Impressioning Attacks: Opening Locks with Blank Keys
Authors: Deviant Ollam, Babak Javadi, Keith Howell
Impressioning is the art of fabricating a working key for a lock using only a hand file, a blank key, and keen observation. Without taking any mechanisms apart, and while only accessing a locked door from its secured side, it is possible to manipulate a lock in such a way that it will “leak” information, allowing for a full decoding of the pins within. This attack sometimes takes longer than conventional lockpicking, but it is very effective and if successful it will result in total compromise of the lock not just one time… but for all time. This presentation will demonstrate the art of impressioning, and attendees will be able to try these attacks themselves afterward in our hands-on area.
While paying the bills as a security auditor and penetration testing consultant with his company, The CORE Group, Deviant Ollam is also member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. Every year at DEFCON and ShmooCon Deviant runs the Lockpicking Village, and he has conducted physical security training sessions for Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, and the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.
Babak Javadi is a hardware hacker with a wayward sprit. His first foray into the world of physical security was in the third grade, where he received detention for describing to another student in words alone how to disassemble the doorknob on the classroom door. After years of immersion in electronics and computer hardware hacking, he found his passion in the puzzling and mysterious world of high security locks and safes. After serving as a driving force within the locksport community for almost a decade and helping found the US division of The Open Organisation of Lockpickers, he has recently re-embraced the beauty of the baud and resumed hardware hacking with a vengeance. He currently serves as the President of the US group of The Open Organisation of Lockpickers (TOOOL) and is the founder of The CORE Group, a security research and consulting firm. Trained as an Electronics Engineer by the British Army, Keith Howell became interested in computers and began his learning path with a TRS-80 and has owned most Intel based processors since then. After joining UUNET Technologies in 1995, he started to get interested in the security of networks and computers and in 1998 joined the UUNET InfoSec team.
Following the ‘dot-bomb’ period in 2001, Keith returned to his electronics background and began doing physical security including Access Control, Alarm Systems and Locksmithing. Keith is a CISSP as well as an ALOA CRL (Certified Registered Locksmith). Currently, Keith is a Security Consultant in the Washington, DC area where he is contracted to Assurance Data Inc in Alexandria, VA.