@@SylasG Its more blurred now with biometrics as "keys" but their more authorisation than keys, the definition of a key is actually: a small piece of shaped metal with incisions cut to fit the wards of a particular lock, which is inserted into a lock and turned to open or close it. -- In this case it is not a specific lock its unlocking, its a tool that can be used to open many but it wasnt intended for it that one. Sorry I kinda found it interesting cos we all use the word key but I guess it can technically mean what your saying.
@@baconwizard To be fair, most smart lock manufacturers are incompetent or apathetic enough to leave these low skill vulnerabilities and people who buy them would likely do so for the high tech factor without knowing about these basic security flaws. I've seen maybe one or two high tech locks designed to resist basic physical attacks and bypasses. On the other hand, lots of people still buy Master locks, so...
@@borttorbbq2556 They literally said the name in the comment, lmao. Iron Chef, but the Japanese version. It used to come on Food Network here in the US. Not sure how you'd find it nowadays, especially the Japanese version. Lol.
LPL is the most efficient youtuber. Dude has millions of subscribers, he's monetized and most of his videos are ridiculously short leaving him more time for family and content quality.
@@anonymousarmadillo6589 Less ad revenue from UA-cam. But im sure he has patreons and other revenue streams that benefit from the quality content that earn him a loyal fan base.
I have watched so much LPL that it has come to the point that I knew the vulnerability as soon as he said "spring-loaded locking lugs." Thank you LPL for teaching people who are not even lockpickers the simplest of vulnerabilities to avoid.
If you are a fan of LPL, and you've watched a few of his videos, you KNOW when you see a video that is 1:37 long, the lock being evaluated must be worse than useless.
Yeah, I was expecting the sledge hammer to come out. Maybe he should have done it again to prove it wasn't a fluke and thereby make the video a little over 2 minutes long so we'd think it might actually be worth something (the lock, not his video; his videos are always great).
Just once it would be nice to have a sixty second video that goes, Hi, I'm the lock picking lawyer, and today I have the unobtanium X-33. I tried a particle accelerator and nuclear explosives and you know what? Then I gave up. This may, for once, be a moderately acceptable lock. But no, not even for April the first.
i was a boy. they were 138 girls. can i make it any more obvious? thats right, i had a crazy dream last night. HAHAHAHAHA!!! im the funniest youtube star ever. youre welcome for laughing dear syn
Seems to me that as a lawyer he discovered why home burglaries where so common, and is trying to inform the public on how bad locks actually are so that manufactures have to step up their game to stay in business... Or he's trying to prevent criminals from getting caught.
It’s worth saying out loud that padlock shims can be made with scissors and a pop can, you don’t need to buy them (nothing against LPL’s shims, they’re very nice).
I get the sense he is motivated to feature his own products, which is understandable but also a little disappointing when he could be a little more creative showing just how absurdly easily some of these locks can be defeated with random items. Like the gun locks he defeated with a LEGO astronaut or a twig.
You don't even need scissors. If you are coordinated and have reasonably strong fingers, you can just fold and tear the can open, then tear the metal with your fingers to the right shape. I've shown people how several times, and they were amazed.
I think that failed on 2 bit encryption. Those 2 bits were bits of metal bent into shims, but it counts. 128 bit encryption is secure enough that it would make more sense to snip the lock than try bypassing it using software, but with such an easy hardware option, why bother.
I've broken a few of these - they usually do use AES128 to encrypt, but they use a static key, or a key that can be obtained through other means. I think I have a dog and bone lock somewhere. Time to look back through my files.
I never expected to see this lock on LPL's channel! Back in grad school many years ago, I used this exact lock to demonstrate a man-in-the-middle attack to intercept Bluetooth encryption keys. Avoid Bluetooth security devices for anything you really want maximum security!
hot take: actually avoid bluetooth for everything except music, data transfer speeds are abysmal, there’s a high failure rate and the lag on keyboards/pointing devices is enough to drive you mad
@@barley-pt Ironically, I did shim it a few times with a cut up soda can. The app was a bit finicky at times where a shim was just an easier and faster key.
I was wondering how he was gonna open it if it had no key at all, not even a backup. Then he mentioned it had springs and I thought "the fools forgot shims!"
Yup, same thought I had the second I heard springs. So sad everybody wants to get in the lock making game and not learn from the past because so few people care about even slowing down a thief.
It's amazing I have zero experience picking locks but watching LPL I now can pick up a lot of different lingo indicating bad lock design. Very educational channel I feel like I will make much better decisions buying locks from now on
Id love a playlist of recommended locks for different use cases. I know no lock is perfect, but a list of the most annoying locks to get around would be epic
This reminds me of a story where a guy was tasked with hacking into a remote computer with sophisticated encryption and firewalls and all that tech jazz, and instead he just walked into the building acting like he belonged there and unplugged said computer to take home. Security really is only as strong as the weakest link.
I worked with a guy in his 60's we weren't actually in construction but due to our job we wore boots and carried hardhats for when required. He told me how he found out Arnold Schwarzenegger was having a custom house built near a job he was on. He really wanted to have a look but noticed there was a security guard in a shack. So he devised a plan and put on his hardhat grabbed a clipboard and a pen and proceeded to walk right past the security guard giving him a hearty good morning and leaving the guard with the impression he was an inspector. He said he walked around for quite a while and no one asked him anything.
At my work we had to do all these security trainings and they stressed that physical security is often the weakest link. Even if you think it will make you look like an asshole, you need to strictly follow guidelines to prevent unwanted guests. That’s why many corporate headquarters are miniaturized fortresses now.
He is a lawyer by trade, so I think roasting people with a "professional" tone is much of his job. Especially if he is a patent lawyer as some have speculated, he would be one to explain in a civil, polite, and professional manner why an idea is stupid and shouldn't or can't be patented.
As soon as I saw that lock, my first thought was "He's gonna shim that, isn't he" Then you said it cost $70 and I'm like "OMG, for $70, is he really gonna be able to shim that thing. Yep. Unbelievable!?".
Yes you can hit against the shackle with a hammer to open it, there’s a BosnianBill video about this lock where he shims it and then he also opens it with a hammer.
companies that make "smart" locks make a lot of mistakes typical of the techie mindset, so focused on doing things in a high tech way that they forget there might be a simpler, low tech way to do things.
As a rule electronics make things a bit more expensive, because it is a few more production steps in there. If you add the term "smart", marketing will add a considerable markup to that price just because a product that is smarter than its customer ought to be expensive. None of that adds actual security or useful functionality to the original purpose of the product, ever.
That encryption sales point is playing fast and loose with the buzzwords in the hope that they _sound_ impressive, even if they're nothing special. In particular, "Advanced Encryption" is supposed to sound fancy and special, but it's just what AES stands for, which is a system that's existed for 20 years, and has been a standard part of Bluetooth for 10. Any bluetooth device, especially a security device, that _didn't_ support this would be laughable, it'd be doing... well... the digital equivalent of using spring-loaded locking lugs.
Speaking as someone who works in information security: anything that advertises itself as being secure because of a certain amount of 'bits' of encryption, is automatically suspicious and very likely insecure. It's a completely meaningless number by itself, and the only purpose of mentioning it is to make the numbers look big, they're basically the megapixels of cryptography. It's no surprise that that usually happens for products which can't prove themselves through _actual_ security.
Also building on this, in regards to security and encryption: "Military-Grade" encryption thru software. First, there is no such grading system. Second, if an asset is that important, there is a hardware component. So unless your selling me a piece of hardware that completely breaks itself if tampered with, I don't care about your "1 Billion-Bit Military-Grade Security System"
Certainly true, but at least they only used AES-128 together with what's hopefully P256 or X25519, instead of using an 256 bit symmetric key with an 256 bit elliptic curve key. But yes, the key length itself isn't a good security measure, and there are much more relevant information points like the mode used with AES that they're omitting.
@@tr_slimey6811 Ahemm did I hear "outside generated private key"..... Like that is not supposed to be even a thing in PKI. You mint/generate on device (any this expensive product has the money to pay for decent crypto processing unit and any decent crypto module has hardware key generator) private key and then send out public key/exchange public keys for two way authentication. Like yeah... soooo much wrong. That is pretty severe PKI 101 mistake. Plus 256 bit isn't even that long key. Not in "this is supposed to be dedicated security device" world. 2k and 4k keys aren't unheard of. So it is even bad at the "look at our big numbers" realm. Even on access side, say the phone shouldn't trust on the cloud generating it's access key to the device. Phone is perfectly capable of generating it's own key and then just sending the public key to the lock for reference. this not how any of this is supposed to work......
I would seriously support taking legal actions against that company for providing 'misleading information' or 'scamming people'. Unbelievable... Great job LPL!
Dog Bone brought a dull pencil to a gunfight. - Dog Bone represents an excellent example of how expertise and knowledge in one field (computer science) can blind one to their ignorance and incompetence in another (lock design and physical security). It's an example of the Dunning-Kruger effect, where one's ignorance of how ignorant he is produces unwarranted confidence.
You're making the assumption that they cared at all about quality rather than making fat profits by selling to suckers who are taken in my dumb hype like mY lOcK hAs 128-BiT eNcRyPtIoN.
I think you guys really misunderstand the process by which these locks are designed. They're not being designed to be the safest pick proof locks. They're being designed to have as small of a material cost as possible while attracting the average buyer. The average buyer knows nothing about picking locks and is way more likely to buy some flashy lock with some fancy feature than one that is truly secure. This was never designed to be pick proof
I find it immensely satisfying, and equally terrifying, that just from watching LPL videos someone can get an understanding of security vulnerabilities. When he said spring loaded locking lugs, I instantly though shims and got that satisfaction from being proved correct. But he said spring loaded locking lugs, and a random idiot, with 0 experience in designing, building, testing or identifying locks instantly saw the problem. That is terrifying.
And that was pretty much LPL's point on his presentation a while back on an Online Security Convention. These are all basic flaws that have been with the lock world for centuries instead of fixing and improving their designs they figured as long as no one knows how a lock works its secure! Which is insane as a design philosophy in any security field as we all know that this is no defence to an actual thief or any security threat as they will already know the vulnerabilities to begin with.
@@RocKM001 My father says "locks are only a defense against honest people and lazy thieves". They keep the random teenager, nosy neighbor, or impulsive junkie from idly rummaging through your stuff. Any serious thief will have bolt-cutters, lockpicks, or just wait until you're home and bash you on the head.
Don't know why it took until today for me to subscribe. I love the short format and detailed explanations but it was just watching you, do what you always do, and do well that made me push the button. Thanks for all the great content and tools!
$70 lock opened with a scrap soda can or a bolt cutter. Great job dog bone! Lpl thanks for showing us another junk lock. knowledge is power and I feel more powerful after watching each one of your videos.🤙👍💪
But a homosexual needs to know about non destructive methods. Otherwise their special rights are at risk. They worked hard with BLM to obtain those, they’ll be stupid to give up without s fight.
Notice: whenever any product is labeled as "smart" it's always the exact opposite. What I did find interesting is that this video had only been released for 9 minutes and had 977 views already. Truly a testament to the LPL'S brand and/or the existence of a huge amount of criminals.
LPL's brand has gone beyond the world of locks, that's how much influence he has. (A firearms channel done by an English bloke living and working in Switzerland with a French chap adjunct.)
If it actually had 128 bit worth of entropy for an ecryption algorithm, it couldn't be opened even with all the future supercomputers that can be manufactured on this plane until the heat death of the Sun. And I'd bet that the software part is not flawless either when the physical design had rookie mistakes like this.
I love LPL videos for giving consumers a heads up on new products that make claims that just dont live up to expectations , to the tune of 80 dollars . The Dog and Bone site shows these locks as out of stock . Two things happen from these types of videos , a lock company learns from their mistakes and makes a better product or go out of business with embarrassment thanks to the LPL ..
There is a REASON why you never see any more of him then his hands... If his face was ever seen, the Assassins would then know who to shoot... And just from how often he's embarrassed Masterlock alone, there ARE Assassins out there looking for him... 😄😁😆😅😂🤣
As soon as LPL said "completely keyless unit", my inner monologue went "He's gonna shim it". And then he shimmed it. Shimmy shimmy shame, Dog Bone. Will we ever get an electronic padlock that doesn't suck?
*Tech Enthusiasts:* "Everything in my house is wired to the Internet of Things! I control it all from my smartphone! My smart-house is bluetooth enabled and I can give it voice commands via alexa! I love the future!" *Programmers / Engineers:* "The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise."
I'm an embedded developer who works with Bluetooth among other things. I recently had to replace my 90s vintage Laserjet 4 with a 2000s black and white laser printer. This is going to sound like a conspiracy theory, but it's been 100% proven that numerous 2000s and later color printers leak identifying information via tiny yellow dots that are nearly invisible on white paper. I run a Linux PC, don't let my TV connect to the internet, and fully expect my Android smartphone to spy on me. I know I can trust the BT/USB speaker I personally worked on, because I know it doesn't have microphones, and I know from the system-level design that the drivers can't be used as microphones (that's also a real threat).
The smarter they are, the more vulnerable to the dumb attacks. Just goes to show that when you put all your efforts and faith in the 'smarts' of a lock, the greater the chance you've made a dumb one!
Same, no matter how much apple claim about security on their iphone, but in reality just need a link can made thousands of nude photo and videos leaked
I have heard that most smart locks have either a software vulnerability, or a hardware vulnerability, and smart locks which are secure in both areas are not very common
It's true. For electronics to open a lock, you need an actuator. And there lies the problem. If you use a solenoid, you are vulnerable to shimming because the solenoid drives spring loaded locking lugs directly, or a magnet attack where you use a powerful magnet to pull the solenoid in. You could try a motor driving a ball bearing locking lug, but you're vulnerable to a spinning magnet attack that uses magnets to spin the motor shaft.
You are so optimistic. Most locks advertised as _"smart"_ have multiple hardware and multiple software vulnerabilities. It only looks like one of each, because people stop looking after they find one.
Most smart anythings have multiple major software vulnerabilities. It's why very few computing professionals (outside of the soydev) have a smart-anything. EDIT: Smartphones are usually given a pass, because it's hard to get by without one now, but more open and private smartphones are being created.
@@angolin9352 agree. Also, many “smart” devices aren’t smart at all. At least, I think that being able to be controlled with a mobile phone doesn’t qualify a device as being “smart”. It’s the same old stuff, just with a very expensive remote.
LPL, I’ve been following you for awhile now, And I appreciate the work you do with showing us how to pick locks and selling the tools to do so, but I would love to see you join a lock company in helping make a very very secure affordable lock. Just my thought!
He did make a few videos of lock company sending him new design of lock or body for him to test out and send back some advice/ideas. And some did come up with a very good product. He also pointed out several times in videos that affordable lock can't be "taht secure" and it's expected that they have design flaws . There's also a few videos of him praising a lock for being both affordable and fairly secure while stating that some lock company know how to do it already the matter is just how much money can you spend while keeping a decent lock to sell to an affordable price. All in all , his expertise has already be employed for that and you can probably easily find a list of good affordable lock already. High end stuff is where expertise is required to come up with new technique and ideas and design but they always come up at a great cost. Innovation cost a ton.
Between the wedges and a few open end wrenches I guess I can now open 1/2 the locks I would encounter. My picking skills - not too good. I bought the Genesis set, but it doesn’t seem to work near as well as the one LPL kept for himself…
The Genesis set needs to be polished to achieve full effectiveness. Try using each pick to open a thousand locks, and their performance should improve greatly.
LPL: "... dogbone made some rookie mistake..." me :"is he just going to shim it open?" LPL: "... the use of spring loaded locking lugs..." me: "yeah he is just going to shim it open"
I swear this is a new type of ASMR. LPL, I could listen to you talk about locks all day long! Long-time subscriber here and have always loved your videos!
Most likely the designer didn't know about or plan for the shimming. And as LPL has addressed often, lock manufacturers don't like to have White Hats QA test their product. Though, this being a digital lock with digital encryption, one would think that the person designing it would at least reach out to any white hat assets for QA.
If you can get a look at the shackle... then yes. Notice how the cut outs on this shackle are angular and look more like a notch? That ALWAYS means spring loaded lugs. The better locks will have half moon cutouts. They will be a perfect radius of a circle, because ball-bearings are used instead. And when they are, there are no springs, the ball-bearings are held in place by a locking mechanism that forces them into place, so this attack will not work.
@@winstonwright3613 Even that is not a guarantee. More and more cheap locks are using ball bearings for the actual locking pawls (so they have the half-moon cutouts) but they are still spring loaded. The best way to tell is to push the shackle in. You should be able to feel the springs, and if you turn it upside down the springs should still keep it extended. Locks without springs will feel slightly more loose within the lock. That's not a guarantee though, not all locks without spring loaded shackles use the good ball bearing locking mechanism, some very cheap locks won't, but very few if any locks with the good mechanism will have spring loaded shackles, because you don't want to have to fight the spring pressure and actuate the key at the same time. So generally, if it is a more expensive lock, and the shackle is not spring loaded (not the locking pawls, the shackle itself) it uses the good locking mechanism. So if you shake it up and down lightly and you hear or see the shackle rattling, it's probably not spring loaded. Most disc locks, like you see on storage containers, are not spring loaded, but beyond that pretty much every lock you find at a hardware store will be spring loaded
@@XtreeM_FaiL A half moon cutout with spring loaded locking pals will pull open as easily as it can be snapped closed. Unless there's a fancy mechanism sensing a closed shackle and blocking further spring movement.
@@XtreeM_FaiL It may not actually be ball bearings but I have a Master Lock that has half moon cutouts even though you can push the lock shut with the key out. You can't pull it open so I'm not sure how they make it work, but they do exist.
All common Internet connections today, including the one you're watching this video over, are encrypted with either 128 or 256 bits, so generating a 256-bit key via the "Cloud" doesn't mean anything. Bluetooth is an authenticated protocol, so 128-bit encryption is also entirely normal and ubiquitous, even for products that make no security claims whatsoever. Buyers should never judge security by claims such as "256-bit encryption" as they tell you *nothing* about the security design of the product. There are known attacks against Bluetooth, especially older versions, and there are almost always app and device-specific flaws that are even easier to exploit. Brand reputation surely matters more than the meaningless advertising print, but what we really need is testing. LockPickingLawyer can test the physical security of key or combination locks, but testing the network security of smart locks is another can of worms entirely.
With respect to the encryption - the package is vague on what standard(s) are used. 128-bit AES is decent for the average consumer, but 256-bit would be better, since there are known attack vectors against AES. They're time-consuming, but possible.
@@_BangDroid_ True. But LPL did mention that he didn't know much about the encryption strength, I thought I would add clarification since that's an area of expertise of mine.
@@ZetaPyro For your average user, unless you're trying to desperately hide evidence of alien life in plain sight or something, there is basically no big difference between those 3 (except for calculation time, but PCs are fast enough that even that's negligible). Brute-forcing it is unfeasible as is, just make sure it's implemented correctly.
Why does it need to be encrypted anyway? It's a short-range Bluetooth device. Any encryption besides the standard Bluetooth encryption is really overkill. (Ok, Bluetooth doesn't require encryption - but as long as it's optional encryption is used.)
I'd love to see some sort of general "security theory" by LPL. I mean for example, a video where he talks about the general features that are necessary to achieve a secure lock, or perhaps, one summarizing the mistakes that should be avoided when designing a security system.
Devotees will know, but you can craft shims like this out of plastic really easily. A plastic water/soda/juice etc bottle and some scissors, even the pocket-sized kind that fit in a key tool (also sold at Covert Instruments, by the way) will get you past any shimmable lock for cheap and without needing to carry anything specialized or possibly suspicious
LPL, and my dog, say "Pass". Well... my dog actually mumbled something like, "cat lock"... Maybe these lock companies should buy out your stock at Covert Instruments? And begin building their locks from THAT perspective.
The single most secure "padlock" is a 12 side metric reverse thread bolt through the latch with a pair of 12 sided nuts jammed on each other as close to the hole as possible. _Nobody_ carries a pair of 12 side 18mm wrenches with them when skullduggering.
@@kasper_429 a) I didn't say "currency" but regardless b) read your own sentence back to yourself..... Talk about an oxymoron lol. "Cryptocurrencies has nothing to do with encryption" oh my I'm laughing so hard. How do do you think the entire Blockchain ledger, or a digital wallet is kept secure? and how to you think mining that currency is achieved??? And C) you've completely missed the built in irony of the joke that a marketing team making such a mistake wouldn't know that either.
I'm actually curious, here. You've said "spring-loaded locking lugs"; I'd be interested to see (or find the search terms for a look into a historical video from LPL) a comparison between the design and build of spring loaded vs the options that make it impossible to shim. How do we tell from outside the lock what the design is, so we can avoid purchasing something so easily defeatable?
As Thor Lancaster said, and there's also a handful of spring-loaded locks with shielded shackles. The shackle will have an extra bit of metal on each side that lock flush with the body to block shims from slipping in.
![[1483] Lockly’s Self-Randomizing Keypad Smart Lock](http://i.ytimg.com/vi/KMLyDx_ZAXs/mqdefault.jpg)
![[1483] Lockly’s Self-Randomizing Keypad Smart Lock](/img/tr.png)
![[1337] My New & Improved Robotic Safe-Cracker…](http://i.ytimg.com/vi/vkk-2QEUvuk/mqdefault.jpg)
![[1289] This Lock Is Indisputably “Pickproof”](http://i.ytimg.com/vi/qqL7wTu5IEk/mqdefault.jpg)
One thing they really did get right in the marketing of the lock: Keyless, can be opened without keys.
He used those two black keys to unlock it.
@@SylasG These are not keys
@@Erik.Andrade333 i’d argue that anything that opens a lock is a key.
@@SylasG Its more blurred now with biometrics as "keys" but their more authorisation than keys, the definition of a key is actually: a small piece of shaped metal with incisions cut to fit the wards of a particular lock, which is inserted into a lock and turned to open or close it. -- In this case it is not a specific lock its unlocking, its a tool that can be used to open many but it wasnt intended for it that one. Sorry I kinda found it interesting cos we all use the word key but I guess it can technically mean what your saying.
😂👏🏻
Whenever I see keyless locks I expect magnets. These guys made rookier mistakes than the others.
this is truly a keyless lock.
tech enthusiasts today really are the most alienated and detached people living. I'm not surprised.
@@Scorponox93 projecting?
@@baconwizard exactly what I was thinking.
@@baconwizard To be fair, most smart lock manufacturers are incompetent or apathetic enough to leave these low skill vulnerabilities and people who buy them would likely do so for the high tech factor without knowing about these basic security flaws. I've seen maybe one or two high tech locks designed to resist basic physical attacks and bypasses.
On the other hand, lots of people still buy Master locks, so...
how does LPl so thoroughly roast a company while still being so polite and civil? thanks again, LPL. another great vid.
His roasting politeness reminds me of the Japanese version of Iron Chef. The judges are oh-so-polite while savaging the dishes the chefs have made.
It's the second l
@@LadyAnuB I need to know the name of this show because I am so curious
@@borttorbbq2556 They literally said the name in the comment, lmao. Iron Chef, but the Japanese version. It used to come on Food Network here in the US. Not sure how you'd find it nowadays, especially the Japanese version. Lol.
He is a lawyer... They know how to insult in a polite way
LPL is the most efficient youtuber.
Dude has millions of subscribers, he's monetized and most of his videos are ridiculously short leaving him more time for family and content quality.
Short videos make less money tho
@@anonymousarmadillo6589 Less ad revenue from UA-cam. But im sure he has patreons and other revenue streams that benefit from the quality content that earn him a loyal fan base.
@@josesalgado2796 Yep 0:55 is a good example of this lol
Bootlicker
also he is an actual lawyer so he is not in total need for the ad revenue
I have watched so much LPL that it has come to the point that I knew the vulnerability as soon as he said "spring-loaded locking lugs." Thank you LPL for teaching people who are not even lockpickers the simplest of vulnerabilities to avoid.
If you are a fan of LPL, and you've watched a few of his videos, you KNOW when you see a video that is 1:37 long, the lock being evaluated must be worse than useless.
Masterlock takes this personally lol
Yeah, I was expecting the sledge hammer to come out. Maybe he should have done it again to prove it wasn't a fluke and thereby make the video a little over 2 minutes long so we'd think it might actually be worth something (the lock, not his video; his videos are always great).
SO true!
Just once it would be nice to have a sixty second video that goes, Hi, I'm the lock picking lawyer, and today I have the unobtanium X-33. I tried a particle accelerator and nuclear explosives and you know what? Then I gave up. This may, for once, be a moderately acceptable lock. But no, not even for April the first.
I thought exactly the same.
At this point I'm convinced the most important reason LPL started this channel is so people can send him interesting locks
i was a boy. they were 138 girls. can i make it any more obvious? thats right, i had a crazy dream last night. HAHAHAHAHA!!! im the funniest youtube star ever. youre welcome for laughing dear syn
@@AxxLAfriku snack off
OF COURSE!
Seems to me that as a lawyer he discovered why home burglaries where so common, and is trying to inform the public on how bad locks actually are so that manufactures have to step up their game to stay in business...
Or he's trying to prevent criminals from getting caught.
Damm
"Beyond inexcusable" The two most hated words in the lock making community.
most feared*
@@faithful451 Most feared and most hated, those two words are: Lockpicking Lawyer
Right above "custom pick that Bosnian Bill and I made"
Honestly it's the last thing marketing wants to hear about the product in a video that will show up high when searching for there product
Egregious design-flaw.
It’s worth saying out loud that padlock shims can be made with scissors and a pop can, you don’t need to buy them (nothing against LPL’s shims, they’re very nice).
I was expecting him to that method , but to be fair he has done method in other videos
I get the sense he is motivated to feature his own products, which is understandable but also a little disappointing when he could be a little more creative showing just how absurdly easily some of these locks can be defeated with random items. Like the gun locks he defeated with a LEGO astronaut or a twig.
I guess if you are shimming a lot of padlocks like LPL, you want a long lasting tool
@@quillmaurer6563 But the thing is, he has mentioned and shown in the past exactly what the top comment of this thread said.
You don't even need scissors. If you are coordinated and have reasonably strong fingers, you can just fold and tear the can open, then tear the metal with your fingers to the right shape. I've shown people how several times, and they were amazed.
LPL: “… beyond inexcusable”
Master Lock: “at last there is someone worse than us. Guys take the rest of the day off!”
I think that failed on 2 bit encryption. Those 2 bits were bits of metal bent into shims, but it counts.
128 bit encryption is secure enough that it would make more sense to snip the lock than try bypassing it using software, but with such an easy hardware option, why bother.
Like anyone would ever try to read the microprocessor, let alone try decrypt it as an attack method!
looks like a brute force attack will have it open in a couple hits, too.
I've broken a few of these - they usually do use AES128 to encrypt, but they use a static key, or a key that can be obtained through other means. I think I have a dog and bone lock somewhere. Time to look back through my files.
Your password can use any transport security you want, if it's 12345 brute force will work. fast.
@@noahluppe also if the length of the message is short there are considerably less combinations to try than 2 to the power of 128...
I never expected to see this lock on LPL's channel! Back in grad school many years ago, I used this exact lock to demonstrate a man-in-the-middle attack to intercept Bluetooth encryption keys. Avoid Bluetooth security devices for anything you really want maximum security!
All that work and you could have just used 2-bit attack , 2bits of metal
hot take: actually avoid bluetooth for everything except music, data transfer speeds are abysmal, there’s a high failure rate and the lag on keyboards/pointing devices is enough to drive you mad
@@barley-pt Ironically, I did shim it a few times with a cut up soda can. The app was a bit finicky at times where a shim was just an easier and faster key.
Do you do the mitm at pairing time or even after pairing?
Do you have a video on it?
I was wondering how he was gonna open it if it had no key at all, not even a backup. Then he mentioned it had springs and I thought "the fools forgot shims!"
That or a soft hammer...
The shims are the (unintended) backup
Yup, same thought I had the second I heard springs. So sad everybody wants to get in the lock making game and not learn from the past because so few people care about even slowing down a thief.
Shims, hammer, magnets, exposed electronics or exposed actuator cables are the most common weaknesses I think.
It's amazing I have zero experience picking locks but watching LPL I now can pick up a lot of different lingo indicating bad lock design. Very educational channel I feel like I will make much better decisions buying locks from now on
You’re so efficient. Delightful to watch.
Id love a playlist of recommended locks for different use cases. I know no lock is perfect, but a list of the most annoying locks to get around would be epic
Starting with this one, it's for when you want to advertise free stuff for the taking.
This reminds me of a story where a guy was tasked with hacking into a remote computer with sophisticated encryption and firewalls and all that tech jazz, and instead he just walked into the building acting like he belonged there and unplugged said computer to take home. Security really is only as strong as the weakest link.
I worked with a guy in his 60's we weren't actually in construction but due to our job we wore boots and carried hardhats for when required.
He told me how he found out Arnold Schwarzenegger was having a custom house built near a job he was on.
He really wanted to have a look but noticed there was a security guard in a shack.
So he devised a plan and put on his hardhat grabbed a clipboard and a pen and proceeded to walk right past the security guard giving him a hearty good morning and leaving the guard with the impression he was an inspector.
He said he walked around for quite a while and no one asked him anything.
Hello today on The LPL channel today we're going to break into Fort Knox with nothing more but a couple thermonuclear warheads.
A ladder is a skeleton key to get people to even hold the door for you while you walk into places you shouldn't be.
At my work we had to do all these security trainings and they stressed that physical security is often the weakest link. Even if you think it will make you look like an asshole, you need to strictly follow guidelines to prevent unwanted guests. That’s why many corporate headquarters are miniaturized fortresses now.
@@TchaikovskyFDR That would more be his wife's technique actually.
"Beyond inexcusable". He's SO polite!!!
That’s insane. $70 for a lock that takes 7 seconds to open.
And with no more skill than being able to cut a coke can to the right shape
so $10 per second security - brilliant marketing!
LPL should totally introduce a dollar/second metric to compare your bang for buck on these locks =D
If he hadn't been talking and demonstrating for us it would have probably taken half as long.
Considering you know how to do it
I love your vids. This one is hysterical.
It’s a rare sight to see someone who can so utter roast an abysmal lock like this one while remaining totally civil and polite the entire time.
He is a lawyer by trade, so I think roasting people with a "professional" tone is much of his job. Especially if he is a patent lawyer as some have speculated, he would be one to explain in a civil, polite, and professional manner why an idea is stupid and shouldn't or can't be patented.
@@quillmaurer6563 good point
As soon as I saw that lock, my first thought was "He's gonna shim that, isn't he" Then you said it cost $70 and I'm like "OMG, for $70, is he really gonna be able to shim that thing. Yep. Unbelievable!?".
I expected a magnet or his rubber mallet.
There was a smart door lock with a similar vulnerability on this channel. So, just as expected.
Yes you can hit against the shackle with a hammer to open it, there’s a BosnianBill video about this lock where he shims it and then he also opens it with a hammer.
companies that make "smart" locks make a lot of mistakes typical of the techie mindset, so focused on doing things in a high tech way that they forget there might be a simpler, low tech way to do things.
As a rule electronics make things a bit more expensive, because it is a few more production steps in there. If you add the term "smart", marketing will add a considerable markup to that price just because a product that is smarter than its customer ought to be expensive. None of that adds actual security or useful functionality to the original purpose of the product, ever.
Dogbone: the Masterlock for the next generation.
At least Master Lock has the courtesy to sold at a very much lower price point
throw it to the dog to chew on... it would be kinder than LPL's comments
@@billsee476 😅
With a nick nack paddy wack
Don’t forget you can make these shims yourself out of plastic or aluminum can.
Gotta love LPL's Red Bull Can series!
That encryption sales point is playing fast and loose with the buzzwords in the hope that they _sound_ impressive, even if they're nothing special. In particular, "Advanced Encryption" is supposed to sound fancy and special, but it's just what AES stands for, which is a system that's existed for 20 years, and has been a standard part of Bluetooth for 10. Any bluetooth device, especially a security device, that _didn't_ support this would be laughable, it'd be doing... well... the digital equivalent of using spring-loaded locking lugs.
but don't forget, it has a "CLOUD GENERATED" 256-bit key! LOLLL
I've learnt so much from LPL. Whoever you are, thank you. This was a highly satisfying watch.
Lock Company: We built an impenetrable wall! You'll never get in!
LPL: I will now take 3 steps to the right and walk around the wall...
Bruce Willis did that in "RED" when breaking into the super secret, basement, vault.........
Like having a super secure gate with no fence attached to it.
Maginot Moment
@@chompythebeast Beat me to it by 6 hours... well played, sir.
Speaking as someone who works in information security: anything that advertises itself as being secure because of a certain amount of 'bits' of encryption, is automatically suspicious and very likely insecure. It's a completely meaningless number by itself, and the only purpose of mentioning it is to make the numbers look big, they're basically the megapixels of cryptography. It's no surprise that that usually happens for products which can't prove themselves through _actual_ security.
Building on this, notice the "256bit cloud-generated private key" part of that point on the back of the box. There is so much wrong with this crap!
Also building on this, in regards to security and encryption: "Military-Grade" encryption thru software. First, there is no such grading system. Second, if an asset is that important, there is a hardware component. So unless your selling me a piece of hardware that completely breaks itself if tampered with, I don't care about your "1 Billion-Bit Military-Grade Security System"
Certainly true, but at least they only used AES-128 together with what's hopefully P256 or X25519, instead of using an 256 bit symmetric key with an 256 bit elliptic curve key.
But yes, the key length itself isn't a good security measure, and there are much more relevant information points like the mode used with AES that they're omitting.
@@tr_slimey6811 Ahemm did I hear "outside generated private key"..... Like that is not supposed to be even a thing in PKI. You mint/generate on device (any this expensive product has the money to pay for decent crypto processing unit and any decent crypto module has hardware key generator) private key and then send out public key/exchange public keys for two way authentication.
Like yeah... soooo much wrong. That is pretty severe PKI 101 mistake. Plus 256 bit isn't even that long key. Not in "this is supposed to be dedicated security device" world. 2k and 4k keys aren't unheard of. So it is even bad at the "look at our big numbers" realm.
Even on access side, say the phone shouldn't trust on the cloud generating it's access key to the device. Phone is perfectly capable of generating it's own key and then just sending the public key to the lock for reference.
this not how any of this is supposed to work......
128 bits means, like, 2^128 possible combinations, right?
I miss when he made shims out of Red Bull cans and a pair of scissors.
Well he doesn't sell red bull cans.
@@alexviau6950 I kinda figured that was the reason.
That shim technique was awesome. I agree with you for the price point it’s embarrassing that lock can be opened that easily.
I would seriously support taking legal actions against that company for providing 'misleading information' or 'scamming people'. Unbelievable... Great job LPL!
If I owned that lock that's exactly how I would open it, seems a lot easier than any other way
Dog Bone brought a dull pencil to a gunfight. - Dog Bone represents an excellent example of how expertise and knowledge in one field (computer science) can blind one to their ignorance and incompetence in another (lock design and physical security). It's an example of the Dunning-Kruger effect, where one's ignorance of how ignorant he is produces unwarranted confidence.
You're making the assumption that they cared at all about quality rather than making fat profits by selling to suckers who are taken in my dumb hype like mY lOcK hAs 128-BiT eNcRyPtIoN.
128-Bit encryption is pretty weak, I doubt they have any expertise in CS either.
I think you guys really misunderstand the process by which these locks are designed. They're not being designed to be the safest pick proof locks. They're being designed to have as small of a material cost as possible while attracting the average buyer. The average buyer knows nothing about picking locks and is way more likely to buy some flashy lock with some fancy feature than one that is truly secure. This was never designed to be pick proof
Well said! Because you are “smart” in one field doesn’t necessarily mean you aren’t the equivalent of a cow standing with a herd in another pasture.
@@gosperalex2772 I give people the benefit of the doubt. That keeps me from becoming over-confident in my judgments regarding others.
I find it immensely satisfying, and equally terrifying, that just from watching LPL videos someone can get an understanding of security vulnerabilities.
When he said spring loaded locking lugs, I instantly though shims and got that satisfaction from being proved correct.
But he said spring loaded locking lugs, and a random idiot, with 0 experience in designing, building, testing or identifying locks instantly saw the problem. That is terrifying.
Even spring loaded lugs can be safe against shimming, if you just think a minute about the geometry.
And that was pretty much LPL's point on his presentation a while back on an Online Security Convention. These are all basic flaws that have been with the lock world for centuries instead of fixing and improving their designs they figured as long as no one knows how a lock works its secure!
Which is insane as a design philosophy in any security field as we all know that this is no defence to an actual thief or any security threat as they will already know the vulnerabilities to begin with.
Watch the video from the pen testers, can't remember the name but wow, eye opening. The only real security is you standing at every location at once!
@@RocKM001 My father says "locks are only a defense against honest people and lazy thieves". They keep the random teenager, nosy neighbor, or impulsive junkie from idly rummaging through your stuff. Any serious thief will have bolt-cutters, lockpicks, or just wait until you're home and bash you on the head.
you could just rap it open to
Don't know why it took until today for me to subscribe. I love the short format and detailed explanations but it was just watching you, do what you always do, and do well that made me push the button. Thanks for all the great content and tools!
These are immensely enjoyable videos. Thank you.
LPL only did it once, must've been a fluke...
I think we all know by now that it's never a fluke 🙃
Fluke check is usually for raking and the like
Definitely
He's just so disgusted with this lock he didn't want to touch it anymore!
100% fluke
Interesting how much for the tools i need a new bik- *ahem* i mean i need to know what is a secure lock to lock my bike up
I didnt understand anything you said loll
Ah yes, tool-less/minimum tooling for *evaluating* lock product
Translate says if I want a new bike it wouldn’t cost much in tools to get one for free then lock it up with something more secure
$70 lock opened with a scrap soda can or a bolt cutter. Great job dog bone! Lpl thanks for showing us another junk lock. knowledge is power and I feel more powerful after watching each one of your videos.🤙👍💪
But a homosexual needs to know about non destructive methods. Otherwise their special rights are at risk.
They worked hard with BLM to obtain those, they’ll be stupid to give up without s fight.
You are doing consumers a great service. Thank you.
This channel is a service to us all. Thank you.
Notice: whenever any product is labeled as "smart" it's always the exact opposite.
What I did find interesting is that this video had only been released for 9 minutes and had 977 views already. Truly a testament to the LPL'S brand and/or the existence of a huge amount of criminals.
We're at 20 minutes and 11,000 views
He has just under 4M subscribers now...
LPL's brand has gone beyond the world of locks, that's how much influence he has. (A firearms channel done by an English bloke living and working in Switzerland with a French chap adjunct.)
Well "Smart" is just another Word for "Fast to open without any Key" which they didn't lied about, as we can see!
@@jamesimmo and counting.
Dog Bone: "It will take a supercomputer to open this lock!"
Some guy with a pair of thin metals:
Lol, exactly. Basically a soda can to open this thing.
A beer can and a pair of scissors will make suitable shims in a minute.
My vise grips could probably cut the shackle.
Ironically an actual dog bone would be more secure.
If it actually had 128 bit worth of entropy for an ecryption algorithm, it couldn't be opened even with all the future supercomputers that can be manufactured on this plane until the heat death of the Sun.
And I'd bet that the software part is not flawless either when the physical design had rookie mistakes like this.
I love LPL videos for giving consumers a heads up on new products that make claims that just dont live up to expectations , to the tune of 80 dollars . The Dog and Bone site shows these locks as out of stock . Two things happen from these types of videos , a lock company learns from their mistakes and makes a better product or go out of business with embarrassment thanks to the LPL ..
It looks like there is an ampersand between the words Dog and Bone, making it "Dog AND Bone" Nice work, keep 'em coming!
Man, Amazon lock sellers must really love the LPL. 😂
Keep up the great work!
There is a REASON why you never see any more of him then his hands...
If his face was ever seen, the Assassins would then know who to shoot...
And just from how often he's embarrassed Masterlock alone, there ARE Assassins out there looking for him...
😄😁😆😅😂🤣
when he started describing it, I knew what he was going to bring out and cheered he brought the tool out
I thought he was going to use a magnet to actuate the relay.
@@dand5829 I had 3 possible options: magnet, shims, PU mallet. I wouldn't be surprised if all these options work.
@@andreasbergauer3106 all possible, but the shim was the most basic. That made it even more critical how "as good as it's weakest link" statement is
As soon as LPL said "completely keyless unit", my inner monologue went "He's gonna shim it". And then he shimmed it.
Shimmy shimmy shame, Dog Bone. Will we ever get an electronic padlock that doesn't suck?
No. No we will not.
*Tech Enthusiasts:* "Everything in my house is wired to the Internet of Things! I control it all from my smartphone! My smart-house is bluetooth enabled and I can give it voice commands via alexa! I love the future!"
*Programmers / Engineers:* "The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise."
nailed it
I'm an embedded developer who works with Bluetooth among other things. I recently had to replace my 90s vintage Laserjet 4 with a 2000s black and white laser printer. This is going to sound like a conspiracy theory, but it's been 100% proven that numerous 2000s and later color printers leak identifying information via tiny yellow dots that are nearly invisible on white paper. I run a Linux PC, don't let my TV connect to the internet, and fully expect my Android smartphone to spy on me. I know I can trust the BT/USB speaker I personally worked on, because I know it doesn't have microphones, and I know from the system-level design that the drivers can't be used as microphones (that's also a real threat).
Pull a tooth and try to activate the voice activated stuff lol
Old meme you borrowed.. Good though. No thumbs, sry
Gun is too advanced technology. Stick with the engineer's old favorite friend, the hammer!
For a second, i thought he'd use the double wrench method
Brutally honest an straightforward as always lpl
Why I'm always waiting for a voice over from Ave :) "I got a Treat e special for you today"
Keep your lock in a vice!
How many examples do we need before people begin to realise that any product with the word "smart" in it's name, is anything but smart?
The smarter they are, the more vulnerable to the dumb attacks. Just goes to show that when you put all your efforts and faith in the 'smarts' of a lock, the greater the chance you've made a dumb one!
I'll never forget when Samsung recommended anti-virus for their Smart TV's
Same, no matter how much apple claim about security on their iphone, but in reality just need a link can made thousands of nude photo and videos leaked
The fact that "Smartwater" is a viable product means that the answer to your question is "all of them."
@@jakerichter8366 lol, true.
I have heard that most smart locks have either a software vulnerability, or a hardware vulnerability, and smart locks which are secure in both areas are not very common
It's true. For electronics to open a lock, you need an actuator. And there lies the problem. If you use a solenoid, you are vulnerable to shimming because the solenoid drives spring loaded locking lugs directly, or a magnet attack where you use a powerful magnet to pull the solenoid in. You could try a motor driving a ball bearing locking lug, but you're vulnerable to a spinning magnet attack that uses magnets to spin the motor shaft.
You are so optimistic. Most locks advertised as _"smart"_ have multiple hardware and multiple software vulnerabilities.
It only looks like one of each, because people stop looking after they find one.
Most smart anythings have multiple major software vulnerabilities. It's why very few computing professionals (outside of the soydev) have a smart-anything.
EDIT: Smartphones are usually given a pass, because it's hard to get by without one now, but more open and private smartphones are being created.
@@angolin9352 agree. Also, many “smart” devices aren’t smart at all. At least, I think that being able to be controlled with a mobile phone doesn’t qualify a device as being “smart”. It’s the same old stuff, just with a very expensive remote.
As an ex IT security professional i would never use anything "internet of shits" in my network
After watching this channel for some time now I knew how he would open it even before I started the video.
Ahh Goose Creek whats up! I'm over in North Chuck!
LPL, I’ve been following you for awhile now, And I appreciate the work you do with showing us how to pick locks and selling the tools to do so, but I would love to see you join a lock company in helping make a very very secure affordable lock. Just my thought!
He did make a few videos of lock company sending him new design of lock or body for him to test out and send back some advice/ideas. And some did come up with a very good product. He also pointed out several times in videos that affordable lock can't be "taht secure" and it's expected that they have design flaws . There's also a few videos of him praising a lock for being both affordable and fairly secure while stating that some lock company know how to do it already the matter is just how much money can you spend while keeping a decent lock to sell to an affordable price.
All in all , his expertise has already be employed for that and you can probably easily find a list of good affordable lock already. High end stuff is where expertise is required to come up with new technique and ideas and design but they always come up at a great cost. Innovation cost a ton.
Between the wedges and a few open end wrenches I guess I can now open 1/2 the locks I would encounter. My picking skills - not too good. I bought the Genesis set, but it doesn’t seem to work near as well as the one LPL kept for himself…
The Genesis set needs to be polished to achieve full effectiveness. Try using each pick to open a thousand locks, and their performance should improve greatly.
LPL: "... dogbone made some rookie mistake..."
me :"is he just going to shim it open?"
LPL: "... the use of spring loaded locking lugs..."
me: "yeah he is just going to shim it open"
That was my thought exactly when he said "spring-loaded." We both passed the middle school lockpicking quiz on this. 😅
Yup. Yup, yup, yup, yup. I believe every regular viewer saw that coming from far far away. Inexcusable at this price point.
I've watched and loved LPL for a couple years now, coincidentally I haven't felt safe in my own home for a couple years now
You are the best. I guess it just goes to show the problems when people think rather than know.
They should write "Blockchain-secured" on the package. I can't imagine how it can be applied on padlocks, but sounds definitely cool!
hahhaaaha yesss!! Blockchain-enabled kitchen faucets are next
"Lock up your blockchains with Dogbone."
Blockchains are only as strong as their weakest blocklink, and they require more power than a city block.
You will need to wait 10 minutes for the lock to open.
"Blockchain secured. Every time you use this lock emits more CO2 than driving 100 miles. And probably takes longer."
Shims 🤣 This lock will no longer be sold world wide 🤣🤣🤣
I swear this is a new type of ASMR. LPL, I could listen to you talk about locks all day long! Long-time subscriber here and have always loved your videos!
Like Bob Ross! I would love to hear LPL talk in the same tone as him!
I love how you can tell the quality of the lock simply by looking at the length of the video.
The fastest burn I've ever seen
Customer: So then, LPL, which locks should be avoided?
LPL: Yes.
70$ for a "encrypted" lock that can be bypassed in 5 seconds? That is a scam...
If there is "crypto" involved, it usually is a scam...
Most likely the designer didn't know about or plan for the shimming. And as LPL has addressed often, lock manufacturers don't like to have White Hats QA test their product.
Though, this being a digital lock with digital encryption, one would think that the person designing it would at least reach out to any white hat assets for QA.
I mean it's technically pick proof
And the flimsy shackle could be cut with no effort.
The problem is, it's not using enough encryption.
is there a way to quickly recognize spring-loaded locking lugs, like shaking the lock, or pulling the shackle?
for example prior to buying one.
If you can get a look at the shackle... then yes. Notice how the cut outs on this shackle are angular and look more like a notch? That ALWAYS means spring loaded lugs. The better locks will have half moon cutouts. They will be a perfect radius of a circle, because ball-bearings are used instead. And when they are, there are no springs, the ball-bearings are held in place by a locking mechanism that forces them into place, so this attack will not work.
@@winstonwright3613 Even that is not a guarantee. More and more cheap locks are using ball bearings for the actual locking pawls (so they have the half-moon cutouts) but they are still spring loaded.
The best way to tell is to push the shackle in. You should be able to feel the springs, and if you turn it upside down the springs should still keep it extended. Locks without springs will feel slightly more loose within the lock. That's not a guarantee though, not all locks without spring loaded shackles use the good ball bearing locking mechanism, some very cheap locks won't, but very few if any locks with the good mechanism will have spring loaded shackles, because you don't want to have to fight the spring pressure and actuate the key at the same time. So generally, if it is a more expensive lock, and the shackle is not spring loaded (not the locking pawls, the shackle itself) it uses the good locking mechanism. So if you shake it up and down lightly and you hear or see the shackle rattling, it's probably not spring loaded. Most disc locks, like you see on storage containers, are not spring loaded, but beyond that pretty much every lock you find at a hardware store will be spring loaded
@@richardmillhousenixon I have never heard spring loaded ball bearing mechanisms. You can pull it open.
@@XtreeM_FaiL A half moon cutout with spring loaded locking pals will pull open as easily as it can be snapped closed. Unless there's a fancy mechanism sensing a closed shackle and blocking further spring movement.
@@XtreeM_FaiL It may not actually be ball bearings but I have a Master Lock that has half moon cutouts even though you can push the lock shut with the key out. You can't pull it open so I'm not sure how they make it work, but they do exist.
Did this with the skin off the outside of a AA one time. Really cool to see it done. Thanks.
I'm glad channels like this exist. The entire lock industry needs a clean up
All common Internet connections today, including the one you're watching this video over, are encrypted with either 128 or 256 bits, so generating a 256-bit key via the "Cloud" doesn't mean anything.
Bluetooth is an authenticated protocol, so 128-bit encryption is also entirely normal and ubiquitous, even for products that make no security claims whatsoever.
Buyers should never judge security by claims such as "256-bit encryption" as they tell you *nothing* about the security design of the product. There are known attacks against Bluetooth, especially older versions, and there are almost always app and device-specific flaws that are even easier to exploit.
Brand reputation surely matters more than the meaningless advertising print, but what we really need is testing. LockPickingLawyer can test the physical security of key or combination locks, but testing the network security of smart locks is another can of worms entirely.
Did you even watch the video?
I've only subbed a week ago, but I can confidently say that LPL is the most SAVAGE dude on UA-cam
Wait until Feb 14th…. A whole new side is revealed….
(smirk) Except for maybe ... Adam Savage himself.
With respect to the encryption - the package is vague on what standard(s) are used. 128-bit AES is decent for the average consumer, but 256-bit would be better, since there are known attack vectors against AES. They're time-consuming, but possible.
Like anyone is ever going to try and read the microprocessor let alone decrypt the data as an attack method.
@@_BangDroid_ True. But LPL did mention that he didn't know much about the encryption strength, I thought I would add clarification since that's an area of expertise of mine.
There are not yet any known practical attacks on AES-128. AES-192 and AES-256 are stronger yes, but AES-128 is still very much strong enough too.
@@ZetaPyro For your average user, unless you're trying to desperately hide evidence of alien life in plain sight or something, there is basically no big difference between those 3 (except for calculation time, but PCs are fast enough that even that's negligible). Brute-forcing it is unfeasible as is, just make sure it's implemented correctly.
Why does it need to be encrypted anyway? It's a short-range Bluetooth device. Any encryption besides the standard Bluetooth encryption is really overkill. (Ok, Bluetooth doesn't require encryption - but as long as it's optional encryption is used.)
Wow, I wasn’t expecting shims! 🤦♂️ Great stuff man as always!!
I nearly spit my water across the room, that was beyond simple, and so quick.
I'd love to see some sort of general "security theory" by LPL. I mean for example, a video where he talks about the general features that are necessary to achieve a secure lock, or perhaps, one summarizing the mistakes that should be avoided when designing a security system.
make your own lock and see if others can lockpick it
well that's more a job for some engineer like stuff made here, but with a cooperation with the LPL... Oh this already happended :D
@@Yanni_X Stuff Made Here has indicated there will be a 'round two' at some point. So technically that's not over.
Dog Bone: 256-bit encryption is unbeatable.
LPL: Pulls out 2 shims.
LPL: Dog Bone needs two more bits of information ....
Hope everyone sold their Dog Bone Lock stock before this video aired...
Devotees will know, but you can craft shims like this out of plastic really easily. A plastic water/soda/juice etc bottle and some scissors, even the pocket-sized kind that fit in a key tool (also sold at Covert Instruments, by the way) will get you past any shimmable lock for cheap and without needing to carry anything specialized or possibly suspicious
Hahaha
So much for all the digital shenanigans if their mechanical design is trash
Unfortunately very common these days.
LPL, and my dog, say "Pass". Well... my dog actually mumbled something like, "cat lock"...
Maybe these lock companies should buy out your stock at Covert Instruments? And begin building their locks from THAT perspective.
i bet even my cat could shim that open
Curious if anyone as seen a USB powered smart lock that requires a coded USB thumb drive to open it?
I really enjoy this channel. 👍
Goose Creek.... I lived there temporarily to help my brother when he was in the Navy.
The single most secure "padlock" is a 12 side metric reverse thread bolt through the latch with a pair of 12 sided nuts jammed on each other as close to the hole as possible. _Nobody_ carries a pair of 12 side 18mm wrenches with them when skullduggering.
"hey crypto is a trending keyword let's make a lock" was the entire design brief for this product I guarantee it.
except it was made in 2014-15
Except cryptocurrency has nothing at all to do with encryption. Lol...
@@kasper_429 a) I didn't say "currency" but regardless b) read your own sentence back to yourself..... Talk about an oxymoron lol.
"Cryptocurrencies has nothing to do with encryption" oh my I'm laughing so hard.
How do do you think the entire Blockchain ledger, or a digital wallet is kept secure? and how to you think mining that currency is achieved???
And C) you've completely missed the built in irony of the joke that a marketing team making such a mistake wouldn't know that either.
@@ielwa bitcoin is over 10 years old.
ooh i thought we were talking about "trending keywords" didnt know it was trending 8 years ago.
Hey Lawyer Dude, do you have tips for the ideal way of transporting your legal documents? Or are you happy to take them In Any Case?
He throws the most amazingly casual shade.
"Beyond inexcusable" - a big hammer, delivered politely, from LPL. (I agree w/ him for sure)
*HE’S NOT EVEN PICKING THE LOCKS ANYMORE*
*LPL CANNOT BE STOPPED!*
👏
I'm actually curious, here. You've said "spring-loaded locking lugs"; I'd be interested to see (or find the search terms for a look into a historical video from LPL) a comparison between the design and build of spring loaded vs the options that make it impossible to shim. How do we tell from outside the lock what the design is, so we can avoid purchasing something so easily defeatable?
A lot of locks with ball bearing mechanisms make it a main point of their advertising.
As Thor Lancaster said, and there's also a handful of spring-loaded locks with shielded shackles. The shackle will have an extra bit of metal on each side that lock flush with the body to block shims from slipping in.
I'm curious: Has LPL ever found a lock he can't defeat in seconds?
yep
Yes
Bowley Lock. As far as I'm aware that lock has never even been defeated by him.
There's a few locks that he doesn't even try to pick
@@BunjiKugashira42 I was ready to say that when I saw your comment.
this one is my new favorite!
Well that was fast! I expected him trying to open the lock throughout the entire video.
The lock brand is actually Dog & Bone - a rare slip in the keen accuracy of content on this channel.
You know how good the lock is by the length of the video!
Dayum that was fast. Epic Mic drop on the Dog Bone
Nice for the owners of this lock to discover a quick way to open it.
I've been watching LPL for too long, my first thought was that he was going to shim the thing open, Thanks LPL, keep these videos coming