakness which makes them not at all secure, since the security can be bypassed without breaking anything.

The method is known as bumping, and was invented sometime in the 1970’s in Denmark. When you bump a lock, you use a specially crafted key that is inserted in to the lock, then “bumped” inwards, causing the driver pins to jump up past the shear-line, so you can turn the cylinder freely. The lock is not harmed, nor will any discernible marks be left on the lock.

Most (but probably not all) Medeco locks are susceptible to this technique, and are therefore, not high-security locks, and i recommend nobody do any business with them, until they correct and/or admit that they’ve been hiding the truth. I know it’s hard guys… you’ve got a product that you know is flawed, and you’ve sold millions of them to like.. the government, and you don’t want to get reamed. I get that. I don’t enjoy getting reamed. But you gotta fess up when we are talking about a product that is supposed to provide security. People stake life and limb on these things.

If you want a lock that is bump-proof, and also, comes from my country of Finland, get an Abloy Disc Tumbler lock, which are very common here. They are not bumpable, and take a considerable amount of time and expertise to pick, requiring special tools and skill. Unlike medeco locks which take a filed piece of metal, and in some cases a screwdriver. Whoo!

Some sources here:
Wiki – Disc Tumbler Locks
Wiki – Lock Bumping
Wiki – Medeco

Medeco Bumping at Defcon In this link, an 11 year old bumps a Medeco M3 High-security lock. On this page from 2006, they say their locks are virtually bump-proof. Virtually.

Hell, they even host courses on what lock bumping and the risk it presents..

A word on legality: The posession of lockpicks or other tools that can be used to gain unlawful access, with criminal intent, to the property owned by someone other than you is a crime punishable by a fine in Finland.

I am not a lawyer, so don’t listen to me, but that would mean that you could have these tools for your personal practice. Lockpicking is a hobby in many countries (haven’t heard much of it in Finland), and why couldn’t it be? Picking a lock could be a useful skill in an emergency, when someone is locked inside a dangerous area, or if you are there yourself. Or just as a general hobby. I mean shooting can also be a hobby…

Here is the law:

28 luku, 12 a § (24.5.2002/400)
Murtovälineen hallussapito
Joka ilman hyväksyttävää syytä pitää hallussaan sellaista avainta toisen lukkoon taikka tiirikkaa tai muuta välinettä, jota voidaan perustellusti epäillä pääasiassa käytettävän tunkeutumiseen toisen hallinnassa olevaan suljettuun tilaan rikoksen tekemistä varten, on tuomittava murtovälineen hallussapidosta sakkoon.

This means, if you for instance, carry some tools that can be used to pick locks, in a public area, without a reasonable reason, you can be fined. This means, if you are not coming or going to a lock-picking event/hobby club etc.

A good site on this whole hobby, is can be found here, at the “Haittalevy” blog.

Leave a Reply

Your email address will not be published. Required fields are marked *