Lock picking has long been a method of access to information. Professionals engaged in physical security reviews or social engineering assessments currently are the main security professionals using these methods. We’ve all picked the weak file cabinet lock at work or maybe even jiggled a key of a similar type to get access through a door, but how important is it really for security professionals to know this skill.
Recently having purchased a lock pick set and several training locks I found it was extremely easy to pick the locks. I went through a 6 set training lock package in just a few minutes and then an advanced 4 set in even less time. I’ve read a lot prior to the purchase and even have made picks out of street cleaner bristles, but very little practical knowledge. After moving on to master locks, etc. I found it was a little more difficult initially, but if you just sit down watching TV and practice picking the lock it becomes easy after a while. Now there are some very complex locks and I continue to learn and understand more about these locks. In any event, unless the lock implements very strong controls, picking the lock is done easily.
It is important that security professionals understand lock picking to grasp the risk. Many professionals really only talk security and don’t really practice it. The auditor comes in and says you need to put in badge readers because there is no accountability, etc. These people really don’t understand the simplicity of lock picking or the real weakness. Not that I’m anywhere near a professional at it.
- How many locks at your work environment are key locks?
- Is there sensitive information in these areas?
As professionals we should not underestimate the simplicity of lock picking. If you are serious about security you really need to get some lock picking practice and understand the risks associated with standard locks.
If you are interested in learning more you can learn lock picking at Defcon and ShmooCon
In addition, if you continue as a hobby I would recommend becoming a member of the following site.