 Right, I was going to do a brief talk on hacking biometric security The problem is that trying to condense even just attacks on fingerprint locks into half an hour would be completely impossible So what with everything happening outside as well helping out with stuff I haven't had time to do lots of slides or anything. So we decided that Can you hear him out the back? We decided it would be better Again, we're brilliant Yes, I'm accustomed as I am to public speaking Yeah, that felt that That was Warren's joke. Right biometric security. It's impossible to condense hacking Just even just fingerprint sensors into half an hour. So I decided that it was absolutely pointless to just sort of go This is the false acceptance ratio. This is the true acceptance rate Because it flies straight over most people's heads We have the last member of our panel about to join us Another duchy for those of you who are fond of the Dutch. I probably have something far more important to do Come on Rob grab a chair So we decided instead to be interrupted by Warren my apologies. Yes So basically we decided to Q&A Question answering questions about security so you can ask about biometrics if you want and you get an answer But basically question on safes biometrics Courses burglary how to prevent such a thing Anything prevention of burglary not how to burglars. Yes You'll always get an answer it Comedy answer and it is unlikely to be the one you want So as we have ringers in the audience already Would anybody like to start with an interesting question that we can answer and so on right? We have a runner He's very slow. I'd like to point out Because the camp has to include everyone we have to include him as well Hi, yeah. Hi. I understand that recently There's been Bluetooth locks being developed that you can put in your door and use your phone to So open the lock mm-hmm has there been any research done in terms of the security risks behind those locks? I did some some research And it's a the London meeting of the master locksmith association a company called Salto turned up with their Their Euro locks are standard locks. You'd expect on a PPC door, and they have cloud locking and I don't think they utilize the Bluetooth as much. It's all done over GSM GPRS And so I've obtained one And with the help of the London Hatchspace guys stripped it down to its bare nothings to see exactly how it's all implemented It's currently very very very secure to the point that I've I haven't the faintest idea how to go about breaking it And so that one is particularly good. Oh, brilliant. My absolutely brilliant The locking portion is about four millimeters long and that has full authentication inside which is embedded in the lock If you change in the external portions, it doesn't work because they link together. It's really quite funky So I haven't seen this but is there a hardware override for this? No That seems like a really bad idea So when your internet goes down, so does your door lock or if your phone dies and they fail secure Very secure. They're also on Heathrow Airport And so let's hope that power never goes down any terrorists this regard the last portion Heathrow airport is fine. It's fine Don't worry Yes Yes To the best of my knowledge, they are dead in I've had them apart and there's no way to the battery operated by the way So you can physically go along with your my fair doodle and Swipe it, but if that fails or if some enterprising person kicks the front off You are up a certain creek without a paddle as the only one will ever work is the one that's been smashed with a hammer They're not available separately see by a whole new lock And you can't even keep the old bits for spares, so they fail fairly easily and there's no way to get around it If there's no power and you can as with all locks drill for the cam I suppose you can take all the middle out and try and activate the cam directly from a user point of view No, not at all. So the best of my knowledge The one that's not broken the late one to the again To return to you don't have a mic you're here for eye candy to return to the question for a moment The actual Bluetooth stack the encryption has been broken on it. So anything that says oh, yeah, blue tooth We're using that kids secure. They just did easy haven't kept up. So Pure Bluetooth authentication is not secure So there have been several Kickstarter recently as well. A lot of companies are making bicycle locks working on the Bluetooth There's one company that has a lock you can open Via your mobile and there's also some kind of tapping code you can use that's a kick start. Yeah, okay But but the problem mostly have with those boxes. They tell a lot about utility like oh you can use your phone Oh, you can give your friends tokens and they can Borrow your bike and stuff, but they rarely focus on the mechanics inside the lock Yeah, maybe they do focus on it, but we don't see There Let's get a quick show hands who's been to lock picking village Did everyone open something? That wasn't yeah, I should you can all shout out you open something feel free good Right who didn't see the safe Probably quite a few. This is a branded safe from a UK manufacturer. Yeah, it wasn't made in China by the lowest bidder It's actually quite a good example of this The key pads relatively secure a lot of the easy bypasses have gone You know, they put a fairly decent override lock on it so that you at least have to have a pic or Every hotel you've ever seen But this this is like all those ones you see sort of 50 quid in the wholesalers or in the shop. Oh, yeah, brilliant It's got a keypad must be secure. It's electronic. Yeah He means business now demonstration effect One of the UK's best safe crackers by the way That was a cheap pilot trick. Please don't applaud the monkeys And of course if you walk as a non-invited guest into a hotel room and you see your box like that Well, you don't have to search the whole room. Do you because all the good stuff is in there It's basically a systems failure Because nobody I mean Yale must have plenty people on the staff who know locks inside out And yet they never have to do to bunch of people like us or you know, I'm a training locksmith Train chimp Yeah, but also some of them have data logging as well, don't they those safes have data logging on some of them Yep, that won't have triggered anything. So, you know Something's been stolen out the safe you look at the electronic lock and you go, haha, right user with code number 63 Was the last person in here get him in here, please go where were you and he goes I was like at home and asleep in bed and they go Well, you open that safe last And he goes No Well, that's because someone's managed to figure out its combination or whatever. It's locked But no tack with the solenoid there where I just bash the top of that open it. There's no electronic record of that So it's a complete systemic failure One of the aspects of biometrics is a similar thing a lot of the locks are made by Some guy who has a great idea the Bluetooth door locks exactly the same There was a talk in 10 B yesterday What was that she called? I believe it's sim card or sim save something like that. It was the concept of taking people's fingerprints and using it as a Unique identifier for medical records. They don't see that Where's our runner or speak louder? Simprint so Sim save closing off. Yes imprint. It's a cunning punt on the fact they use a sim card in a gsm mobile phone And they put to stack reader for the fingerprint reader and then it's all magic after that apparently The fact that they're using Bluetooth to go from the fingerprint reader to the phone Then they're using the gsm network and they're using Android mobile phones to link the lot together Well We all know all of those technologies are secure don't we so in their defense that technology is not meant for Prescription drugs, but it seems like one of those things where it will work once No one no one will investigate why it works, and then it will end up being in different fields where we'll have issues It's a great idea. I just think that again, they probably need to speak to some people who would look at it and go well Okay, it's a great idea, but you might want to think about this and this and this for example Like a key revocation on my fingerprints is an issue for everybody you leave prints everywhere you go once the Prints are in the wild you can't eradicate them you stuff this on the internet They grow back mate the only way you can do choppy fingers off. Yeah Well, then you doubly screw because you can't even open your door with your fingers can You fancy biometric lock and you guys to know was on it Other parts This is actually interesting part where the software kind of locks like hardware If you if you have a key app or something that that you can actually publish your source code have people Investigate look for flaws look for wrongly implemented encryption Principles it's a bit harder with the hardware because you actually need to physically give somebody your lock ship It's somewhere have them examine it, and it makes it so much more A part of not so much gets overlooked, but gets ignored because it's way too Well, it's time costly is expensive costly. It's expensive It's a headache to actually manage it send them out get actual feedback and Reapply it so and God forbid if they find something I mean if you have yes, if you're running software if you're writing software you have software engineers Rarely, so if somebody finds a flaw you grab those same software engineers They're rewrite to get a patch where you know that goes But if they if some some nerds or they hire us and then they find something wrong in the hardware It's basically start from scratch build a new one the complete new one So any money you invested initially? Yep, it's a repeat It's gonna be a matter of sort of plausible than I ability if you don't let people attack the lock And you do not know if any flaws existing to put it on the market And if somebody else finds out later on you can just be like yeah, that's how it goes if you find out beforehand Then you're responsible for Making a well fixing the problem, but I would say every manufacturer is responsible for putting out proper product But they don't look at it similarly. Yeah, there's no definition of proper so if you think about some hardware that's secure and Well, you can put on we security tested it. Well, there's also no definition for security test. Yeah, so I go out and ask My baker is like could you look at his lock and try to open it for about five minutes? And if he feels and he probably will because he's doing other stuff I can put on the package that it's been tested by a professional Because he has a job Yeah, but as you say different levels of ability give it to us we'd most like between us will crack it might take a while But we'll get that the manufacturers a lot better. They no longer say pick proof. It's pick resistant. Yeah And bomb resistant because I mean we know quite a lot of locks and Well, we get questions a lot like what is a unpickable lock? It doesn't exist. I think every lock can be picked but for some locks We just haven't figured out how to yet, but it's It's it's there is no such thing as 100% security Well, she got the length of time as well and that might tools you need I mean some locks you might need four hours of uninterrupted access in practical terms And nobody's gonna sit and pick that yeah, in particular if you've left the back door open all the windows they bought You know for door. Yeah, there's the locks that in practical terms Nobody's ever gonna sit and pick what you're from door lock. There's also the security aspect of things One of the French manufacturers will only sell the lock with the new door This means that it's been very very difficult Particularly the fish a 3d. I'm thinking up here. Yeah, it's been Impossible. Yeah, it's a 3d and how much they are for us to buy enough of them to mess about with them Just because you can get one lock open doesn't mean you can get another seemingly identical lock opens You need a reasonable size selection to be able to say with some degree of confidence. Yeah, we can do those So you want to make a tool for a lot, but you just bought wholesale You know even getting a locksmith discount from them. It still comes in over 600 pounds That's a one lock which you intend to break Unless the manufacturers on on your side and saying yes, here's 10 locks have a go does what you think It's not gonna happen till they reach a second-hand market So when the manufacturer determined the decides to try and prevent that from happening to keep their security It ruins it for everybody. And then when we do get it it's trivial to get past and you just think well, that's a shame There are some manufacturers that do come to us. We're not doing bad for one question so far. I Assume there are more questions We've only got so much we can ramble about yeah, we just go to another question basically Go on you man there be a good question now Yeah, please be a good question. Well, I don't know about that, but I was at the lock picking village yesterday And got into my first few locks. Could you recommend any resources to go further? What? What to open more locks? Yeah, so I understand by some more locks play with them. Yeah, get used to those What are you to do? It's all meeting where are you based? Milton Keynes There's loads. I mean, there are hack spaces and so on. However, they're massive massive online communities Where you can speak to like-minded people sometimes even him when he's in the mood me Everybody you can sit in chat, but the the first thing you need to do is practice. So I assume you have a pick set Yes, so did you buy one of the pick sets that we saw I did yes So, yeah, we all know what pitch you have and so on practice with us And then practice at home pick the locks the best learning is to struggle and struggle and struggle and then one day It'll click Then you move on to the second one which you struggle And after a while you build up a repertoire of locks You can pick and then you'll find one that refuses to pick no matter what you do It will not work and that's the point you've got so you've got experience. You've got practice You've got a question to ask I have this lock. I'm struggling to pick it You know speak to anyone and somebody else will have picked that and we'll talk you through it might be Show your video give you a tip and at that point you're building up Your experience in your repertoire of locks and then you'll turn it to us You'd be a geek you try and find a lot that you can't pick or particularly Locks that other people you look up to and admire struggle with I love getting locks He can't pick and the same because now it's like I'll do it if it kills me and you get extra motivation After a while you wake up one morning and think shit. That's a lot of locks Especially when you keep buying new ones onto the market just to try and break them Just start with the big thing and especially for me because I mean these guys are locksmiths I started as a hobbyist big thing that kept me going was community So I was big into the forums and IRC and things like that where it'd be constant competitions There would be locks going around if you're in an area where you're interested in it And there's no one else around, but you've got a hack space just start it Put a mail around to get locks go to a locksmith and explain what you're doing if you're nice enough They're generally okay. Sometimes that takes a while so to get a good relationship with your local lucky Oh, yeah, the first time I went into mine. I walked in with a padlock I may or may not have meant to have but it been thrown away. So legally it was fine He called me a thief. He called me a liar. He took my money for the key for it Then get me carried on from there I got to know a few of the guys explain I was interested in a couple of months ago They were handing me bags fulls of locks if you go in and explain what you're doing If you keep going and being honest with them, don't try and lie and say, oh, you want the brass or something like that If they're a decent locksmith, and they're interested in what they're doing They'll see that you're interested in it and you've you've got the right mindset Eventually you'll find whether will hand you brass for scrap value at that point You can get as many locks as you want There are some old school locksmiths who will just tell you to go do one But a lot of guys these days know that there is a hobby scene out there And they are quite happy because they're part of it as well, you know, I don't see myself as a professional locksmith Not a hobbyist. I am both we don't see a professional locksmith either. It's fine No, I'm so good at it just do it for free. Yeah, it also helps if you want to Have a shitload of locks and still everybody you have a new hobby. Oh, yeah, I space mainly lists are the best way to go You're friends family Everybody And it may be convinced them and ask them how much did you pay for your luck? And if they go like My front door lock for a fiver and explain it. That's the wrong idea. If they follow your advice You have a new lock. Yeah, and eBay's a good way I mean, there's there's a big enough communities for four or five years ago. There wasn't really it's really growing There are a lot of myths out there and hobbyists that are selling on eBay Locksmiths and locks bought starter sets and you can pick up locks for about a pound pound 15 I think you have to buy them in sort of 10 or 12 But it's a good way to get like a small collection to start with you can take a few apart If you've got a few locks that you can re-pin You're fine Can you recommend anywhere to get to terminology those kind of things online? Yeah forums There are limitless guides come and see us at the very email YouTube video is a big one You can't always trust what you can see on quite good Yeah 24-part video series where he goes through everything the guy is obsessed with locks to the point where he makes us look casual Speak for yourself It's basically a wiki Just contains a lot of the explanation of what it is You know, we will also mention like this type of lock is susceptible to these kinds of attack with links to the attacks Lock picking 101 for of course the tool side especially the US tool side Has the complete slide deck that we normally use at the If we have a lot of village mostly in America, that's way it is huge set If you can use a mouse If you know enough to use a mouse to get to the slides on there You can understand how a lot works from those slides if you find if you go on YouTube and search for Defcon Even Oh, he has seven or eight nine hours worth of footage just him talking about it There's an hour talk what he just talks about pics. He goes through the basics He's probably one of the best speakers. If not one of the best speakers on lock picking I mean we're rapidly running out of time now so Unusually for us we can answer some questions quite quickly And then there is a part two by the way with yet more questions in stage B to close it 6 p.m Stage B. It's all closer in we'll answer it far more questions shortly. So come on We'll take you to the front as you're at the front to go on and then we gain over that side So on these online communities I assume there's also attracts a lot of people that are for some dubious reasons interested in lock picking How how does the community of ethical lock picks deal with that fastest way to answer it DBC locksmiths is based in the UK lots of hobbies and Every month or so soon we'll come on with a close-up photo of vending machine lock. How do I open this? I usually answer In a somewhat of a comedy fashion once you start picking locks, you know what other lock pickers ask You know the terminology you know the kind of locks you pick if the first question you ever ask online is How do I open this van lock which is only ever used on vending machines? It's instantly apparent what you're trying to do and so the answer usually is you obtain the key from the vending machine Company and open it with that or pay for you, you know sweets, whichever But so a bit similar to the digital hacking where people yeah, that's the first lately obvious. How do I hack Facebook? We have questions there you go stripy shit man The other factor is that criminals generally do not pick locks The closest to this sort of thing that you see in the movies is people who do things like tiger teeming and Ventration testing so they're probing physical security with permission to see whether someone else could get in in the same way Yeah, yeah, and the three-letter agencies They're the only people who realistically pick locks and even the three-letter agencies tend to cheese Because they'd rather just take a photo keys from five miles away with the satellite Turn it with a key. Go on mate with your room shit. Yeah, so just building on that point How do you pick, you know Facebook and stuff? How do you watch three? No, sorry? Yeah, so blue tea I kind of missed a bit about Bluetooth. Is that insecure now the the beauty It's a very very short answer. The beauty stack has been cracked open as far as I know the encryption is So I don't know about Bluetooth LTE, which is the newest one That's your answer. It's all cracked. I was pretty sure I was pretty sure it was wide open now So I've got more lock questions while we've got you all assembled There we go You all obviously know you stuff inside out. What's the biggest red face moment where you Spent an hour on it and then figured out it was unlocked in first place. I've locked myself inside my own van I've been locked out twice now since I've started this And I I tell everyone don't carry pics and I follow my advice. That's two windows. I've had to replace now I once spend three hours lockpicking a certain lock and just just Mentioned like oh, yeah, there's a special pin in the front And he has he had seen me a lockpick it for three hours and didn't tell me anything It's come back move actually the first time I went to a lockpicking conference surrounded I've only been into 18 months absolutely wide-eyed brilliant to be here people have been watching YouTube for 18 months amazed I was there About 20 of them watched me try and get through a door which was unlocked that had a stiff handle That was not a proud moment and one I'd love to forget but gets raised quite often You must have warrant moments. They were classified well Um, yeah, I once having About the kindness of my heart made a key for the customer and done some stuff So we could actually do the job and it would go ahead blah blah blah I then shut the starting door on my van which locked itself and I was telling they're going shit the keys are in the issue That was good It only took me a few minutes to get back in but it's quite a place one quick one for me on a warrant and It was on your warrants in fact in Birmingham and turned up Got all the gear very little idea I'm picking the front door of a row of Terries house is about six or seven in the row picking away picking away the warrant officer the engineer both very quiet Not really saying a lot not giving me any activation and after about I would say 45 minutes. I said lads I said them. I'm struggling now. I'm gonna have to go around the back. It's not a problem I know problem at all walk around the back. There is no back door. It's just not there at all So I walk through I open up. Yeah, we were here last week. We just thought we'd say how long it was gonna take you to try all the doors Relatively red-faced I think That's about it really fit red face moments. So we have no more do you have to be professional? The first rule is check the doors not locked before we start picking the lock my expense The warrant officer had pushed the handle therefore I thought that he had checked to see where the door was actually locked or not So imagine my surprise went after I'd picked the lock for 20 odd minutes. I was going. This is yeah This is just rubbish. I literally stood up and pushed down on the handle and the door just opened Yeah, I've done a very similar thing and I'm gonna go as a hobbyist Don't pick locks you rely on and don't pick locks you don't own but a friend of mine was locked out So after about 20 minutes at one in the morning of trying to open this damn lock it wouldn't go I lean forward and lent on the handle just because I was tired the whole thing swung over them happens all the time Yeah, our locks in particular BMW boots Some car locks pick clockwise some pick anti-clockwise And some locks pick easier in one direction the other so BMW boot locks You generally pick two locked a little bit and then spin them backwards to open However, if you pick them Basically to almost Unlocked but use your plug spin it which spins a lock in the wrong direction It fires it quite firmly into deadlocked and then snaps the little tab off the back so it won't ever lock again So did just in case anybody's interested what you have to do is then get in the Driver's door open the passenger door take the seats off drill a hole through Through the steel bulkhead fish the keys out Mention to the customer that you're in put the back seat on and drive off or Pay out of your own pocket to have his steel bulkhead repaired You'll never do that once or if you meet three times before you learn to be gentle 40 minutes Come back