Physical Pentesting – LockPicking Lawyer is the Guru with the Goods

Lockpicking tools inserted into lock

The LockPicking Lawyer on Youtube is a highly skilled locker picking professional. His videos sure to amaze and are a wealth of knowledge to pentesters looking for physical penetration testing attacks. However, not all of his videos attack the keyway with a set of picks. His videos that use other technology to bypass locks and security devices tell a very interesting tale about the state of the art of technology.

I have included some of his videos with a brief description, all of which demonstrate different aspects of lock bypassing.

In the first video, you see a new device on the market which is specially designed to take images of the inside of a Kwikset Smartkey keyway. The product is from a company called LockTech LTKSD, and costs about $350 USD. The implication is that this could be used to quickly build a physical key that can work with a particular lock. Although all the product descriptions I have seen describe the product as being designed only for Kwikset locks. So, the penetration tester would either need to know how to file a blank key to specification, or have access to a key cutting machine. Here is the video:

In the second video, The Lock Picking Lawyer bypasses a IoT home security device by emitting a weak but effective jamming signal at 430Mhz. The home security device in question uses this frequency which is in the Amateur / Radio-location spectrum. In Canada the importation, manufacturing, distribution sale, and possession of all radio jamming devices is illegal but the LockPicking Lawyer demonstrates that the lock can be bypassed by simply activating a second product that is registered and approved by the FCC, which completely disables the lock. Check out the video:

Finally, a method that is surely not in violation of FCC regulations, but nonetheless illegal to perform on a lock that you do not own, uses a strong magnet to disable the device’s relay circuit. The LockPicking Lawyer performs this attack on three different IoT standalone access control systems in the below linked videos, but also comments that this is a “shockingly common vulnerability” on IoT standalone systems. Watch and be amazed:

I highly recommend the LockPicking Lawyer channel for penetration testers looking to learn skills that will increase your abilities to bypass locks and get into secure areas.

Leave a comment

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.