Kryptonite U-Lock Security Flaw 554
An anonymous reader writes "Once upon a time, a magic marker was able to defeat the Key2Audio copy protection scheme of older Sony CDs. Now, it has been shown that a Bic pen can easily open several models of Kryptonite U-locks. Please patch your systems, or install a tracking device on your bikes!"
hmmm (Score:5, Funny)
Dupe of a comment... (Score:3, Informative)
people suck. (Score:4, Insightful)
Re:people suck. (Score:2, Insightful)
I fear that as long as there are things not everybody has (money/power/fame/etc.), some portion of the population will turn to illegal, immoral, or socially unacceptable means to achieve their goals. Unless we really want to live in a society where equality is enforced and nobody is allowed to have anymore than anyone else, the presence of thieves and other criminals is something we will always need to deal with.
Comment removed (Score:5, Insightful)
Re: (Score:3, Informative)
Re:people suck. (Score:3, Insightful)
I can't prove it was stolen, its most likely it is, but then again, one can't go around calling the police simply because you think something is stolen.
Why the hell not?
If it was your own laptop that was stolen and someone else found it, would you want them to call the police? You know if nobody ever helped out the police, society would go down the tube pretty quickly. The police need these tips to do their work. This info gets thrown into the mix with all kinds of other pieces, like a jigsaw. Your
Comment removed (Score:5, Insightful)
Comment removed (Score:5, Insightful)
Re: (Score:3, Insightful)
Re:people suck. (Score:3, Insightful)
Man, you're description sure reminds me of the current lot in the white house.
Equal opportunity. (Score:5, Insightful)
--grendel drago
Sure. (Score:3, Informative)
The political 'spectrum' is more of a circle. Farthest left and farthest right meet in a fusion of totalitarianism. Because what they want, even more than their own ideologies, is control. And that's what dictatorships are about.
--grendel drago
Re:people suck. (Score:5, Insightful)
Re:people suck. (Score:4, Funny)
A secure job at the fire department.
Re:people suck. (Score:5, Insightful)
That assumes that the person has a reason. Or has reason. 1% of the world's population gets mania, a similar percentage schizophrenia, 20% get depressed, and there are other conditions which aren't well defined yet in terms of population incidence or effect (eg post traumatic stress disorder).
Yet in some studies, 50% of prison populations have major psychiatric disorders. You could say that these were crimes committed in sane periods (certainly, the judges did say that), but you cant get around the number of "criminals" that have a history of major psychiatric disorders.
Then there is the "sociopathic" personality, which can be born that way or become that way with certain brain injuries. People who just can't feel or see things from another person's perspective. Humans do this alot as a survival tactic - how else do you drive a tank around Iraq and shoot at people and not want to suicide? You do it for the greater good, or whatever, maybe. But you still sit in relative safety and point weapons of minor distruction (like your cannon) at real people who will feel pain or die. Its a trait most of us have, and it has survival value.
But some people just are like this all the time. So they are good on the battle field, and never get stress disorders from hurting others.
Doesn't mean that they are all homicidal maniac's - in fact many of them are just nasty people, and we have all met a few of them. Self centred. Whatever. You see actors play that role on most soapies - the office bitch type of role - and its based on real life personalities who aren't that uncommon. We have all met them.
Some people don't percieve risk the same way you do, either. Some people have to jump out of airplanes with parachutes just to feel alive.
And some people don't know that they are commiting a crime - Taping your TV show's to watch later is a crime in some countries (like Australia).
In essence - its not that simple. There are lots of reasons for crime, lots of motiviations, and lots of times where the person didn't really understand the risk/reward relationship for crime the same way you do.
Michael
Re:people suck. (Score:3, Interesting)
Don't forget, many mental illnesses are cognitive/learned. This means that the society they grow up in will have some affect on them. Even with disorders that are mainly genetic, some of the traits they have will be
Re:people suck. (Score:3, Funny)
As opposed to some people to have to jump out of airplanes without parachutes, just to feel dead?
Re:people suck. (Score:4, Insightful)
-Charlie
Re:people suck. (Score:4, Informative)
If you leave a bicycle unlocked in Sweden, it will get stolen. If you don't believe me, I suggest you come here and try.
For the record: the number of bicycle thefts per 100 people in America in the year 2000: 2.7. In Sweden: 9.4.
Re:people suck. (Score:3, Funny)
Re:people suck. (Score:4, Funny)
Number of bicycles per 100 people in America in the year 2000: 4. In Sweeden: 90.
The point is that I imagine that the number of bikes per hundred in other countries is probably a lot higher than in the US. The relevant thing here would probably be the number of bikes stolen as a percentage of total bikes.
Man up and get yourself a goddam SUV! Only a damn clog-wearing fairy would ride a bike anyway! And how do you ride a bike with clogs on, anyway?!?
Re:people suck. (Score:3, Informative)
So the number of thefts in the USA is approx 300,000,000 * 0.027 = 8,100,000 per year.
The number of thefts in Sweden is approx 9,000,000 * 0.094 = 846,000.
Thefts / bicycle and year:
USA = 0.081
Sweden = 0.141
So clearly, Swedish bicycle owners have absolutely no need to worry about theft!
Jesus, I am so sick of the patroni
It's true (Score:4, Funny)
And as a side note, let me tell you that everything you've heard about Swedish women is absolutely true. I met more tall blonde women there than any other place on the planet. Blonde isn't quite right, though. Not like Marilyn Monroe blonde. It's more like dishwater blonde. And friendly...not like on this side of the world.
And they serve beer with lunch.
Let's see legions of tall blonde friendly women, beer with lunch, you can go like hell on the freeway and free bikes. Is that a great country or what? Throw in free broadband and you'd be right into /. nirvana.
Re:It's true -- NOT! (Score:3, Informative)
In the one I live in, taking a bike from the rack outside a train station will get you hauled to court, you can only go 65 on the freeway, blonde comes out of a bottle, the beer you get with lunch is weak and dull and broadband costs an arm and a leg.
I want to go to *your* Sweden!
Re:It's true -- NOT! (Score:3, Interesting)
I can't believe how expensive broadband is.
So far, I havn't been too impressed with Sweden or the apartment I am living in. After 4 weeks my new apartment is still without furniture, despite me paying 200 kr a month for furniture rental and talking to everyone I can who might have any power over that fact. I'm still sleeping on the floor in the corner of my empty room. Up until a week ago, I didn't even have light/electricity. And the apartment is supposed to have tha
Re:people suck. (Score:5, Funny)
Re:people suck. (Score:4, Interesting)
Almost every domestically made bike comes with a fixed wheel lock operated by a key.
The first and only bike I bought in China was from a market in Beijing specialising in stolen bikes. I had it for about a week until it was stolen.
In every city and large town there are bike park lots staffed with security staff who take your 10 cents and guard over the bikes.
Re:people suck. (Score:5, Funny)
Re:people suck. (Score:3, Insightful)
As Homer once said, it's funny because it's true.
Re:people suck. (Score:4, Interesting)
Re:people suck. (Score:3, Insightful)
They are offering a replacement (Score:5, Informative)
"Canton, MA September 17, 2004 - Kryptonite today announced it will provide free product upgrades for certain locks purchased since September 2002, in response to consumer concerns about tubular cylinder lock technology. Consumers can visit the company's Website (www.kryptonitelock.com) on Wednesday afternoon, September 22, 2004, to learn how they can participate in the security upgrade program."
Re:They are offering a replacement (Score:5, Funny)
Wow, that sounds great. I was expecting to see a free Service Patch on their website to fix the security flaws. As far as I know that's how businesses take care of flawed products nowadays.
Re:They are offering a replacement (Score:5, Funny)
That's SO pre-DMCA. The way companies deal with it *nowadays* is attempt to sue the pen manufaturers.
Oh this is a BIG help.... class action anyone? (Score:4, Insightful)
Unless they are willing to replace the defective product, maybe it's time for a class action law suit?
upgrade won't fix it (Score:5, Informative)
From what I have read, the upgrade will replace the lock core with one of a smaller diameter. This isn't really a long term fix - someone will probably discover a different brand of pen that will open the new locks as well.
I have tried the Bic pen on my own Krypto lock - and it's really easy. The strange thing is, this isn't some design flaw with the lock. Everyone (hopefully) knows that all locks can be picked. But, it should be hard, requiring specialized tools and some skill. The Bic pen seems to have just the right magical combination of size, and balance of hard/soft plastic, that it makes an astonishingly effective lock pick. After opening my lock, the pen barrel had divots in it from the pins that looked just like my key. The plastic seems hard enough to push the pins down until they set, but then soft enough to hold the pin in that position.
Also, this isn't exactly breaking news. [security.org]
It _IS_ a design flaw. (Score:5, Interesting)
Comment removed (Score:5, Insightful)
Hmmm... (Score:3, Interesting)
They probably (Score:5, Funny)
Proprietary locks! (Score:2, Funny)
Hasn't this been posted before, like 2 months ago? (Score:2, Informative)
Read slashdot. (Score:5, Funny)
Win a free bike.
Read any other news source. (Score:2, Funny)
Win a free bike a week earlier than slashdot readers.
Re:Read slashdot. (Score:2, Insightful)
Re:Read slashdot. (Score:4, Interesting)
Re:More free prizes? (Score:5, Informative)
Royal Vendors sells high security versions of these machines, though that put a large steel bar over the normal cylinder that can be locked with a padlock. They can also replace the lexan front with sheet steel and add plating around the front door to make it impossible to wedge a pry bar in there easily. My machine has the padlock bar and the side plating, but not the steel front.
Coke machines aren't really worth breaking into for the ~$100 or less that you could get out of them..
What about other cylindrical locks? (Score:3, Interesting)
Previous Discussion (Score:5, Informative)
Re:Previous Discussion (Score:3, Informative)
The videos look strange (Score:4, Funny)
video of (Score:2, Informative)
* http://thirdrate.com/misc/krypto.mov [thirdrate.com]
Another movie, different lock.
* http://biginjapan.com/extranet/assets/ben/krypto_
Enjoy.
Comment removed (Score:5, Informative)
Re:The videos (Score:2)
Re:The videos (Score:3, Informative)
5.mpg [67.19.221.38]
It's twue! It's twue! (Score:5, Informative)
Interestingly enough, the problem was first reported in Britain in 1992. But it didn't go anywhere. Hurray for the age of fast information dissemination. And fast technology transfer to the bad guys.
Having equiped my bike... (Score:5, Funny)
Of course with my luck the thief will think the cell phone and GPS are a more attractive theft item than the Bke...
-Rusty
Well... (Score:5, Funny)
Re:Well... (Score:5, Funny)
Re:Well... (Score:5, Funny)
New York Lock... (Score:4, Interesting)
Lock, which by the way, isn't vunerable to this attack. It's the best lock in
the world, but at $50, only bike messengers seem to care enough/or know enough
to pay the money. Honestly, I can't count the number of times I've seen
expensive 1K and up bikes locked up with a $20 lock. If that.
SealBeater
Re:New York Lock... (Score:3, Informative)
Regardless, the worst part of this vulnerability is that it apparently even works against a number of the higher end, $80+ Kryptonite u-lock models. So it's just not a matter of cheap locks.
I would never lock up my 1k+ bike anymore; if it is outside my house I am within arms length of it. I even use sturdy locks on my junk-bui
Re:New York Lock... (Score:3, Interesting)
Fuck that. What difference does it make if I bought the damned thing a week ago or three years ago? I'm callin 'em on monday and giving them an earful about this.
Re:New York Lock... (Score:3, Informative)
bike for a long time without having to sit.
SealBeater
This doesn't just affect Kryptonite locks (Score:5, Informative)
The sick part is the problem has been well known to manufacturers since 1992, and nothing has been done about it.
Re:This doesn't just affect Kryptonite locks (Score:3, Informative)
Further, even Kryptonite's (and other lock companys') New York models have been reported vulnerable to this attack.
For readers who aren't aware, Kryptonite and other companies have special New York models to th
Re:This doesn't just affect Kryptonite locks (Score:5, Informative)
Re:This doesn't just affect Kryptonite locks (Score:5, Interesting)
No it isn't. It's a flaw in any cheap locks. You can open filling cabinets with a popsicle stick as well, and they aren't barrel locks.
This is a problem with any lock.
There are 2 things that a lock needs to prevent picking.
1) A system that will prevent it from unlocking if any tumbler is pushed even slightly further than it should have been. If this isn't in-place, even a blank-key that fits the lock will open it.
2) A system that prevents the tumblers from contacting with the locking mechanism. Otherwise, it's trivially easy to pick.
And that's only to impliment basic security. I don't have any format training, but I can open 90+% of locks I see...
Amazing as it may seem, quite a few safes don't follow rule #2. That means you can find the combination as fast as you could open it if you knew the combination. Also, it doesn't require any suspicious activity, as you just have a hand on the dial and a hand on the handle like you're someone that should be there...
Re:This doesn't just affect Kryptonite locks (Score:3, Interesting)
Well there was also the Medeco high security lock option. These are near
Somehow Microsoft is Behind This (Score:5, Funny)
Your bike is safe... (Score:4, Funny)
Oregonian had this as the lead article on Saturday (Score:3, Interesting)
http://www.oregonlive.com/news/oregonian/index.ss
on Saturday morning.
Makes me feel good to live in this town (Portland, aka Stumptown, aka River City aka the Rose City aka "the city that works") where the most important news in the world is that the locks we all use to secure our bikes aren't technically "locks." at all.
PDX is one two wheelin' city.
Remember... (Score:5, Insightful)
Re:Remember... (Score:5, Insightful)
steal a bike.
SealBeater
Re:Remember... (Score:3, Interesting)
Boingboing covered this (Score:3, Informative)
Here're a couple of movies, too, with different locks - movie 1 [thirdrate.com] and movie 2 [biginjapan.com].
Problems with the lock (Score:4, Informative)
Re:Problems with the lock (Score:3, Interesting)
Re:Problems with the lock (Score:3, Informative)
They also have the advantage of being invulnerable to another popular method of defeating conventional locks: hammering in a flat-blade screwdriver and twisting like hell.
I
Circumvention device... (Score:3, Funny)
Something to remember (Score:3, Interesting)
The purpose of a lock is to keep honest and semi-honest people from taking your stuff. If someone is damned and determined to take your bike, he's going to get it, regardless of what lock you use.
I also have to nod in agreement with an earlier poster who pointed out that for the price of a fancy lock, you can get a bike that no one wants to steal. This is a perfect example of why my everyday driver car is an old beater that no one in their right mind would want to steal. If you're going to drive fancy stuff, then you have to accept that you are going to be a target.
GOD damn I'm sick of these posts! (Score:4, Interesting)
This isn't a "known caveat", this is gross neglience on the part of a manufacturer.
While this is certainly something that lock manufacturers need to deal with, everyone needs to also keep one simple idea in mind.
The purpose of a lock is to keep honest and semi-honest people from taking your stuff. If someone is damned and determined to take your bike, he's going to get it, regardless of what lock you use.
People like you are totally missing the point. This is like an airbag company making airbags that don't work 90% of the time! Sure it's a better idea never to get in an accident, but that's not the frickin point.
The point is kryptonite's locks are billed as "highly secure". They are not. This has been known in select circles (and kryptonite was informed) since at least 1992, yet the manufacturer has done nothing with that information to fix the problem.
I also have to nod in agreement with an earlier poster who pointed out that for the price of a fancy lock, you can get a bike that no one wants to steal.
This is total nonsense. Increbile POS bikes get stolen all the time, see my post about my friend's bike.
Quick sue them with DMCA! (Score:5, Funny)
Warranty (Score:4, Interesting)
Nope (Score:4, Informative)
The problem is not the issue. (Score:5, Funny)
The solution to the problem, THAT is the issue. Let's gather around and think of what the big organizations/individuals would do to solve a problem such as this.
US goverment: Liberate bike from thief using a squadron of B2 bombers. At one point or another, several brits die, even if Rhumself has to find them and kill them himself. Bic pens linked to Al-Qaida.
Australian goverment: Send in Steve Irwin. If he gets killed, it's a good thing. If catches the thief, it's a better thing.
Brittish goverment: Sod the thief, fancy a scone, dear chap?
United Nations: Convene in an emergency session, go into recess after 10 minutes for cookies and tea. In the end, they condemn the theft but none of them manages to do fuck all.
European Union: The French and the Brits start bitching at eachother about which country has superior Bic pens. Germany and Spain wonder since when the damn Brits are part of Europe. The rest of Europe tried to talk tough before getting bitchslapped into submission by Germany and France.
RIAA: Claim that people who open locks use it to fund terrorism. Randomly sue locksmiths.
Microsoft: Vehemently deny existence of faulty locks. Release hotfix for existing locks, which consists of pouring glue in keyhole.
SCO: Sue Bic, 3M, Canada, a random seagull and the tooth fairy for copyright infringement on their proprietary way of opening locks with ballpoints.
Richard Stallman: Proudly proclaim the bike simply wanted to be free.
Eric S Raymond: Something irrelevant that contains a plug for "The Cathedral and the Bazaar".
Larry Wall: Make all locks so confusing that thieves don't know how to open them. Nor do the owners. Or manufacturers, for that matter.
George Lucas: Make a movie about bikes being stolen with Bic pens. Milk this movie out until 2050.
Bruce Willis: Get a bunch of oil drillers to find the thief and shove a nuke up his ass. And for the love of Eris, someone PLEASE screw Liv Tyler!
Simple solution... (Score:5, Insightful)
Volvo Jacks ---- U-locks are worthless (Score:4, Informative)
The Microsoft of Locks (Score:5, Funny)
"This is an extremely big deal. Kryptonite is the Microsoft of locks," said Brown, who estimates hundreds of thousands of the U-locks have been sold over the years. Kryptonite will not divulge sales numbers.
Well, they certainly are more like Microsoft now. Good for them
Cost/benefit (Score:3, Interesting)
It is even possible to build these 'unpickable' locks for a small multiple what a standard lock of the same mechanical quality would cost.
You can make it difficult enough that burning or drilling the core, or taking a fire-ax to the door, is much more feasible than any manipulation technique. When the locking mechanism is no longer the weakest link, then it no longer makes sense to spend more on an improved lock.
But jeez, a bic pen and 5 seconds...
Almost (Score:3, Informative)
For those in the UK (Score:3, Informative)
In the UK, the 1979 Sale of Goods Act says that items must be of 'Fit for Purpose' & 'Of Merchantable Quality' (ie it does what it's meant to without breaking). Your contract is with the shop not the end manufacturer, so you are entitled to walk into wherever you purchased it and demand a replacement or your money back. You needn't get fobbed off with claims such as 'take it up with the manufacturer' as your contract's with the shop. Kryponite can't even put a time limit on it as a lock that's opened using a biro's clearly not 'Fit for Purpose'. Any shop that doesn't comply can be reported to the trading standards authority who take a very dim view of people not complying to said act!
Slashdot Effect ... FOR GREAT JUSTICE! (Score:3, Funny)
So keep on reloading, Slashdotters! Hundreds, nay - Thousands! - of cyclists' dreams are in your hands!
* Yeah, I know there are mirrors and the Google cache. Yeah, this is a joke.
Didn't we already go over this. (Score:3, Informative)
In Related News... (Score:3, Funny)
Screw locks. (Score:3, Funny)
Socialism is the only hope (Score:5, Funny)
Re:Socialism is the only hope (Score:3, Informative)
Re:Look people (Score:4, Insightful)