The Honest Truth About Locks: Why All Locks Can Be Picked
One of our fantastic twitter followers, Kate Brew, seems a little upset that everyone doesn’t know that all locks can be picked. Due to the fact that Kate (@securitybrew) is both wise and powerful, her decree for the people to know had to be carried out post haste. And so it is, Hear Ye! Hear Ye! We have talked about this before in our well-known post, “4 Locks That Cannot Be Picked“, which was strategically titled. Locks that cannot be picked are only unpicked for the time being. As the locksport and security communities investigate each device, there is sure to be a weakness discovered for every single one. But why is this the case? Why is it that there is no such thing as an unpickable lock? What makes these inventions so prone to failure? We will go on a journey through what makes a lock a lock. There we will find out what it is about the nature of a lock that keeps them vulnerable to picking.
There are many different types of locks, but they have one thing in common. Locks have two functions, to lock and to open. A lock that does not work because it does not secure provides no protection. Locks were created with protection in mind. A lock that is not locking is not securing any valuables. A lock that is unlocked is the same as no lock at all. A lock that doesn’t work because it will not open cuts the user off from their valuables or the outside. If the lock cannot open it is also not a lock. The same way that a door that does not open is not a door, but a wall. A lock that does not open is not a lock, but a sculpture. All locks are meant to open. Something built to open, can be opened. This is simple logic.
To open a lock, you need a key. A key is used to give a single person, or a select group, access. The key overrides the internal components that keep the device secure. Once the correct key is inserted into the lock it is no longer secured. The key will manipulate the internal locking mechanisms so that the device can be moved in and out of the secure position. A key is not necessarily a physical object, a key can be a code that is manually punched into a keypad, turned on a dial or four-wheel combination, or transmitted remotely from a device. Things such as codes redefine the basic idea of key, with a handle and some biting, into something less permanent. Odd little knives (keys) have been replaced by the little rectangles (getting bigger every year) that we use to snap and chat to our friends, but these changes have not disrupted the core concept of the lock. Despite all the new ways that a lock can open, it is still designed to open.
Key Take Aways
A lock must open and close.
Because a lock must open, all locks can be opened.
To open a lock you must use a key.
A key has a pattern, physical or not, that interacts with the lock to both secure and open it.
Picking and Manipulation
The key to picking and manipulation is to exploit the very nature of a lock. If it can open, then it opens. The only thing left to do is fool the device into opening without the proper key. It is at this point that we begin to pick and manipulate the lock. Picking will work, in theory, for any lock that has a keyway, or point of physical key insertion. For a successful pick, the procedure of inserting the key will need to be replicated. The pattern of the key will also need to be mimicked. Often this is done by tensioning the lock and placing a piece of metal in the keyhole. The metal will serve to move the internal components of the lock one at a time, just like the key working in slow motion. To make sure that the work done in the lock remains in place, the lock most often be tensioned. The tension puts the internal components under the same stress as a turning key. The finer points of the process will vary depending on the type of lock, but if the key exists and the lock works, eventually this process will work. It may take a special tool, but it can be done. As a rule of logic, picking will always work on locks with physical keys.
A physical key is not to be confused with a token. Something like a key card may have to be physically inserted into the lock, but that key is not physically interacting with the lock. It is, however, sending signals that cause the lock to open. The real key is still noncorporeal, just as a key combination must be physically entered but does not exist in a physical form. That card does not have the correct code no matter what. The code can be removed, but the card will remain physically the same. These types of locks would need some sort of hack for the software or bypass to the physical bolt or fastener. This could still be considered manipulation. It is not technically picking, but the point is that doors without physical keys can still be opened without the proper key. Because these items are still locks, there will always be a way to unlock them. The correct tool may not be shaped out of metal, but it will manipulate the lock to open freely.
Key Take Aways
Picking and manipulation exploit the fact that all locks are designed to open.
Picking attempts to recreate the function of physical keys.
A physical key is any key that physically holds the code needed to open the lock.
Tokens, such as keycards are not physical keys.
Digital locks that do not use physical keys can still be manipulated.
All locks can be either manipulated or picked.
The Unpickable Myth
No lock is unpickable. The idea of an unpickable lock died way back in the 1850s along with the dream of perfect security. After several outstanding additions to lock technology it was still discovered that no addition could make a lock immune to picking. This trend has led the security and locksport communities to the common saying, “There is no such thing as an unpickable lock. There are just locks that have not been picked yet.” That quote can be accredited to anyone that picks locks because everyone eventually gets asked “Is there, like, an unpickable lock?” I think that the myth is perpetuated, mainly, by Hollywood heist movies as a convenient plot device, but there is a bit of truth to it. There are locks that no one has ever picked, and there are locks that will take far too long to pick for it to be feasible in a movie style heist. That is about as unpickable as things get.
Many times on this site I refer to locks as devices and mechanisms. This is not purely a way of not having to write ‘locks’ a million times in a post. It is also because a lock is a machine. Most locks are not motorized, but the internal workings of a lock use kinetic energy to in their functions of locking and unlocking. Because a lock is a machine, that means that it is built by humans or other machines that humans have built. With a standard pin tumbler lock, such as a Kwikset and/or Schlage deadbolt cylinder the human aspect of their creation gives them the flaw that makes them pickable. The basic idea of picking comes from the slight misalignment of the holes in the plug of the lock. The holes in the plug are meant as slots for the pins to rest in. By not being perfectly aligned, the pins will set at different times. When one pin sets before another, this will allow the lock to be opened. The first pin to set is the binding pin, and after that, the picker just needs to find the binding order.