Kensington Laptop Locks Not So Secure 526
eric434 writes "According to a security alert released by Security.Org, the Kensington laptop lock that many of us use and love isn't secure. In fact, it can be opened in 30 seconds after about a minute of practice with a $1 worth of equipment. (A Bic pen, and a pair of scissors. In the interest of giving people some time to stop using the locks, the actual method of opening the lock is left up to the reader.)
To make matters worse, Kensington's 'We'll give you $1500 if someone steals your laptop' guarantee doesn't apply -- because the process of opening the lock doesn't damage the lock or cable." Mind the source, though -- security.org wouldn't mind selling you a book on locks and safes.
have to email author for details of the exploit (Score:5, Informative)
Extract from article:
You may contact the author for further details as to the method of entry. All computer owners and administrators should be aware of the potential for theft if you utilize this device. The full details of how to compromise this device are contained in LSS+ Version 5.0 Multimedia edition of Locks, Safes, and Security. Kensington may be contacted for further information at 800-535-4242. The company was notified of the problem by the author on July 13, 2004 and has refused to comment on or acknowledge the problem, or to return any telephone calls or e-mails. The author believes that the manufacturer can remedy the problem and should be required to do so. All purchasers of this device may wish to request a replacement from the manufacturer that prevents this form of bypass.
No, dumbass (Score:5, Informative)
The point of the Kensington lock is not so much to secure the laptop to something as to ruin the resale value of it by virtue of the damage likely to occur to the laptop if the lock is forcibly removed.
This hack apparently allows the lock cylinder itself to be cleanly removed, rendering the lock useless and giving the thief a laptop to sell that doesn't scream out "Look at this torn-off case plastic! I was stolen!"
Picking locks. (Score:2, Informative)
The cost is not the materials used, it's the expertise and practice. Be aware, most policemen are well aware what a set of picks looks like, even if you disguise them.
Re:I can attest to this fact. (Score:3, Informative)
Amen to that. I made the mistake of using a laptop bag to carry around my school books for a while. Left it in my backseat overnight and got my window busted out. Yeah, they didnt get away with a laptop, but I had to replace the window and school books. I'm sure it pissed them off too.
Re:How to make the warranty work for you (Score:5, Informative)
Re:Looking at picture of lock (Score:4, Informative)
Re:I have one as a deterant (Score:3, Informative)
I also use the cable lock as the "Laptop Club" when I leave my laptop unattended in the lab. If someone really wanted the machine, all is needed is a cable cutter or hacksaw to cut the thing the cable was wound around. Or I'm sure one could rip the lock connecter off the socket if tried hard enough. Cable lock is good for stopping the lazy-stealers.
Wewt! (Score:4, Informative)
Re:Funny lock story from Australia (Score:5, Informative)
If a crook wants past your club, they can just cut through the steering wheel and remove the club.
I've seen a different sort of club-type device on TV that hooks around the brake pedal. Looks like a better product to use anyway.
Re:"Guarantees replacement" (Score:3, Informative)
Re:Wire Cutters (Score:5, Informative)
Actually, bolt cutters aren't very good at cutting cables. What you need are cable cutters, which have more of a hooked scissors or shears type of head. The head of a cable cutter resembles the beak of a predator bird, actually; probably for a good reason.
Bolt cutters are designed to cut a single solid piece of metal, so they are not effective at cutting the many strands of a cable. The cable kinda squashes and the individual strands are too flexible for a bolt cutter.
Bolt cutters will work, eventually, but the right tool for the job is a cable cutter.
Re:How to make the warranty work for you (Score:3, Informative)
Re:Looking at picture of lock (Score:5, Informative)
The first is what you're implying, using common tools like a lockpick set.
The other, which may be more likely in this case is the way I "encourage" doors open when some fool locks themselves out.
I'd be willing to bet that this lock sets itself when you slide the end of the cable in. Kinda like a door latch. It slides over the angled bolt, and once it's over it is trapped til you use the key.
If the pen was a common white bic, and you removed the tip, ink, and back, you'd have a thin plastic white tube. If you used the scissors to cut the tube in half, even for just an inch or two, you'd halve a half-pipe roughly the size of the cable. Slide that down between the cable and the lock, and it would push the lock's bolt out of the way, and allow the cable to come free.
It's a little harder to do with a common home or office door, but can be done with a credit card.
This doesn't work for dead bolts (obviously). It also don't work on most padlocks, because the space is too small to slide something in.
Personally, I believe locks to be a tool to make people feel safe, and to keep 'honest' people honest.
A locked office in most office buildings can be accessed through the drop ceilings, or with the "assistance" of the janitorial staff.
A locked door on a house can be circumvented by going through a window, locked or not.
But, seeing a lock on a laptop, or a locked door on a room or building, makes a person think twice. The next one they find may be that much easier. Why go for the one with the Kensington lock that takes 30 seconds to steal, when you can just pick up the next guy's laptop bag with everything in it when he's not looking? You could tie your laptop off with a length of rope and be just as secure.
Kinda like 802.11b encryption. It's easy enough to crack, but most people will move on to the unencrypted network.
Re:Funny lock story from Australia (Score:5, Informative)
Cordless Dremel? (Score:2, Informative)
Re:How to make the warranty work for you (Score:2, Informative)
Re:Lock Picking (Score:5, Informative)
There is this wonderful site that has a great article about it: http://home.howstuffworks.com/lock-picking.htm [howstuffworks.com]
Re:I can attest to this fact. (Score:2, Informative)
Had a loft in downtown LA; parked my shitbox car in a "secured" place -- not that secure. Left the doors unlocked so people could check that there wasn't anything worth stealing without breaking in. Worked fine, until the morning I came out and found someone sleeping in the back seat. Even better news when I chased him away and discovered that he had poor bladder control -- half the back seat was soaked.
Just 'cause it seems like a really brilliant idea at the time, doesn't make it so.
DMCA Precedence (Score:3, Informative)
Loosen up dude! It's funny... laugh.
No need for dremels or clippers (Score:4, Informative)
After all, it's not a really secure lock like a cylinder, the number of combinations of the impressions on the rim of a key is limited so I guess there are only a few different lock combinations. Anyone could buy a Kensington and get one with the same key as yours.
How to unlock/pick the lock (Score:2, Informative)
Re:How to unlock/pick the lock (Score:2, Informative)
Here's how (Score:5, Informative)
Anyhoo: what you need is a pair of scissors and a paperclip. if you have no scissors, a second paperclip will work, if not so well.
Jam one point of the scissors into the rectangular hole on the circumference of the circular key slot. Twist the scissors so that the inner part of the lock turns into the 'open' direction. Keep applying a gentle pressure, and use the paperclip to push in the little pins in the circular groove, one by one. Push down lightly and slowly until you feel the pin 'snap'. If you release the pin, it should be held in place and not spring back up again. If it does, just try first with another pin. Eventually you'll get them all and the lock will turn open. You can close the lock again in the same way.
Some of these locks have a security feature... when you've twisted the cilinder halfway to the 'open' position, it will lock again. In this case you'll need both points of the scissor to apply torque to the lock cilinder.
This isn't hard... with some practice, you can open these locks in a minute or 2. We used to do this at the office, going around during luch break to swap everyone's Kensington locks around, then watch the frustration at the end of the day, as everyone discovered that their key did not fit anymore. I know, it's lame, but we were bored okay?
I don't have any qualms about revealing the 'secret' of Kensington lock picking, as I would have with revealing a hot new exploit. This trick is years old, and asa I said: any bored person with a paper clip can figure this out for himself.
Re:Pedant heal thyself (Score:2, Informative)
1 : the result of work or thought 2 a : the output of an industry or firm
Re:No need for dremels or clippers (Score:3, Informative)
Why bother with a lock? (Score:4, Informative)
If you want to be reimbursed for your laptop if it is stolen, buy an insurance policy to cover it.
Yes, it might cost a bit more than a "good" lock, but not a lot more (my girlfriend insured her PowerBook for two years for $90), and you're guaranteed to get your laptop back if it is stolen. Or if it burns in a fire -- let's see your Kensington warranty cover that. Just make sure your policy gives you "replacement cost," not just "market value." And back up your friggin' data!
Seriously, why bother with a lock?