You never know when you might be arrested for responsibly disclosing a vulnerability and have to pull a Houdini to break out of a small provincial prison in some far flung foreign land. Even if this is unlikely, you never know when your lock picking skills will come in handy one day. I get locked out of my own house at least twice a year and paying locksmiths hundreds of dollars to open your own door sucks.

This is the story of how I became a lock picking hobbyist. I have been watching the awesome lock picking community on twitter for a while now and I am convinced that the people behind the @LockPickingLwyr, @uklockpickers, @LockPickSeattle or @toool could easily escape if they ever become unjustly imprisoned. These guys have amazing lock picking skills and I love watching them make opening fearsome looking locks look easy. It isn't at all easy of course and experience is everything.

Picking Locks Is An Infosec Discipline

Lock picking has always been part of the hacker scene, you can find lock picking villages at lots of infosec conferences and it is a popular hobby with hackers because picking locks is the physical version of penetration testing. Many professional penetration testers are also skilled lock pickers because breaking into their employers buildings, secure areas and restricted locations is often in their job description.

Security is achieved through openness. Take things apart and play with them, exposing bad security is what protects us all. ~ Deviant Ollam, DEFCON 13

The disciplines of physical penetration testing and infosec penetration testing complement each other beautifully because one is an extension of the other. Before we had encryption, 2FA and biometric authentication to protect our data, we used physical door locks and padlocks to secure our valuables and data. We still do in fact.

It’s another version of hacking. Hacking is all about using a system against itself, or bypassing a system by thinking outside of the box. Lockpicking is almost like a magic trick, a puzzle of the same sort. You can’t bypass it without using the lock’s systems exactly how they were meant to be used or by using it in a manner the creators never expected it to be used. - Jek Hyde

Physical locks are a huge part of security and security is what infosec is all about.

The reason you see so many lock picking villages at infosec cons is because lock picking hobbyists and hackers share a passion for discovering vulnerabilities in security systems and working out how security mechanisms work in order to penetrate them for fun and competition. I hear great things about the lock picking villages at Shmoocon, LayerOne, BSides and Layer8, almost all of these lock picking villages were organized or sponsored by the Open Organization of Lockpickers.

I was actually quite surprised to hear from Jek that she didn't use her lock picking skills in her job more unless she was opening filing cabinets or paper shredders. Jek conducts physical penetration tests against facilities and buildings, so she knows what she is talking about when it comes to breaking into buildings, she told me:

"Few offices, data centers, warehouses, call centers, distribution centers, etc, are secured with a simple lock. Stores might be secured with a lock and key, but even then it is easier and cleaner to social engineer access than to risk standing outside for x amount of time under potential camera surveillance and law enforcement intervention only to enter with an unknown alarm system in place. My boyfriend @tacticalnomad teaches lock picking for a living. I joke with him that picking is great and all, but a good social engineer carries their social skills as lock picks. I just need to be friendly, have authority, have a great pretext and someone with the key will unlock it for me."

As in hacking, it seems that it is easier to pick the people rather than the locks :)

A Brief History Of Lock Picking

Professional and recreational lock picking has existed as long as locks have. The first pin and tumbler looks appeared more than 6000 years ago in ancient Egypt, they were made completely out of wood. During the first millennia BC, the Romans and the Greeks improved upon the early designs by introducing metal as the primary material used in the locks construction, giving them strong protection against brut force attacks. After the Roman Empire fell, innovation in lock design came to a halt for a while as locksmiths in the dark ages did not have the resource, nor the technological means to create new and innovative lock designs.

We did not see real innovation in lock making design appear in the historical records again until the 18th century when new wave of lock innovation was led by the inventions of Robert Barronin 1778 (double-acting tumbler lock), Joseph Bramah in 1784 (the famous Bramah lock), Jeremiah Chubb in 1818 (first detector lock), Linus Yale, Sr. in 1848 (first pin tumbler lock, despite ancient Egyptians using them), James Sargent in 1873 (first combination lock), Samuel Segal in 1916 (first jemmy-proof lock) and Harry Soref in 1924 (first ever padlock). Still today the lock designs you can find in almost any lock are based on the designs of these great locksmiths.

Many infosec professionals will tell you that there is no such thing as 'perfect security', but for 70 glorious years in the early 1800's 'perfect security' of a kind existed because nobody could pick the locks used at the time and for a short while security technology outpaced our ability to hack it. You could be sure that if you locked something it would stay locked and we know this because Joseph Bramah displayed a challenge lock in window of their London shop from 1790 mounted on a board containing an inscription.

The artist who can make an instrument that will pick or open this lock shall receive 200 guineas the moment it is produced. - Joseph Bramah, 1790.
Joseph Bramah’s ‘Challenge Lock’ mounted within its challenge board, as displayed in his shop window from 1790. Now displayed at the Science Museum in London.

Bramah's challenge stood for nearly 70 years until the Lock Controversy of 1851.

At the Great Exhibition of 1851, the American locksmith Alfred Charles Hobbs was able to open the lock and was awarded the prize. He took 51 hours, spread over 16 days to open the lock. Hobbs was an early physical penetration specialist who had made a name for himself in the United States by showing bank managers how he could easily pick their locks in order to sell them one of his own locks. After Hobbs had successfully picked the Bramah lock and the Chubb detector lock, that feeling of perfect security never really came back, but it did force locksmiths to innovate their lock designs in order to restore some semblance of security in the eyes of the public who were notably shocked at the time that 'perfect security' no longer existed.

King Louis XVI of France was a keen designer, picker and manipulator of locks, and physicist Richard Feynman picked locks for fun in the 1940s while employed on the Manhattan Project. The tradition of student roof and tunnel hacking at MIT included lockpicking and recreational lock picking has now grown and developed into a competitive 'locksport', along with its own governing body, Locksport International.

Buy Some Picks

The more I learned about locksport, the more I fell in love with the idea of taking it up as a hobby. I took the plunge and ordered my first set of picks from Mad Bob Picks, I got the $50 Ghost Pro Max set which came with a sweet belt strap case. I then went out and bought a bunch of random locks from my local hardware store to practice with and started by picking my door locks. After realizing I could easily rake open my front/back door lock in less than five minutes on the first try, I immediately began to fear for my personal security, but the hobby had me well and truly hooked.

$40 Ghost Pro Max Kit from Mad Bob Picks

I am happy with my picks, but I wish I had gotten the ones with plastic or rubber handles so they are more comfortable to pick with, am going to get some silicon sleeves for these ones to give them more grip and comfort in my hand. There are so many picks to choose from online and most are relatively inexpensive, I opted for pretty picks rather than comfortable ones, which was a mistake if you pick a lot.

When I realized that I could not pick open two of the padlocks I had bought, I also bought a dirt cheap disc detainer pick from Amazon for $10.

$8 Disc Detainer Pick From Amazon

In retrospect I should have shopped around a little more for one of these and not bought the first one I saw on Amazon with reviews, turns out these cheap disc detainer lock picks are only good for the cheapest locks because the tip is too thick and wide, it needs filing down a bit so it doesn't get stuck inside of the lock when you are working the individual discs, check out this guide for filing it down properly.

When I get bored of picking the cheap Chinese locks I bought I will upgrade this disc detainer pick, all its really good for is learning the basics on low end locks.

Buy Some Training Locks

Learning to pick locks blind with random locks you can buy in the store is actually quite hard when you lack an understanding of how locks actually work, I had seen some transparent training locks online which reveal the locks inner workings as you pick them, so I decided to buy this $40 lock training kit from the Curious Smith.

I had seen cheaper practice locks on Amazon, but this set was at a great price point, seemed to be made by people who are really into lockpicking, I was sold.

$35 Practice Lock Set from Curious Smith

It is a fantastic set which comes with six different transparent locks that have rubber cases so you can cover them up and pick them blind as your skills progress. The training kit contains two pin and tumbler locks, a disc detainer lock, a cylinder lock and a tubular lock, everything I need to help me master the sport. At this point I had spent less than $100 to get into the hobby and completely kit myself out, making lock picking one of the cheaper hobbies to take up and get started with.

Even if you wanted to buy some of the more exotic or custom picks you see out there, you would still spend less than twenty dollars, a pick is just a small, bent piece of metal after all. I can imagine spending more money on high-end security locks to practice on as my skills improve though. I also plan to make some kind of practice station following these plans and maybe this frame to build a wall of locks to practice on, I like it because it's easy to swap out the individuals locks without woodwork.

$90 Locksport Practice Station

Consider Getting A Vice

After practicing on locks while holding them for a while and finding it really fiddly am ready to get a vice. Some locks are too heavy to hold when you pick them and others are supposed to be housed within a door or cabinet, only a vice can reproduce this.

I have my eye on this one from a UK lock pick company which is a custom vice specifically built for holding locks while you pick them and more closely replicates the feel of the lock being contained in a door when it isn't. You can also get specialist vices for specific kinds of locks, below is a cylinder lock vice I have my eye on.

$50 Lock Pickers Vice 
$50 Cylinder Lock Vice

Always Remember

Lock picking is a fantastic hobby that I would recommend to anyone, its easy to start, cheap to buy the things you need and learn. Being able to open locks also gives you a sense of power, it feels good to be able to look at a lock and know you can pick it open, so there are two rules we follow in lock picking. Rule number one is never pick a lock that you don't own or do not have permission to pick and rule number two is do not pick locks that you rely on or that are in use. These pretty much mimic the rules we tell young hackers in infosec as they go out into the world on Shodan safari's to practice their penetration testing skills. Have fun, but don't break the law!

The awesome image used in this article is called Rank & Fall and it was created by Joey Seales.