Kensington Laptop Locks Not So Secure 526
eric434 writes "According to a security alert released by Security.Org, the Kensington laptop lock that many of us use and love isn't secure. In fact, it can be opened in 30 seconds after about a minute of practice with a $1 worth of equipment. (A Bic pen, and a pair of scissors. In the interest of giving people some time to stop using the locks, the actual method of opening the lock is left up to the reader.)
To make matters worse, Kensington's 'We'll give you $1500 if someone steals your laptop' guarantee doesn't apply -- because the process of opening the lock doesn't damage the lock or cable." Mind the source, though -- security.org wouldn't mind selling you a book on locks and safes.
1500 dollers (Score:4, Interesting)
Hmm..... (Score:4, Interesting)
Re:I can attest to this fact. (Score:5, Interesting)
I had one of these and they're a waste of $70.
Here's another good one: pick the thing up very very slowly, so it doesn't start screaming, lift it about 10" off the table, then slam it flat on the table, battery down, as hard as you can. The motion sensor will be busted right out and the thing won't peep a sound. If, by some misfortune, it does start beeping, press your thumb real hard against the hole underneath, where the piezo is, to silence it.
These things are crap, honestly. Stay away from it...
Re:1500 dollers (Score:5, Interesting)
Australian Defence Force laptops (all thinkpads, that I've seen) have this. Try to break in and various parts of the laptop burst into flame.
See how easy it is getting data off a hard drive that's protected by a lithium/oxygen lock.
I'm curious... (Score:3, Interesting)
Funny lock story from Australia (Score:5, Interesting)
I'm sure you are all familiar with steering wheel locks, the most well known in Australia is called a Club Lock.
A magazine called "Choice", which reviews and tests products, reviewed all available steering wheel locks and claimed that the Club Lock could be defeated in less than 30 seconds by someone with no experience at car theft.
The manufacturer responded by modifying and improving the lock mechanism, but the magazine repeated their claim that it could be defeated easily.
This went on for about 4 generations of Club Lock and saw the introduction of a "star shaped" key to making picking the locks "impossible", as well as other developments. But Choice maintained that the Club Lock had not been fixed and anyone could defeat it in under a minute.
A local TV current affairs show filmed a carpark showdown between the manufacturer of the Club Lock and a reporter from the magazine, as the manufacturer prepared to release their latest model and the magazine claimed it would be able to defeat it in less than 30 seconds.
They were screaming at each other in a car park and honestly looked like they were going to hit each other. The manufacturer claimed (in near hysteria) that it was impossible for someone to pick their locks, and that the magazines claims were wrong. The magazine denied this, and so were challenged to demonstrate their claim on TV.
A brand new model Club Lock was placed on a car steering wheel.
The magazine reporter got in the car, grabbed it, and gave it a good hard yank, and it came off easily.
The manufacturer went very very quiet.
The funny thing about this - and the reason I remember it - was that the people who made Club Locks never asked the magazine HOW they'd been defeating their product. They all assumed that the locks had been picked. Practically all the improvements they made to the product over 4 years were in improving the lock mechanism. They never expected that the piece of metal which hooks around the steering wheel was so weak it could be easily bent. They shouldv'e thought laterally.
Anyway it was very funny. Trust me, I still remember it and it was about 15 years ago.
Re:I can attest to this fact. (Score:4, Interesting)
Don't try the trunk of your car in Chicago, even in the good neighborhoods. I've had windows broken and trunks entered for a duffel bag with a schoolhouse rock video tape. I've had trunks punched open with a screwdriver for some books. I once caught two kids in my car trying to pry an $18 tape player from under the dash. Hell, I once even left my car -- with nothing in it to steal, AND THE WINDOWS ALL HALFWAY DOWN -- and someone still punched a hold through the door skin to open the *unlocked* door with the *open* window.
So what lock to buy (Score:4, Interesting)
Re:How to make the warranty work for you (Score:2, Interesting)
1. File correct police report, don't get $1500, chances of police finding your laptop... none.
2. File a slightly incorrect police report, get $1500, by some random stroke of luck the police do find your laptop. Chances police believe that the thief is lying and just cut the lock with some bolt cutters... good
I know which one I would choose.
Re:Wire Cutters (Score:5, Interesting)
The particular wire they use is a strandad high tensile strength steel. The individual strands are probably 12-16 guage, the cable as a whole cladding included might be 4 guage.
To cut 16 guage half-soft steel wire takes a medium sized pair of bolt cutters and a lot of elbow grease. You could PROBABLY worry the cable through with those, but because you can't close the jaws on each individual strand, it's going to be more of a sawing motion.
To get through that cable you'll need a pair of bolt cutters whose jaws are large enough that the entire cable fits between them with no more than a 15-20 degree angle. And the leverage is going to be immense; 2-3 feet at least.
Not exactly a tool you could fit in your pocket
"Guarantees replacement" (Score:5, Interesting)
Guarantees replacement of any locked laptop that's stolen
Sounds pretty specific, huh? ANY locked laptop that's stolen... Which is quite different than what it says when you click the warranty link [kensington.com] on the page...
If theft of your laptop computer results from the Kensington Guaranteed Notebook Replacement MicroSaver computer lock being broken or opened by forceful means Kensington Technology Group will pay you the replacement value of your laptop up to US $1,500.00.
It goes on to say:
Kensington Technology Group will NOT be liable if the theft occurred because:
Now... that seems pretty vague to me. Are they talking specifically about the locking device? Or are they talking about the entire thing and calling it the Guaranteed Notebook Replacement MicroSaver Lock because that's the name of the product? Vague vague vague...
Re:How to make the warranty work for you (Score:1, Interesting)
Use the Bike Messenger warranty method (Score:3, Interesting)
Lock Picking (Score:4, Interesting)
Re:I can attest to this fact. (Score:3, Interesting)
It was a very cold and noisy drive home and cost a few hundred bucks to fix though
Re:I can attest to this fact. (Score:3, Interesting)
In the least sensitive setting you had to tilt it 45 degrees before it would go off.
In the middle it wasn't too bad, but it was still tilt sensitive -- I lifted it straight up, unscrewed the battery case, removed the batteries (to expose the unit's screws), then unscrewed it and reset it to a known code after a friend of mine decided to change it on me.
I could have just smashed it I guess, but that wouldn't have been as fun as stealing my own laptop.
The whole thing took about 5 minutes -- You'd have to have balls to walk into an office and do it, but you could probably pull it off if you tried.
Re:I can attest to this fact. (Score:5, Interesting)
You shouldn't try cutting 1.5KV cables with a pocketknife when the supply is still on.
It's not as bad in my car. The Hybrid battery is only 264 volts nominal and the 1KW inverter is 120 volts. I don't recommend messing with either while the power is on. The inverter is on most of the time. I plug the computer into it to charge batteries while on the road. I seldom bother to shut it off since its nominal unloaded draw is just a few mA.
i go by a different theory (Score:4, Interesting)
If I see an unguarded locked laptop, I dump a cup of coffee onto the keyboard.
Ok, not really.. but I wonder if anyone does this. I remember Denial of Service was a huge thing to do in highschool. People would beat the shit out of random combination locks on peoples lockers, you couldn't get your locker open. Bastards.
Comment removed (Score:5, Interesting)
Re:Applies to barrel-key type locks, not combinati (Score:4, Interesting)
These days I get emails in my work when people forget the combination on their locks to come and remove them. It's really easy, and I think if everyone knew it would be barely worthwhile using them.
Re:1500 dollers (Score:3, Interesting)
To prevent nontargeted theft, make your PC very distinctive. This reduces the "fencing" price significantly. If they obviously can't sell it to a fence they won't even bother touching it. Get/Pay an artist to make it permanently distinctive AND look nice at the same time.
But if you really want to teach the thief a lesson, try semtex and a pager. You may wish to make sure it only blows up on a particular pager message and not because of a wrong number
Re:I can attest to this fact. (Score:1, Interesting)
You need to move to a place with more intelligent criminals. I used to have a bomb of a convertible, never locked the doors and put a sign in the window: "Not locked: no radio, no gas, no brakes." Never had anyone cut the ragtop to get in (lived in Queens at the time). Don't know if anybody ever "broke in." Somebody had stolen the 3 remaining hubcaps at some point (lost one to a monster pothole once).
Re:How to make the warranty work for you (Score:4, Interesting)
Whether they'll actually catch anyone or not is another question, of course, but at least they try.
It really depends on the crime and the situation I suspect, but they definitely won't do DNA for something that size though.
However, you also have to consider that the private insurance company MIGHT decide to "investigate" on their own -- 99.99999% of the time they won't, but every once in a while some insurance companies will send someone out (even though it probably costs more then the claim) to investigate, just to look like they're doing due diligence and to discourage fraud. (Or so says a friend of mine who works in the insurance industry -- Take it with a grain of salt)
Re:How to make the warranty work for you (Score:3, Interesting)
40GB drive, 2.2GHz P4, ATI Radeon 9000 (independant video memory), CDRW+DVD, and 4-6 hours of battery life with the display dimmed, 802.11B.
It's not exactly brand new anymore (so don't bother showing where you could get a better one for less today), it was priced competitively when I bought it. In fairness the $4000 price includes the docking station, additional battery, an additional charger and a carrying case. That's $4000CDN.
Re:Clean take-away vs Vandalism? (Score:3, Interesting)
I used to keep a flashlight in my glove box (needed it for my job). Then, one of the local crackheads coat-hangared his way into my car and stole it.
I replaced the flashlight and not too long after that it was stolen again. This happened three or four more times until I got fed up and locked the glove box. Bad move. Next morning, my dash board was busted up and the flash light gone.
I presume that the crackhead needed the light to assist him in burgling. The funny thing is, that if he had simply reached under the steering wheel and popped the trunk, there was at least $200 worth of tools and parts that I kept in there in case the piece of crap car broke down.
After that, I just left the doors unlocked and the flashlight on the seat in plain view.
Re:I can attest to this fact. (Score:3, Interesting)
Um, no. I have several clocking circuits running. One inverts the low voltage into high voltage (not a lossless circuit) and another drives the output bridge for 60 HZ AC (driving transistrors still requires power) and the regulation and protection circuits are active. The noise suppression absorbs some power and the LED draws some power.
No short here.
Re:I can attest to this fact. (Score:3, Interesting)
Indeed, I had a similar thing happen once. A guy broke into my apartment, apparently with the goal of stealing my CD collection (a common theft item in that area, since they were so easily liquidated). He quickly found my CD rack in the living room (with >400 jewel cases in it), and quickly discovered that almost all of the cases were empty, the CD's were in my two CD changers, which were virtually inextractable from the metal equipment rack I was using as an entertainment center. He quickly got frustrated, decided it was time to leave, grabbed the fews CD's that were out in the open, broke a bunch of stuff out of spite, and left.
The cops caught the guy, too, since I could tell them *exactly* which CDs were missing, and the guy that had turned in those exact three CD's at the local used CD store showed up on their store video camera, and they linked him to the apartment with fingerprints (he also had a long rap sheet of B&Es, too).
Alas, it probably would've been easier for me if he had just stolen the CD's (hey, I had insurance), since cleaning up the mess he made and getting the stuff he broke fixed was a hassle.