[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us :: forum ]
[ :: sponsors :: past conferences :: conference kit (English) ]

Marc Weber Tobias (Investigative Attorney and Security Specialist)

Filed under: Main Page — Administrator @ 4:28 pm

Presentation Title: Opened in Ten Seconds: The Insecurity of Mechanical Locks
Presentation Abstract:

Mechanical locks are relied upon to protect almost everything including information and its processing infrastructure. Often, these devices are the first line of defense in a security system. This presentation will examine the real threats posed by two popular methods of attack: lock bumping and decoding of the top master key, together with measures that can be taken to prevent security breaches that can result from these techniques.

Marc Weber Tobias will first demonstrate how most locks can be easily defeated through a process known as bumping that requires little skill, few tools and no time. Even high security locks may be compromised with this technique, notwithstanding claims to the contrary by certain recognized manufacturers. Most access control systems also employ mechanical bypass cylinders in the event of electronic failure. These systems are most often not secure and in fact are vulnerable to “silent bypass,” meaning that no audit trail will exist as to an unauthorized entry. Bumping can result in a total breakdown of security within seconds.

Another critical vulnerability relating to master keyed environments will also be discussed. The speaker will describe how all locks within a facility that is master keyed may be compromised by the extrapolation of the top level master key. This practice can allow unrestricted access to any lock that is under the TMK. This issue was the subject of a detailed New York Times expose in which the speaker commented on the insecurity of mechanical locks and master key systems.

About Marc

Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He represents and consults with lock manufacturers, government agencies and corporations in the U.S. and overseas regarding the design and bypass of locks and security systems. He has authored five police textbooks, including Locks, Safes, and Security, which is recognized as the primary reference for law enforcement and security professionals worldwide. The second edition, a 1400 page two-volume work, is utilized by criminal investigators, crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition of his book is also available online. His website is security.org, Marc is a member of a number of professional security organizations, including the American Society of Industrial Security (ASIS), Association of Firearms and Tool Marks Examiners (AFTE), American Polygraph Association (APA) and American Association of Police Polygraphists (AAPP).

Marc was Chief of the Organized Crime Unit, Office of Attorney General in the State of South Dakota, and as such directed many criminal investigations. He also worked special investigations for the Office of Governor, State of South Dakota for sixteen years, and was responsible for conducting internal inquiries for the executive branch of government
and for the state prison system.

Marc has lectured extensively in the United States and Europe on physical security and certain aspects of criminal investigations and interrogation technique. He holds several patents involving the bypass of locks and security systems. Marc contributes a column to engadget.com and has been featured in many publications as well as radio and television stories around the world.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

UAE Telecommunications Regulatory Authority(TRA)

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Gold Sponsors

Microsoft Corporation

HP Middle East

Official Airline Partner

Official Airline Partner for HITB Crew

CTF Sponsor

Scan Associates

CTF Prize Sponsor

Scan Associates

Official Media Partner

Official Publications

Our Speakers Are Supported By:

Telspace Systems

Telecom Security Task Force - TSTF.net


F-Secure Corp

Mozilla Corporation

FMA-RMS (Singapore/Malaysia)

Official Hotel

Supporting Media:

InfoSec News

(ISN) InfoSec News


Xakep (Russia)

Insecure Magazine

PHRACK Magazine

Hakin9 Magazine

Supporting Organizations

ISECOM - Insititue for Security and Open Methodologies

IT Underground

X-Focus China

Zone-H Defacement Mirror

Xatrix Security