![]() "If you’re trying to protect valuables in a storage locker, you should probably be using a better lock." Master Lock gives its locks a 1-to-10 security rating displayed on its packaging, and the locks he tested were all rated 3. But Kamkar says his cracking technique is likely no major surprise to the lock maker, nor should it necessarily register as a serious security crisis. Master Lock didn't immediately respond to WIRED's request for comment. Here's Kamkar's video breakdown of the robot's creation: All together, he says he built his prototype for less than $100. Kamkar's robot consists of little more than a stepper motor, an Arduino chip that runs his cracking algorithm, a lever to pull the shackle, a rotor with a 3-D printed attachment to the lock's face, and an optical sensor that tracks the location of the lock's dial as it turns. "If you do that one little test first, it can crack the lock in eight combinations or less." "Without doing any work, this can open the lock entirely automatically in 80 combinations," Kamkar explains. Doing that, Kamkar says, enables his device to then crack a Master Lock combination in just 30 seconds. But a Master Lock cracker willing to learn just one step in the process can also give the Combo Breaker a manual head start by merely turning a target lock's rotor while tugging the shackle to find the first number that offers resistance and starting the robot at that position. The Combo Breaker goes even further, automating the process with zero skill or practice required from the user. The resulting manual technique is easy enough- writers at Ars Technica who tested it, for instance, were mostly able to pull it off after a couple of tries. In combination with some restrictions in possible combinations that Kamkar mathematically deciphered and encoded in a web-based tool, Kamkar exploited that information leak to cut out all but a few possible combinations. That technique takes advantage of a manufacturing flaw: when the U-shaped shackle of one those combination locks is pulled while its rotor is turned, the cracker can feel resistance on certain numbers that help to reveal the position of the “combination disks” that determine the combination that opens the lock. It takes advantage of a mathematical trick Kamkar revealed last month that allows anyone-with a little practice-to find the combination of a low-end Master Lock combination lock in only eight tries. In fact, the Combo Breaker is programmed to do far better than a mere brute-force attack. “You attach it, leave it, and it does its thing.” “The machine pretty much brute-forces the lock for you,” says Kamkar. On Thursday, well-known hacker Samy Kamkar published on his website the blueprint and software code for a 3-D-printable Arduino-based lock-opening robot he calls the “Combo Breaker.” Attach it to any of millions of Master Lock combination locks, turn it on, and it can take advantage of a Master Lock security vulnerability Kamkar recently discovered to open the lock in a maximum of five minutes with no human interaction. An invasion of 3-D printed robots may be coming, capable of popping one of the world's most ubiquitous brands of combination locks in as little as half a minute. ![]() ![]() Careful what you leave in your lockers, high school students and gym-goers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |