vowe dot net :: Do you still trust your Kensington lock?

Do you still trust your Kensington lock?

by Volker Weber

Do you still trust your Kensington lock? If you do then watch what this guy is doing. ~~He is talking German so you may not understand what he says, but you will get it without.~~ He is in fact talking English. What was I thinking?

[Thanks, Tobias]

2005-08-09 :: email :: bookmark :: digg

Comments

Either my German got much better overnight or that was actually in English.

Jeff Chausse, 2005-08-09 17:17

LOL! Jeff, I was wondering about that, too! :D

Anyway interesting demonstration!

Christian Bogen, 2005-08-09 17:30

I'll call Kensington about a full refund now... they claimed it was a LOCK ;-)

Frank Dröge, 2005-08-09 17:35

At IBM a security man told us this about a year ago, but we still have to lock the Thinkpads ;-)

Martin Hiegl, 2005-08-09 17:47

Well, the guy sounds more dutch than german and he is definately speaking english... ;-)
have to try that at the office tomorrow though :-)

Tobias Roedig, 2005-08-09 18:04

It makes more sense to encrypt (and back up) your data, than it does to "secure" your laptop with some flimsy bicycle lock. Unless the laptop is state of the art, and new, then it is only worth a few hundred Euros, whereas the data is irreplaceable.

Vilhjálmur Helgason, 2005-08-09 19:35

nice technique, I wonder how (and where) he had the idea about the "tool"...

cool T-Shirt anyway

;) Samuel

Samuel Adam, 2005-08-09 20:13

Hm, has anyone reproduced this "technique"? I have a similar lock for my machine, but instead being locked with a key (like the one in the demonstration) it's locked with a numeric lock (couple of numbered rings like the ones you often find on suitcases). Does anyone know if there's a similar "technique" for these?

Ragnar Schierholz, 2005-08-09 20:19

Looks like the idea is a variation on the attack on the tubular key Kryptonite bicycle locks that was publicized last year.

http://www.engadget.com/entry/7796925370303347/

Kryptonite is replacing the locks.

http://www.kryptonitelock.com/inetisscripts/abtinetis.exe/templateform@public?tn=product_exchange_faq

As far as I know, Kensington is not making a similar offer.

-rich

Richard Schwartz, 2005-08-09 20:23

@Ragnar: If you can provide me with a picture of the lock, I might be able to tell you whether there's an easy way to "crack" it.

Stefan Rubner, 2005-08-09 20:47

Thanks a lot for posting this! It took me 10 seconds to do the same to my own Kensington lock. Since I usually leave my notebook unattended for numerous hours, this might have really saved me a lot of money and trouble. Looking forward to debut as a lockpicker when I'll be in the university library next time.

Does anyone know of any safe alternatives that fit in the Kensington slot? Don't really like these number code locks:|

Martin Switaiski, 2005-08-09 22:14

A similar attack can also be performed on Master Lock steering wheel locks...

http://www.engadget.com/entry/3744297085452721/

Josh Humphrey, 2005-08-10 00:28

Three of us here have so far attempted this exploit against a variety of Kensington locks without any success.

Either our Kensington locks are different or our toilet roll tubes are inferior in some way.

BTW - Thanks for clarifying the German/English thing. For a moment I thought that cheap babel fish I bought down the market was actually working.

Chris Linfoot, 2005-08-10 17:08

Maybe Martin can clarify.

If you look how the Kensington works, you will see a couple of locks around the perimeter. They all need to travel a certain distance into the lock to open it. Watching the video you can see that this guy is not sticking the paper roll and then unlock, but he rather moving it quickly in both directions. I assume he is trying to wiggle the locks into place. Don't forget that he probably excels at lock picking so he knows what he is doing. He also said, that he worked two hours on his technique. You probably need more time to get it done.

"A fool with at tool is still a fool." :-)

Volker Weber, 2005-08-10 18:05

It wasn't really hard to reproduce the action. And I'm certainly not very nimble with my hands.

What can hardly be seen in the video is that you have to let the cardboard piece overlap the pen by about 1 or 2 centimeters. This ensures that the cardboard goes all the way inside the lock. And you have to closely fix the cardboard to the pen with the duct tape. Oh and I took one of those German "Stabilo" pens which turned out to be exactly the right size.

When you insert the "tool" into the look you only have to move it around clock- and counterclockwise a couple of times and the lock should open. Again, it's important that the paper roll goes all the way through and is inserted completely around the pin in the middle of the lock.

It's really no actual lockpicking skill involved. Took me under 10 seconds at the second attempt (first attempt didn't work due to a badly designed tool).

What really frightened me was the immediate idea that you could also build a much smaller and much more "professional" version and attach it to your keyring. People will then think you are using the key and are thus the rightful owner when you are actually stealing somebody else's brand new PowerBook.

I still haven't had a chance to go to my university's library, but I'm looking forward to all the shocked faces.

Martin Switaiski, 2005-08-11 10:42

"he worked two hours on his technique. You probably need more time to get it done"

Well, no. I managed to open a Kensington lock in under 5 minutes with a small piece of card board wrapped around my trusty Parker pen today. It did take me 30 minutes to reattach the lock with the same technique as the key to the lock wasn't available... ;-)

Bob Llewellyn, 2005-08-18 20:59

Die Schlösser von Kensington lassen sich nicht nur sehr leicht mittels Klopapierpappe öffnen, sondern auch aus den Halterungen herausbrechen (lies koriander.blogger.de.

Christian Böcker, 2006-05-17 19:57

Das ist wohl kaum ein Kensington Problem. Der Sicherungsschlitz muss natürlich durch eine hochfeste Stahlplatte gesichert sein.

Volker Weber, 2006-05-18 07:43