Lock bumping
Encyclopedia
Lock bumping is a lock picking
technique for opening a pin tumbler lock
using a specially crafted bump key. One bump key will work for all locks of the same type.
was drafted in 2005 by Barry Wels & Rop Gonggrijp
of The Open Organization Of Lockpickers
(TOOOL) detailing the method and its applicability. A patent exists for a lock device following the same principle as the bump key from 1926–1928.
The technique then attracted more popular attention in 2005 when a Dutch television show, Nova, broadcast a story about the method. After the method received further publicity from TOOOL presentations at security conference talks, members of TOOOL and a Dutch consumer group, Dutch Consumentenbond, analyzed the capability of the method on 70 different lock models and with trained and untrained users in a 2006 study.
At the same time, Marc Tobias
, an American security expert, began to talk publicly in the United States about the technique and its potential security threats. In 2006, he released two further white papers regarding the technique and its potential legal ramifications.
is composed of a series of spring-loaded stacks called pin stacks. Each pin stack is composed of two pins that are stacked on top of each other: the key pin, which touches the key when it is inserted, and the driver pin, which is spring driven. When the different length key pins are aligned at their tops by the insertion of the correspondingly cut key at their bases, the tops of the key pins and, consequently, the bases of the driver pins, form a straight line (the "shear line"), so that the cylinder can be turned, rotating the key pins away from the driver pins. When no key or the wrong key is in the lock, pin misalignment prevents the cylinder from turning.
When bumping a lock, the key is initially inserted into the keyway one notch (pin) short of full insertion. Bumping the key inward forces it deeper into the keyway. The specially designed teeth of the bump key transmit a slight impact force to all of the bottom pins in the lock. The key pins transmit this force to the driver pins; the key pins stay in place. This physics action can be visualized by observing the same effect on the desktop toy: Newton's Cradle
. Because the pin movements are highly elastic
, the driver pins "jump" from the key pins for a fraction of a second, moving higher than the cylinder (shear line of the tumbler), then are pushed normally back by the spring to sit against the key pins once again. Even though this separation only lasts a split second, if a light rotational force is continuously applied to the key during the slight impact, the cylinder will turn during the short separation time of the key and driver pins, and the lock can be opened while the driver pins are elevated above the keyway. Lock bumping takes only an instant to open the lock. The lock is not damaged in any way. Certain clicking and vibrating tools designed for bumping can also be used. These allow for rapid repetition of bumping against locks that have advertised "bump proof" features. Only a rare few key-pin locks cannot be bumped.
A different tool with a similar principle of operation is a pick gun.
Locks having security pins (e.g. spool or mushroom pins)—even when combined with a regular tumbler mechanism—generally make bumping somewhat more difficult but not impossible.
Because a bump key must only have the same blank profile as the lock it is made to open, restricted or registered key profiles are not any safer from bumping. While the correct key blanks cannot be obtained legally without permission or registration with relevant locksmith associations, regular keys can be filed down to act as bumpkeys.
Locks that have trap pins that engage when a pin does not support them will jam a lock's cylinder. Another countermeasure is shallow drilling, in which one or more of the pin stacks is drilled slightly shallower than the others. If an attempt is made on a lock that has shallow drilled pin stacks, the bump key will be unable to bump the shallow drilled pins because they are too high for the bump key to engage.
Locks that only use programmable side bars and not top pins are bump proof. Bilock is an example of this technology. Many bump-resistant locks are available which can not be easily opened through the lock bumping method. Baldwin and Schlage are two brands that offer bump resistant locks.
Time lock
s, combination lock
s, electronic lock
s, magnetic locks, and locks using rotating disks, such as disc tumbler lock
s, are inherently invulnerable to this attack, since their mechanism does not contain springs. However, some electronic locks feature a key backup that is susceptible to bumping. Warded lock
s are not vulnerable to bumping, but they are vulnerable to a similar attack called a skeleton key
, which is also a filed-down key.
Lock picking
Lock picking is the art of unlocking a lock by analyzing and manipulating the components of the lock device, without the original key. Although lock picking can be associated with criminal intent, it is an essential skill for a locksmith...
technique for opening a pin tumbler lock
Pin tumbler lock
The pin tumbler lock is a lock mechanism that uses pins of varying lengths to prevent the lock from opening without the correct key...
using a specially crafted bump key. One bump key will work for all locks of the same type.
History
A US patent first appears in 1928 by H.R. Simpson called a "rapping" or bump-key. In the 1970s, locksmiths in Denmark shared a technique for knocking on a lock cylinder while applying slight pressure to the back of the lock plug. When the pins would jump inside of the cylinder, the plug would be able to slide out freely, thus enabling the locksmith to disassemble the lock quickly. The use of a bump key was not introduced until some time later and was first recognized as a potential security problem around 2002–2003 by Klaus Noch who brought it to the attention of the German media. After further examination of the procedure, a white paperWhite paper
A white paper is an authoritative report or guide that helps solve a problem. White papers are used to educate readers and help people make decisions, and are often requested and used in politics, policy, business, and technical fields. In commercial use, the term has also come to refer to...
was drafted in 2005 by Barry Wels & Rop Gonggrijp
Rop Gonggrijp
Robbert Valentijn Gonggrijp is a Dutch hacker and one of the founders of XS4ALL.- Biography :While growing up in Wormer in the Dutch Zaanstreek area, he became known as a teenage hacker and appeared as one of the main characters in Jan Jacobs's book "Kraken en Computers" which...
of The Open Organization Of Lockpickers
The Open Organization Of Lockpickers
The Open Organization Of Lockpickers or TOOOL is an organization of individuals who partake in the hobby of Locksport.It has two main chapters based in The Netherlands and several smaller chapters located in the United States.-Legal concerns:...
(TOOOL) detailing the method and its applicability. A patent exists for a lock device following the same principle as the bump key from 1926–1928.
The technique then attracted more popular attention in 2005 when a Dutch television show, Nova, broadcast a story about the method. After the method received further publicity from TOOOL presentations at security conference talks, members of TOOOL and a Dutch consumer group, Dutch Consumentenbond, analyzed the capability of the method on 70 different lock models and with trained and untrained users in a 2006 study.
At the same time, Marc Tobias
Marc Tobias
-Professional Background:Tobias is an American investigative attorney and author. His law practice specializes in technical fraud and related investigations that require the use of special interviewing and interrogation techniques and polygraph testing...
, an American security expert, began to talk publicly in the United States about the technique and its potential security threats. In 2006, he released two further white papers regarding the technique and its potential legal ramifications.
Mechanics
A pin tumbler lockPin tumbler lock
The pin tumbler lock is a lock mechanism that uses pins of varying lengths to prevent the lock from opening without the correct key...
is composed of a series of spring-loaded stacks called pin stacks. Each pin stack is composed of two pins that are stacked on top of each other: the key pin, which touches the key when it is inserted, and the driver pin, which is spring driven. When the different length key pins are aligned at their tops by the insertion of the correspondingly cut key at their bases, the tops of the key pins and, consequently, the bases of the driver pins, form a straight line (the "shear line"), so that the cylinder can be turned, rotating the key pins away from the driver pins. When no key or the wrong key is in the lock, pin misalignment prevents the cylinder from turning.
When bumping a lock, the key is initially inserted into the keyway one notch (pin) short of full insertion. Bumping the key inward forces it deeper into the keyway. The specially designed teeth of the bump key transmit a slight impact force to all of the bottom pins in the lock. The key pins transmit this force to the driver pins; the key pins stay in place. This physics action can be visualized by observing the same effect on the desktop toy: Newton's Cradle
Newton's cradle
Newton's cradle, named after Sir Isaac Newton, is a device that demonstrates conservation of momentum and energy via a series of swinging spheres. When one on the end is lifted and released, the resulting force travels through the line and pushes the last one upward...
. Because the pin movements are highly elastic
Elastic collision
An elastic collision is an encounter between two bodies in which the total kinetic energy of the two bodies after the encounter is equal to their total kinetic energy before the encounter...
, the driver pins "jump" from the key pins for a fraction of a second, moving higher than the cylinder (shear line of the tumbler), then are pushed normally back by the spring to sit against the key pins once again. Even though this separation only lasts a split second, if a light rotational force is continuously applied to the key during the slight impact, the cylinder will turn during the short separation time of the key and driver pins, and the lock can be opened while the driver pins are elevated above the keyway. Lock bumping takes only an instant to open the lock. The lock is not damaged in any way. Certain clicking and vibrating tools designed for bumping can also be used. These allow for rapid repetition of bumping against locks that have advertised "bump proof" features. Only a rare few key-pin locks cannot be bumped.
A different tool with a similar principle of operation is a pick gun.
Countermeasures
High-quality locks may be more vulnerable to bumping unless they employ specific countermeasures. More precise manufacturing tolerances within the cylinder make bumping easier because the mechanical tolerances of the lock are smaller, which means there is less loss of force in other directions and mostly pins move more freely and smoothly. Locks made of hardened steel are more vulnerable because they are less prone to damage during the bumping process that might cause a cheaper lock to jam.Locks having security pins (e.g. spool or mushroom pins)—even when combined with a regular tumbler mechanism—generally make bumping somewhat more difficult but not impossible.
Because a bump key must only have the same blank profile as the lock it is made to open, restricted or registered key profiles are not any safer from bumping. While the correct key blanks cannot be obtained legally without permission or registration with relevant locksmith associations, regular keys can be filed down to act as bumpkeys.
Locks that have trap pins that engage when a pin does not support them will jam a lock's cylinder. Another countermeasure is shallow drilling, in which one or more of the pin stacks is drilled slightly shallower than the others. If an attempt is made on a lock that has shallow drilled pin stacks, the bump key will be unable to bump the shallow drilled pins because they are too high for the bump key to engage.
Locks that only use programmable side bars and not top pins are bump proof. Bilock is an example of this technology. Many bump-resistant locks are available which can not be easily opened through the lock bumping method. Baldwin and Schlage are two brands that offer bump resistant locks.
Time lock
Time lock
A time lock is a part of a locking mechanism commonly found in bank vaults and other high-security containers. The timelock is a timer designed to prevent the opening of the safe or vault until it reaches 0, even if the correct combination are known...
s, combination lock
Combination lock
A combination lock is a type of lock in which a sequence of numbers or symbols is used to open the lock. The sequence may be entered using a single rotating dial which interacts with several discs or cams, by using a set of several rotating discs with inscribed numerals which directly interact with...
s, electronic lock
Electronic lock
An electronic lock is a locking device which operates by means of electric current. Electric locks are sometimes stand-alone with an electronic control assembly mounted directly to the lock. More often electric locks are connected to an access control system...
s, magnetic locks, and locks using rotating disks, such as disc tumbler lock
Disc tumbler lock
A disc tumbler lock or Abloy Disklock is a lock composed of slotted rotating detainer discs. A specially cut key rotates these discs like the tumblers of a safe to align the slots, allowing the sidebar to drop into the slots, thus opening the lock. Unlike a wafer tumbler lock or a pin tumbler...
s, are inherently invulnerable to this attack, since their mechanism does not contain springs. However, some electronic locks feature a key backup that is susceptible to bumping. Warded lock
Warded lock
A warded lock is a type of lock that uses a set of obstructions, or wards, to prevent the lock from opening unless the correct key is inserted. The correct key has notches or slots corresponding to the obstructions in the lock, allowing it to rotate freely inside the lock...
s are not vulnerable to bumping, but they are vulnerable to a similar attack called a skeleton key
Skeleton Key
Skeleton Key is a rock band based in New York City. The band is the brainchild of bassist and singer Erik Sanko, who is the only constant member of the band...
, which is also a filed-down key.