Crack any Master Lock combination lock in eight tries or less

by
in security on (#853A)
There's a vulnerability in Master Lock branded combination padlocks that allows anyone to learn the combination in eight or fewer tries, a process that requires less than two minutes and a minimal amount of skill to carry out.

The exploit involves lifting up a locked shackle with one hand while turning the combination dial. Before the dial reaches 11, there will be three points where the dial will resist being turned anymore. The three positions are then input to a web page that streamlines the exploit. The page responds with the first digit of the combination and two possible digits for the last digit. By testing which of the possible last digits has more "give," an attacker can quickly figure out which one is correct. By eliminating the false digit from the Web form, the page will automatically populate the eight possible numbers for the second digit of the combination.

It's by no means the only way to break the security of a popular padlock. It comes a few years after Master Lock engineers developed new padlocks that resisted a popular form of attacks using shims made from soft drink cans.

Naive user to date (Score: 2, Interesting)

by rocks@pipedot.org on 2015-05-01 13:54 (#86Z2)

So I confess to being a naive user of Master Lock combo locks at the gym for years now without knowing how weak their protection actually is. I would like to know what a slightly more challenging alternative would be for a replacement? I've seen the recommendation for an American 1105? Any others?
Post Comment
Subject
Comment
Captcha
Enter the number eighty five thousand six hundred and thirty one in digits: