Forgot your password?
typodupeerror
Security Portables Hardware

Kensington Laptop Locks Not So Secure 526

Posted by timothy
from the neither-is-anything dept.
eric434 writes "According to a security alert released by Security.Org, the Kensington laptop lock that many of us use and love isn't secure. In fact, it can be opened in 30 seconds after about a minute of practice with a $1 worth of equipment. (A Bic pen, and a pair of scissors. In the interest of giving people some time to stop using the locks, the actual method of opening the lock is left up to the reader.) To make matters worse, Kensington's 'We'll give you $1500 if someone steals your laptop' guarantee doesn't apply -- because the process of opening the lock doesn't damage the lock or cable." Mind the source, though -- security.org wouldn't mind selling you a book on locks and safes.
This discussion has been archived. No new comments can be posted.

Kensington Laptop Locks Not So Secure

Comments Filter:
  • by methangel (191461) on Sunday August 08, 2004 @10:26PM (#9917119)
    Just because the cable and the lock were not damaged does not mean that the lock and cable actually did the job correctly! Kensington should pay the warranty claim out since it was obviously ineffective in actually securing the device.

    If you use this Kensington lock and your laptop gets jacked, use a pair of bolt cutters and damage your cable before filing your claim.
  • Wire Cutters (Score:5, Insightful)

    by 0racle (667029) on Sunday August 08, 2004 @10:27PM (#9917125)
    Wouldn't a simple pair of wirecutters do the trick to begin with? I don't think you have to be McGuyver to get through those locks.
  • Re:Wire Cutters (Score:5, Insightful)

    by jcain (765708) on Sunday August 08, 2004 @10:31PM (#9917150)
    Have you seen one of these cables? They are actually quite thick and strong, so wirecutters would not have any effect other than slicing the outer skin.

    However, I'm sure there are tools for this job available at your local Home Depot or other hardware emporium. Just remember to make the cut nice and messy.
  • by gellenburg (61212) <george@ellenburg.org> on Sunday August 08, 2004 @10:36PM (#9917176) Homepage Journal
    Most laptop locks are insecure.

    Back in 2000 I had one of those Kensington motion sensing laptop locks which gave off this ear-piercing noise if anyone moved the device.

    Thing was so insecure that I was playing with it in the airport on a business trip one day and I realized all I had to do was to push the pin inwards and it immediately came off.

    Sure, the alam went off too, but it still wouldn't have stopped someone from jetting away and stealing the bag or laptop.

    Now, I secure both my laptops (work and personal) the old fashioned way. I never let them leave my sight or I lock them in a locker or the trunk of my car.

    Physical controls can't beat plain common sense sometimes when it comes to the security of your personal belongings.

    Neer leave a laptop bag in the front-seat or rear-seat of your car iwhere it's in plain sight. That's just begging for someone to smash your window and steal it.

    Also, don't carry your laptop around in one of those $200 leather laptop cases. I use a backpack. Sure, it was designed for a laptop but it doesn't look like it was. Maybe I have gym shoes and a change of clothes in there, or maybe I have an iBook, iPod, spare battery, Tréo 600, Passport, etc.

    Then again, maybe I don't.
  • by Vellmont (569020) on Sunday August 08, 2004 @10:37PM (#9917183)
    Except you're required to file a police report. Are you willing to file an incorrect police report to get your laptop replaced?
  • by CMiYC (6473) on Sunday August 08, 2004 @10:37PM (#9917184) Homepage
    When I'm at Starbucks for a few hours, the caffine gives way eventually. Fortuantely the Starbucks I frequent gives police officers free coffee. I'm nieve enough to hope that one of them would notice if someone was taking pliars or a bic pen to my laptop while I was peeing.

    Even so, it prevents someone from just picking it up as they walk by. That's all I ever hoped the cable would do.
  • by weiyuent (257436) on Sunday August 08, 2004 @10:41PM (#9917199) Journal
    Just because the cable and the lock were not damaged does not mean that the lock and cable actually did the job correctly! Kensington should pay the warranty claim out since it was obviously ineffective in actually securing the device.

    If your laptop, bike, etc ever gets stolen and you try to claim the compensation money from the lock manufacturer, you will find that there are many restrictions on actually getting that money. That is because, as with any other insurance scheme, many unscrupulous people try to get the compensation money by dishonest means. So some genuine theft victims will be deprived of their deserved compensation, whereas other scammers might get away with the money. By and large, though, the majority of consumers are justly rewarded.
  • by itwerx (165526) <itwerx@gmail.com> on Sunday August 08, 2004 @10:41PM (#9917200) Homepage
    They probably use the bic pin to set the pins and the scissors to apply the torque.

    Correct.
    That method actually works for any/all barrel-type locks, though the better quality ones (e.g. vending machines) will have tighter tolerances and stronger springs making them much more difficult.
    Kensington just needs to spend a few more bucks on a higher quality mechanism (preferably with more than 5 pins!! Geez...)
  • Re:Wire Cutters (Score:1, Insightful)

    by Anonymous Coward on Sunday August 08, 2004 @10:43PM (#9917219)
    I'm sure one of these [vsnl.com] wouldn't have much trouble with the 1/4" steel cables most of those locks use.
  • Re:1500 dollers (Score:2, Insightful)

    by PabloJones (456560) on Sunday August 08, 2004 @10:44PM (#9917221) Homepage
    the information on the drive itself is far more sensitive

    Or, far more useful. Let's say you have a lot of work stored on your laptop's hard drive. Maybe it was worth more to you than $1500, or even the laptop itself for that matter. You'd still have to go back and redo all your work, not only losing the price of the laptop, but the cost of your time as well.

    Obviously, one should be backing up their important information, but that's not always feasible when one is on the go.
  • by Anonymous Coward on Sunday August 08, 2004 @10:57PM (#9917297)
    Yea, there was a similar story here in the states, and the TV crew took a pair of bolt-cutters and cut the piece of metal that hooks around the steering wheel. It was amazing how easily it came off!
  • by DiscoBobby (196458) * on Sunday August 08, 2004 @11:00PM (#9917310)
    Look, laptop locks are psychological blocks, not physical blocks. If you can't hork a cablelock out of a plastic laptop case in less than 15 seconds you don't deserve to steal that laptop.

    They keep honest people honest. They're speedbumps for the pros. Don't leave you leptop alone!
  • by Anti_Climax (447121) on Sunday August 08, 2004 @11:02PM (#9917318)
    Most of the hardware at my high school was locked down to the desks using cable locks, but the mechanism used to attach it was certainly inferior to the kensington type.

    Basically, there was a metal reciever that was screwed into a rubber/plastic pad that is epoxied to the hardware you want to keep. The cable is slipped through the reciever and then locked to a suitably heavy piece of cheap furniture, while the other end was to large to pass though the reciever However, since the unlocked end was not attached to anything, you simply slacked the cable, then passed the end under and around to unscrew the reciever from the epoxied pad.

    It wouldn't have worked if it was riveted instead of screwed, but then again, it's a really a deterrent in the end.
  • by sublimespot (265560) on Sunday August 08, 2004 @11:23PM (#9917407)
    Why pick on Kensington?

    Anyone who knows how to pick a lock can open most locks with 5 cents worth of equipment: a couple bent paperclips. Lets write a big story about how all these locks are weak.

    So what? The lock is pickable; so are most other locks.

    Unless the big story here is about the warrany. The fact they knew the lock is weak, so they worded the warranty in a way to avoid paying up.

  • by PitaBred (632671) <slashdotNO@SPAMpitabred.dyndns.org> on Sunday August 08, 2004 @11:30PM (#9917445) Homepage
    I'd say that this example is a very clear-cut case of 'violating' the lock... it's failing in a manner it was meant to protect against. It's not like they're stealing the chair and the laptop, which I would say clears Kensington of liability. IANAL, but I know a few, and I watch Perry Mason ;)
  • by NeoSkandranon (515696) on Sunday August 08, 2004 @11:40PM (#9917489)
    Your mom ever tell you "Two wrongs dont make a right" when you were younger?
  • by huchida (764848) on Sunday August 08, 2004 @11:44PM (#9917508)
    ... Well, they are, but any thief intent to steal a laptop-- and who is prepared and has the equiptment ready to do the job-- will probably get away with it. This implies some forethought, though. Ask anyone who's owned a bicycle in NYC... There is no lock that can't be broken.

    What locks ARE good for, is deterring the casual thief. Someone who spots a notebook untattended in a library, a cafe, an office, sees that no one around... And grabs it. They're not likely to pick a lock or cut a cable. Since this is far, far more likely-- unless someone is really casing you for the info. on the computer-- it does make sense to use a lock.

  • by FroBugg (24957) on Monday August 09, 2004 @12:04AM (#9917611) Homepage
    The Club may be pretty easy to defeat, but it still takes more time and equipment than stealing any other random car.

    I drive a very common and not very valuable car (Ford Focus), and when I put my Club on I don't even bother to lock it. All I'm counting on is a thief noticing it and deciding he'd rather steal the Clubless car next to mine.

    It's like the two guys running from the bear. I don't have to outrun the bear, just the other guy. With my car, I don't have to defeat the crook. I just have to be tougher than the car beside mine.
  • by B747SP (179471) <slashdot@selfabusedelephant.com> on Monday August 09, 2004 @12:17AM (#9917656)
    What's the problem with filing a police report. It's not like the cops care, you just rock up... "Whaddya want?" "My laptop got stolen" "Where from? Name? Got serial number? Here's your reference number. NEXT!".

    The magic reference number (which is what they hand out in the state of New South Wales (where Sydney is) Australia) is all you need to satisfy the insurance claim. You get extra bonus points if you know the copper's name and can write that on the form too, but it's not required.

  • by B747SP (179471) <slashdot@selfabusedelephant.com> on Monday August 09, 2004 @12:21AM (#9917672)
    Filing a false police report is equivalent to perjury

    Who said anything about perjury? Your laptop got stolen, didn't it? So go report that your laptop got stolen. Refer my previous post - the coppers couldn't give a flying fire-truck *how* your laptop got stolen, they won't ask, and they *REALLY* don't want to hear about it (they already heard the same story a dozen times today from folks who just *needed* to tell *someone* and assumed that cops cared). Be a good citizen, give the cops the info they need for their statistics, and be on your way. It's easier for everyone that way.

    'course if your laptop *didn't* get stolen and you're reporting that it did - well that's a whole different kettle of fish.

  • by stu72 (96650) on Monday August 09, 2004 @12:21AM (#9917673)
    woah there... cell phones don't cost $50. They might cost *you* $50 if you're a good customer or a new customer but they're worth many times more than that and subsidized to get you on board.

    In general, the prices offered by major wireless carriers are meaningless. If you want to know what a cell phone is worth, try buying a new, unlocked (use on any carrier, thus not subsidized) phone of recent vintage from an independant shop - you won't find much for $50
  • by B747SP (179471) <slashdot@selfabusedelephant.com> on Monday August 09, 2004 @12:27AM (#9917704)
    Of course your finger prints are on the bolt cutter, you picked them up.

    You're showing definite signs of having watched too much American television my boy! In real life, they only screw about with the DNA analysis and fingerprints if (a) someone got killed and (b) the press are hassling a suitably highly placed politician over it. In the rest of real life, no-one has the funds or the time to fingerprint everything, and the cops certainly aren't going to bother investigating a stolen laptop.

  • by NotQuiteReal (608241) on Monday August 09, 2004 @12:59AM (#9917804) Journal
    If you lock a laptop up tight enough but don't watch it, someone may just stuck a pencil thru your LCD to spite you. That's what I would do if I were in a pissy mood and unable to steal your laptop that I was otherwise planning on taking (which I wasn't, if you were wondering.)

    Better you just let the a-hole take it and get some some use out of it, I'd say.

    On the other hand, if you are actually watching it (I mean, who locks a laptop and leaves it somewhere?) prolly nothing will happen to it.

    This is analogous to the $500 damage someone does to your car to pull a stereo that has a $20 street value.

    I am just rambling now... but what good is a laptop cable anyhow? Seems to me you have a couple of scenarios; A cable might work if you don't quite trust your roommate or his friends, I guess. Otherwise, forget it. You are in a "safe" environment, or not.

    Bottom line, if you leave something valuable where folks might steal that something, it will get stolen, sooner or later.

    I know, I've had much damage done to cars for little apparent gain for the thief. On the other hand I leave "tens of dollars" worth (but no more) of stuff on the sand when I am at the beach (add it up - towel(s), backpack, sunscreen...) with no ill results, so I am not totally paranoid, but not stupid either.

  • by Sycraft-fu (314770) on Monday August 09, 2004 @01:13AM (#9917845)
    Deterrence is basically what it comes down to. We use similarly worthless locks at the university I work at. I mean if I brought tools with me, I could cut those cables in seconds, no problem. However, that's not really our concern. That's not very likely, insurance covers it, and there's a high probability of the theif getting beat the fuck up. The reason we lock them is so that if someone happens to be alone in a lab on those rare occasions they aren't busy, they don't decide to grab a computer and walk off with it.

    Pros are far less common than many people think, it's the low skill, casual, impulse criminals that you generally want to protect against. I mean a lock on your door is a joke. Unless you are weird like me and have a Medeco high security lock or similar system, your lock is easy to pick. However, most theives do not know how to pick locks, so a locked door goes a long way to keeping them out.
  • by HermanAB (661181) on Monday August 09, 2004 @01:29AM (#9917905)
    Uhhh, after slamming it like that - you probably have to buy a new notebook, so what is the point?
  • by Angostura (703910) on Monday August 09, 2004 @01:33AM (#9917917)
    If you're going to be pedantic, try for accuracy. From

    Main Entry: product
    Pronunciation: 'prä-"d&kt
    Function: noun
    1 : the result of work or thought
    2 a : the output of an industry or firm b : a thing created by manufacturing
    3 in the civil law of Louisiana : something (as timber or a mineral) that is derived from something else and that diminishes the substance of the thing from which it is derived --compare FRUIT 2a

    Source: Merriam-Webster Dictionary of Law, © 1996 Merriam-Webster, Inc.

    dictionary.com
  • by Anonymous Coward on Monday August 09, 2004 @03:43AM (#9918310)
    Any links to a news story about this? Or details so someone can find one? Thief getting electrocuted during robbery sounds pretty newsworthy, but I've never heard that story. Or are you just bullshitting, as I suspect?
  • by Max Threshold (540114) on Monday August 09, 2004 @03:44AM (#9918312)
    illegal != wrong
  • by JonoPlop (626887) <me&JonathonMah,com> on Monday August 09, 2004 @05:28AM (#9918584) Homepage

    If you lock a laptop up tight enough but don't watch it, someone may just stuck a pencil thru your LCD to spite you. That's what I would do if I were in a pissy mood and unable to steal your laptop that I was otherwise planning on taking (which I wasn't, if you were wondering.)

    Better you just let the a-hole take it and get some some use out of it, I'd say

    I'd rather have a damaged laptop and get to keep my data.

  • by Anonymous Coward on Monday August 09, 2004 @06:19AM (#9918703)
    That is situational ethics my friend and still wrong.
  • by syntap (242090) on Monday August 09, 2004 @07:00AM (#9918792)
    If you lock a laptop up tight enough but don't watch it, someone may just stuck a pencil thru your LCD to spite you.

    Replacing the LCD is a lot cheaper than having your business competitor scrolling through your 5-year business strategy, or some swarthy individual gloating over his newest acquisition from the Los Alamos on-campus diner.

    At least have OpenOffice on it.
  • Re:Hmm..... (Score:3, Insightful)

    by glesga_kiss (596639) on Monday August 09, 2004 @08:24AM (#9919073)
    Most common locks are like most security proceedures in general, i.e. mostly a deterrent. You can pretty much always get in if you are willing to spend the time or energy on the target.

    Plus, if you use pliers to open a lock like this, it will be visible, giving away the fact that there has been unauthorized access. A similar idea I've heard of is gluing a hard-drive cable to the motherboard and hd. You could get it off and access the data, but you can't do it without being noticed.

  • Re:1500 dollers (Score:3, Insightful)

    by Halo- (175936) on Monday August 09, 2004 @09:06AM (#9919276)
    I've got a hard time beleiving this. I know that all Thinkpad's have a password you can set on the harddrive which can't be disabled. (Or can only be disabled by IBM or a spindle transplant depending on who you beleive....)

    Self destructing hardware is more of a liability than an assest. If something is sensitive enought to require this sort of protection, then: 1) It shouldn't come in easy-to-carry sizes, and 2) the risk (and cost) of accidental destruction is probably greater than the risk of actual theft.

  • by H8X55 (650339) <(jason.r.thomas) (at) (gmail.com)> on Monday August 09, 2004 @09:12AM (#9919311) Homepage Journal
    but didn't you agree to their terms when you bought their lock? they only warrant their cable - they'll say you should have read and understood that.

Lend money to a bad debtor and he will hate you.

Working...