Locks are all around us and while many of us still rely on a traditional key to gain access, it’s a safe assumption that most of us will need to use a digital lock at some point in our life.
While most of these locks are commonly seen with safes or security checkpoints at work but as the technology has grown cheaper, they are becoming a more integral part of the commercial market and finding their way into our homes.
Look at any digital lock and it’s clear that traditional methods of attack (such as picking) are often unreliable, but that does not mean these locks are impenetrable. It is possible to bypass a digital lock by using magnets, reprogramming, digital bypassing, shimming, creating a key, picking, or by using brute force.
All locks have their vulnerabilities, and as many companies attempt to cut costs, even digital locks can be bypassed with relatively low-skilled attacks and a trained set of hands.
What are Digital Locks?
Digital locks were first introduced in the early 1980’s and while the concept of unlocking your bike or home from your phone may be impressive, they are not overly dissimilar from a traditional padlock or deadbolt.
Typically, the actual locking bar and primary mechanism of these locks are virtually identical, but instead of having the mechanism directly controlled by a key or rotating dial, the mechanism is controlled through either an electromagnet or motor.
Electromagnets are arguably more common, but in either case, they are connected to and controlled by the logistics of the lock, which manage signals coming from the keypad, phone, or fingerprint sensor, and actually allow the lock to open.
This is a relatively simple way of looking at a digital lock, as they are often loaded with additional features such as sensors and transceivers (such as for alarms), but at the core make up the fundamental structure of almost all digital locks.
How are Digital Locks Attacked?
Several factors come into play when choosing an attack for a digital lock, and much like traditional locks, some methods are more suitable than others depending on the style and construction of the lock being attacked.
While the style of the lock is obviously a big consideration, as we attack padlocks very differently from safes and deadbolts, the manufacturer is often a much greater deciding factor when it comes to how easily a digital lock may be attacked.
As “smart” locks have grown in popularity, there have been many third-party companies selling these locks as a gimmick with inexcusable vulnerabilities that make opening the lock possible in only a few seconds.
That is not to say these vulnerabilities are not present in higher-end locks, but rather that as the vulnerabilities are well known, companies can often protect against common attacks, therefore making it more difficult to successfully bypass a device without at least partially destroying the lock.
With that said, let’s look at 7 of the most common exploits we can take advantage of, starting with some of the simplest attack methods before moving up to some more specialist methods of bypassing a digital lock.
Playing with Magnets
Electromagnets are incredibly cool pieces of technology that are able to turn their magnetic field on and off depending on whether they are connected to a power supply.
In locks, they are typically used to retract a magnetic bar from the lock and allow it to open, with the aid of either a spring or handle.
As these require the locking bar to be made of magnetic material in order to retract correctly, it is possible to use this to our advantage by introducing our own neodymium magnet to the system in order to retract the locking bar and ultimately produce an unlock.
Finding the right position to get this working can be difficult but with a small amount of trial and error, it can be an incredibly effective attack, allowing certain locks to be opened in a matter of seconds.
This manner of attack goes well beyond locking bars though, as other components of the lock may be influenced by a magnetic field (such as relays) which as the LockPickingLawyer demonstrates, can be used to bypass even some of the most intimidating looking locks out there.
While an effective attack on the right lock, it is important to be aware that there are limitations to this attack. Certain materials, such as Nickle and Cobalt, can be used to shield sensitive components of the lock protecting them from manipulation.
More importantly, carrying a magnet powerful enough to bypass locks has its own set of problems, primarily as strong magnets are likely to interfere with the other contents of your pack, while also posing a very real safety risk, especially with much stronger magnets.
Make the Lock Your Own – Reprogramming
One of the many reasons digital locks have become so popular in recent years is primarily because of their level of customization.
Unlike a traditional key, these devices can be reprogrammed easily allowing the lock’s owner to set and change their own pin code as many times as is desired, often with only a click of a button.
While not possible on every system, simple passcode reset options are a very serious security oversight that makes it extremely easy for us to pick up a lock, enter the security set-up menu, and register a code of our choosing.
Attacks like this are not always the easiest to pull off, especially as you may need to damage the case to access the passcode reset button, but that does not mean it is impossible.
Just recently, this exploit was demonstrated with the LifePod line of gun cases from Vaultek, after which they acknowledged the potential threat before offering free security upgrades to existing customers.
Vaultek demonstrated the right way to respond to security concerns over a product, but a firmware update to prevent the password from being reset while locked is not the only way to protect against this style of attack.
Other companies will often attempt to hide the reset button, either physically or behind menus (such as can be seen with the Yale Assure) which require you to enter a master passcode before being allowed to reset your passcode.
Resetting the password may not always be possible, but is well worth attempting as cheaper digital locks often overlook this vulnerability in the name of convenience, making it an incredibly valuable attack no matter if you are using a travelers hook, metal shim, or even small piece of wire.
Bypass the Logistics – Digitally
Once the locks logistics receive the correct passcode. fingerprint or Bluetooth connection to your phone, an electric signal is sent to the electromagnet or motor to allow the lock to open.
In most cases, there is nothing special about this open signal, meaning if you can supply the opening mechanism with any other source of electricity, you may just be able to cause an unlock.
Often it really is as simple as connecting the locking mechanism directly to a 9V or AA battery with a few pieces of wires, but while this attack is easy in theory, it may not always be that possible in the wild.
Companies are well aware of this vulnerability and often go to great lengths to protect the motor or electromagnet. This means that to successfully connect any wires to it, you will likely need to at least partially destroy the locks body.
While it is always more favorable to bypass a lock without leaving any trace you were ever there, the effectiveness of this attack makes it very easy to justify the addition of a few batteries and wires into your bag to use as a last resort.
Bypassing the Logistics – Shimming
The internal mechanics of digital locks are prone to a range of attacks, but that does not mean we cannot fall back on some of the more analog techniques used with traditional locks.
Shimming is arguably the easiest attack you can use on almost any lock and fortunately works just as well with most digital locks.
To attempt this attack, all you need to do is insert a narrow shim of metal into the padlock’s shackle or into the deadbolt of a padlock in order to mechanically disengage the locking mechanism.
We’ve discussed this method before when looking at how you can bypass a Master Lock, and it’s worth bringing up again because of how easily this technique can be attempted and its effectiveness.
There are ways to protect against this attack, such as by disengaging the locking bar when the lock is closed, however the attack works in enough locks that it is always worth trying out because of how quickly the attack can be pulled off.
Create Your Own Key
One of the major appeals of digital locks is the relatively high security pin codes offer to a user compared to that of a traditional key.
If you choose to use a four-number code, there are just about 10,000 combinations and with the ability to choose your own code, it’s unlikely anyone would be able to easily guess a pin number at random.
With that said, most digital locks offer alternative methods of unlocking (such as NFC and fingerprint readers) in order to allow for more convenient methods of unlocking your door or padlock.
These methods are nice for quickly accessing a lock, but with a bit of time and skill can be readily copied without the original owner ever knowing.
Cloning a fingerprint is possible, even from a photo, but the process is relatively time-intensive. It also requires extensive time in photoshop and access to a 3D printer to create an accurate duplicate that will work with a fingerprint reader.
In contrast, NFC or RFID cards are much easier to duplicate and can often be accomplished in only a few seconds with a smartphone or laptop, leaving even high-end security systems found in office buildings vulnerable.
It really is as simple as scanning an authorized card to your phone before cloning it to a blank card, key fob, or even NFC implant, and your new key is good to go.
Certain companies will attempt to encrypt their key, but with the right software, hardware, and know-how, almost any NFC or RFID device can be duplicated with relative ease.
Picking Never Fails
Analog attacks, such as picking, may seem like a strange exploit to include in a discussion about digital locks. But, they take advantage of one of their biggest vulnerabilities. Their constant need for a power supply.
While not present on every lock, especially if your lock is directly connected to a mains supply, it is not uncommon for most digital systems to include some form of secondary keyed access mechanism for when the power goes out.
As these are typically hidden from view and are intended only for secondary access, most companies attempt to save money by using cheaper and ultimately weaker cores that can be picked with simple attacks such as raking or impressioning.
We’ve already covered in detail exactly how you can go about picking traditional pin and tumbler locks and tumbler locks. But, in a nutshell, by simply using a pick and tension wrench you mimic the action of a key lifting pins until the lock is set and allowed to rotate.
Analog attacks such as this work incredibly well if you can find a keyway on a digital lock. But, this is entirely dependent on if a manufacturer chooses to include a secondary keyway.
It can be hit or miss on whether you will be able to find such a keyway, especially as companies either attempt to hide the lock’s core or offer a secondary means of powering the device within the key. However, it is still an incredibly powerful attack that can be used on almost everything from hotel safes to home doors.
Brute Force Your Way In
Finally, for our last method of attack, it’s important to remember if all else fails, digital locks are vulnerable to many of the same brute force attacks commonly used with standard locks.
Whether you choose to pry the shackle, breach the door frame, or even freeze the lock to allow you to smash it, many of the same attacks carry over directly to digital locks with extreme success.
In many cases, digital locks are actually easier to attack with brute force as they are typically seen to use thinner case material in order to accommodate the many components that make up a digital lock.
Even with that said, not every brute force attack can be successfully transferred over to digital locks. For example, while many of us may be tempted to drill out a padlock, the lithium battery of these devices is prone to exploding when pierced. This can make it a very dangerous attack if incorrectly done.
That’s not to say you should be put off brute-forcing a digital lock open, but by understanding the lock you’re attempting to open, you should be able to make more informed decisions about how best to physically attack a lock and ultimately have better success in getting it open.
We’ve seen how easily digital locks can be bypassed with very few specialty tools, but although digital locks do not always offer 100% reliable security, they do pose some interesting challenges that cannot be found with other traditional styles of locks.
Many locks are able to log when they have been opened and report back to an app. Meaning, any attempts at unauthorized access may be detected by the original lock owner before they even notice something is missing.
Recordings such as this are less of a concern with certain attacks, but should always be remembered especially when attacking high-security systems. Mainly because this information can often be paired with cameras to easily identify someone during a break in.
Additionally, while most traditional methods of lock picking leave the original key completely functional, these attacks (such as altering the combination) can completely lock out the owner of the device, again informing them of the attack.
In cases where you need to access a lock quickly, these countermeasures should not stop you from attempting a bypassing technique. But, it is worth keeping in mind if assaulting a lock that does not belong to you.
How to Buy a Secure Digital Lock?
Digital locks offer a unique range of challenges that arguably make them much more resilient to attack.
Although these locks are vulnerable, such as exposure to high strength neodymium magnets, their vulnerabilities are often well known and easy for the manufacturer to defend against, meaning for security you can rely on, you have to buy a lock you can trust.
The easiest way you can do this is by choosing a lock from a reputable and well-known American company.
These brands often avoid many of the mistakes found with cheaper lock companies, such as Retekess and SentrySafe, which often include digital mechanisms without any serious security components actually needed to keep a lock function.
I personally rely on locks from Yale and Schlage, which offer a relatively high level of security without breaking a budget.
The most important thing to remember when buying your lock is to always research the brand ahead of time to help find suppliers with a long and reputable track record of producing quality locks, even though these locks will never be able to 100% guarantee security.
Digital locks were first introduced to the mainstream market several years ago and flooded the market with gimmicks, promising immense levels of security while failing to deliver.
As they have continued to grow into the mainstream, the security offered by digital locks has gradually improved.
Even with the advancements seen with this technology, with the right knowledge, they are still prone to several attacks allowing a trained hand to bypass the lock with relative ease.
We’ve looked at 7 ways a digital lock can be bypassed while leaving little evidence you were ever there. But, while analog locks still dominate the market, it’s important to take the time to hone your physical attacks. Be sure to check our comprehensive picking manual on that very topic.