Tweet
Many types of locks exists and this is a brief overview of some mechanical ones.
This is not an exhaustive list but may help you get an overview of what you may encounter
Even though some locks may have what we would consider design flaws, in general it is not possible to classify a lock as insecure just because of the lock type. Some cipher locks also has vulnerabilities that are easy to exploit. The quality and internal design features often comes into play meaning a 10 dollar lock will most likely only give you 10 dollars worth of protection. Some locks are harder to pick than others but if they have a design flaw the locking mechanism can sometimes be bypassed all together making picking the lock unnecessary. Unfortunately some locks are sold at a high price claiming to be very secure and may even come with the highest score on the scale present on the package. One issue with this is that the vendor may have created that scale and some vendors may overrate their own locks. It is next to impossible for the end user or organization to evaluate if there is any truth in the quality presented on the packaging and even insecure locks may appear solid and hardened.
It is worth mentioning that during a physical penetration test locks are rarely picked. Often a bypass may work, an access card has been copied, a window is open or a helpful employee may let you in if you pretend to be working at the target location. A thief will likely attempt to just break a window, enter the location in that manner and leave again within minutes. The danger with a bypass or a picked lock is the fact that you may not realize that an attacker has gained access to the location for a long time if there are no visible signs of a break-in. Also insurance issues may arise if there is no physical proof that a malicious person intentionally entered the building and took something and it may be hard to assess the damage or what information was stolen.
Some public standards for evaluating the security of a lock exists but not all vendors use these standards and unfortunately these standards only test for known vulnerabilities. This is an issue both for the vendors and for the end user or organization using any particular lock, especially if the lock contain new and untested features.
Please note that the mechanics of most of the mentioned lock types are very similar and the naming often comes from some special feature of a lock. For instance a dimple lock contains a pin stack consisting of a spring, a driver pin and a key pin, just as an ordinary pin tumbler lock, a tubular lock, a bi-lock etc. The name "dimple" comes from the dimples in the key.
This is not an exhaustive list but may help you get an overview of what you may encounter
- Ordinary Pin Tumbler Lock
- Wafer locks
- Dimple Locks
- Disk Detainer Locks
- Tubular Locks
- Warded Locks
- Bi-Locks
- Lever Locks
- Locks with a Magnetic Component
- Various High Security Locks
Even though some locks may have what we would consider design flaws, in general it is not possible to classify a lock as insecure just because of the lock type. Some cipher locks also has vulnerabilities that are easy to exploit. The quality and internal design features often comes into play meaning a 10 dollar lock will most likely only give you 10 dollars worth of protection. Some locks are harder to pick than others but if they have a design flaw the locking mechanism can sometimes be bypassed all together making picking the lock unnecessary. Unfortunately some locks are sold at a high price claiming to be very secure and may even come with the highest score on the scale present on the package. One issue with this is that the vendor may have created that scale and some vendors may overrate their own locks. It is next to impossible for the end user or organization to evaluate if there is any truth in the quality presented on the packaging and even insecure locks may appear solid and hardened.
It is worth mentioning that during a physical penetration test locks are rarely picked. Often a bypass may work, an access card has been copied, a window is open or a helpful employee may let you in if you pretend to be working at the target location. A thief will likely attempt to just break a window, enter the location in that manner and leave again within minutes. The danger with a bypass or a picked lock is the fact that you may not realize that an attacker has gained access to the location for a long time if there are no visible signs of a break-in. Also insurance issues may arise if there is no physical proof that a malicious person intentionally entered the building and took something and it may be hard to assess the damage or what information was stolen.
Some public standards for evaluating the security of a lock exists but not all vendors use these standards and unfortunately these standards only test for known vulnerabilities. This is an issue both for the vendors and for the end user or organization using any particular lock, especially if the lock contain new and untested features.
Please note that the mechanics of most of the mentioned lock types are very similar and the naming often comes from some special feature of a lock. For instance a dimple lock contains a pin stack consisting of a spring, a driver pin and a key pin, just as an ordinary pin tumbler lock, a tubular lock, a bi-lock etc. The name "dimple" comes from the dimples in the key.