Lock bumping

Lock bumping is a lock picking technique for opening a pin tumbler lock using a specially crafted bump key. One bump key will work for all locks of the same type.

Contents

History

A US patent first appears in 1928 by H.R. Simpson called a "rapping" or bump-key.[1] In the 1970s, locksmiths in Denmark shared a technique for knocking on a lock cylinder while applying slight pressure to the back of the lock plug. When the pins would jump inside of the cylinder, the plug would be able to slide out freely, thus enabling the locksmith to disassemble the lock quickly.[2] The use of a bump key was not introduced until some time later and was first recognized as a potential security problem around 2002–2003 by Klaus Noch who brought it to the attention of the German media.[3] After further examination of the procedure, a white paper was drafted in 2005 by Barry Wels & Rop Gonggrijp of The Open Organization Of Lockpickers (TOOOL) detailing the method and its applicability.[4] A patent exists for a lock device following the same principle as the bump key from 1926–1928.[5]

The technique then attracted more popular attention in 2005 when a Dutch television show, Nova, broadcast a story about the method. After the method received further publicity from TOOOL presentations at security conference talks, members of TOOOL and a Dutch consumer group, Dutch Consumentenbond, analyzed the capability of the method on 70 different lock models and with trained and untrained users in a 2006 study.

At the same time, Marc Tobias, an American security expert, began to talk publicly in the United States about the technique and its potential security threats. In 2006, he released two further white papers regarding the technique and its potential legal ramifications.[6][7]

Mechanics

A pin tumbler lock is composed of a series of spring-loaded stacks called pin stacks. Each pin stack is composed of two pins that are stacked on top of each other: the key pin, which touches the key when it is inserted, and the driver pin, which is spring driven. When the different length key pins are aligned at their tops by the insertion of the correspondingly cut key at their bases, the tops of the key pins and, consequently, the bases of the driver pins, form a straight line (the "shear line"), so that the cylinder can be turned, rotating the key pins away from the driver pins. When no key or the wrong key is in the lock, pin misalignment prevents the cylinder from turning.

When bumping a lock, the key is initially inserted into the keyway one notch (pin) short of full insertion. Bumping the key inward forces it deeper into the keyway. The specially designed teeth of the bump key transmit a slight impact force to all of the bottom pins in the lock. The key pins transmit this force to the driver pins; the key pins stay in place.[8] This physics action can be visualized by observing the same effect on the desktop toy: Newton's Cradle. Because the pin movements are highly elastic, the driver pins "jump" from the key pins for a fraction of a second, moving higher than the cylinder (shear line of the tumbler), then are pushed normally back by the spring to sit against the key pins once again. Even though this separation only lasts a split second, if a light rotational force is continuously applied to the key during the slight impact, the cylinder will turn during the short separation time of the key and driver pins, and the lock can be opened while the driver pins are elevated above the keyway. Lock bumping takes only an instant to open the lock. The lock is not damaged in any way. Certain clicking and vibrating tools designed for bumping can also be used. These allow for rapid repetition of bumping against locks that have advertised "bump proof" features. Only a rare few key-pin locks cannot be bumped.

A different tool with a similar principle of operation is a pick gun.

Countermeasures

High-quality locks may be more vulnerable to bumping unless they employ specific countermeasures. More precise manufacturing tolerances within the cylinder make bumping easier because the mechanical tolerances of the lock are smaller, which means there is less loss of force in other directions and mostly pins move more freely and smoothly. Locks made of hardened steel are more vulnerable because they are less prone to damage during the bumping process that might cause a cheaper lock to jam.

Locks having security pins (e.g. spool or mushroom pins)—even when combined with a regular tumbler mechanism—generally make bumping somewhat more difficult but not impossible.

Because a bump key must only have the same blank profile as the lock it is made to open, restricted or registered key profiles are not any safer from bumping. While the correct key blanks cannot be obtained legally without permission or registration with relevant locksmith associations, regular keys can be filed down to act as bumpkeys.

Locks that have trap pins that engage when a pin does not support them will jam a lock's cylinder. Another countermeasure is shallow drilling, in which one or more of the pin stacks is drilled slightly shallower than the others. If an attempt is made on a lock that has shallow drilled pin stacks, the bump key will be unable to bump the shallow drilled pins because they are too high for the bump key to engage.

Locks that only use programmable side bars and not top pins are bump proof. Bilock is an example of this technology. Many bump-resistant locks are available which can not be easily opened through the lock bumping method. Baldwin and Schlage are two brands that offer bump resistant locks.[9]

Time locks, combination locks, electronic locks, magnetic locks, and locks using rotating disks, such as disc tumbler locks, are inherently invulnerable to this attack, since their mechanism does not contain springs. However, some electronic locks feature a key backup that is susceptible to bumping. Warded locks are not vulnerable to bumping, but they are vulnerable to a similar attack called a skeleton key, which is also a filed-down key.

References

  1. ^ page 19 "High Security Mechanical Locks - An Encyclopaedic Reference" published by Graham W. Pulford 2007
  2. ^ The Lockdown: Locked, but not secure (Part I). Marc Weber Tobias; August 24, 2006
  3. ^ TOOOL (The Open Organization Of Lockpickers) website, retrieved February 12, 2007.
  4. ^ White paper (pdf) on lock bumping by TOOOL. Retrieved June 22, 2009.
  5. ^ http://img525.imageshack.us/img525/2736/bumpkeypatentpg1gk9.jpg
  6. ^ A detailed technical analysis of bumping (pdf) by Marc Weber Tobias. Retrieved February 12, 2007.
  7. ^ Bumping of Locks: Legal issues in the United States (pdf) by Marc Weber Tobias. Retrieved February 12, 2007.
  8. ^ What is Lock Bumping?
  9. ^ Bump Resistant Locks