At BIL 2012, I inter­viewed Eric Michel of the Col­lege of Lock­pick­ing, who showed me that most locks in the United States have an exploitable fault that is vul­ner­a­ble to lock picking.

You see, locks are rel­a­tively sim­ple devices. In the United States, we have what are called “pin-and-tumbler locks”.  They come in many dif­fer­ent shapes and sizes — key and lock, pad­lock, mor­tise cylin­der, dead­bolts, etc.  All locks dis­played have the same inter­nal mech­a­nism.  You have the body, which is the metal cylin­der hous­ing, and the plug — which is the rotat­ing inside piece. Inside the plug are drill holes, and on the front is the key­way.  The metal “juts” are sim­ply there to make sure the key fits the lock — con­trary to pop­u­lar belief, the shape of these juts doesn’t actu­ally turn the lock.  Here’s where it gets interesting:

If you turn a lock on its side, you will see stacks of pins.  Above the “key” pins are “dri­ver” pins, that sit between the plug and the body of the lock.  The dri­ver pins pre­vent the plug from rotat­ing.  The springs at the top are what keep the pins pushed into the plug, so that no mat­ter the ori­en­ta­tion, it will still oper­ate correctly.

For the man­u­fac­turer, it is very expen­sive to drill precision-machined holes.  Also, if any amount of dirt col­lects in one or more of the holes, they won’t fit the pins and the entire lock will not func­tion.  Man­u­fac­tur­ers under­stand this, so they pur­posely allow for a lit­tle bit of “slop” — that is, a mar­gin of error in the size and depth of the holes.  Because of this pro­duc­tion tech­nique, not all of the pins need to be push­ing to the side at all times — in real­ity, locks only have one or two pins that move — which cre­ates an exploitable position.

It’s kind of like Skyrim

Here are the tools you will need.

• Torque tool, which is basi­cally just a bent piece of metal in an L-shape.
• A short hook — again, a small, bent piece of straight metal with a tiny hook or tooth on the end to push up the pins.

To take advan­tage of the “exploitable con­di­tion”,  put the torque tool into the bot­tom of the lock.  Place your index fin­ger on torque tool to add pres­sure.  If your fin­ger is turn­ing white, you are press­ing too hard.  Hold the short hook like a pen­cil, and place it into lock as low as pos­si­ble by rid­ing it down on the torque tool.  Do not pre­ma­turely lift any pins that you dont want to lift, but feel if any pins are springy.  If the pin gives, that means you don’t have to worry about it because it isn’t block­ing the lock from rotat­ing.  In sequence, use your hook to find the pins that are bind­ing, and push it up. Presto.

Feel­ing ter­ri­fied at how sim­ple the entire process was, I asked a glar­ing ques­tion: Why are you guys teach­ing peo­ple how to pick locks?! 

Eric explained that there is noth­ing ille­gal about pick­ing locks, and that in the long run, it is actu­ally a good thing to edu­cate peo­ple about exploitable faults in any­thing so that man­u­fac­tur­ers can cor­rect the issues for greater secu­rity across the board.

Sim­i­lar to a hacker that finds holes in a website’s secu­rity, the Col­lege of Lock­pick­ing is not only spread­ing aware­ness, but a mes­sage: Lock­ing that door at night may put your mind at ease — but in this day and age, our minds are the keys.