This is my concern too, surely people will use these exploits faster than fixing them, though it is necessary since this technique must be quite well known already before Anon tells LPL about this. Plus the drain design kinda sus as if it was intended. Nometheless I think it is better to know about your lock rather than not.
@@the_kombinator The drain hole is there for a reason - to protect the electronic components inside. Blocking it could fry the internals if water builds up. Then you have a useless lock that can't be opened at all.
Schlage doesn’t seem to care about making secure locks. They’ve demonstrated that over and over again. They seem to be a greedy profit hungry company that spends far more on marketing than making a better product. Everyone should avoid their junk products.
It's a thing in the locksport community. When you're videoing yourself opening a lock, you're not allowed to edit the video to prevent accusations of shenanigans.
Since the hole is angled towards the exploit region, I wonder if it's actually intentionally there to allow for locksmiths to unlock it in the event of something going wrong, etc. If that's the case, it's no wonder it's marketed towards building managers, since that would be a bigger concern than their tenants getting broken into.
And regardless, for a great many landlords, “Tenants won’t know and can’t do anything about it if they do” will win out over replacing any of these locks.
Just easier engineering. Easier to work with and ignore gravity than it is to go against it. Drain hole at the bottom and electirc parts above. just makes sense from a design perspective
The designer of the Death Star was actually highly competent. The vulnerability he left in there was intentional and subtle, while the design flaw of this lock is not.
@@anthonyobryan3485 "highly competent" Meanwhile, he's designing a ship that vents fluid directly into space. The death star is a joke, even by Star Wars standards. If the thing was actually designed that way, they wouldn't even need to blow up the reactor, just cut off the supply chain of the massive amounts of coolant that the death star would be trucking in from another planet, daily. Then the death star will explode all on its own without even having to touch it. At least this little lock requires you to touch it to defeat it.
I suppose with the Death Star at least you needed a competent pilot, here just a bit of wire will do the trick. You don't even have anyone shooting at you in the process.
The more lock picking lawyer videos I watch, the more I realize the most believable part of star wars is building a giant death star that has a critically easy to take advantage of flaw
@@TheQuark6789 idk, the issue is easily solvable on the consumer side and it has avoided the common flaw among its genre. That means it’s effectively defended itself against an industry wide exploit that someone targeting the genre in general would tend to use Basically they passed the electronic version of the bump key test
@@h.a.9880 Isn't that how bank vaults work? If you try to break into the vault, you'll either raise the dead with the noise or take all night. I think.
for college dorms, it would prolly be feasible to 3D print a small high-infill insert that fits in the area between the two bottom screw holes that still allows the drain hole work as a drain but blocks access to the mechanism by being braced against the casing ...but most colleges will prolly spend hundreds of thousands to replace the locks and charge students for it 🙃
Yea they wouldn't have put a drain hole unless they found it necessary during testing. Especially if these are mounted on an external door more subject to the elements those electronic components would likely stop functioning correctly.
@@Joe45-91 The case is metal, so when the temperature drops, all the moisture from the air inside is going to condensate on that metal. Without that wall, you'll get a small puddle on the bottom.
I just tried it on my apartment lock and it worked, it is a slightly different model and outdated, but that is literally terrifying. I had no idea what I was doing but I did it on the first try
It looks like it's a manufacturing thing. The bent over part must be "cut in" to stay flush with the rest of the metal sheet after being bent 90°. (not talking about the drain hole, but the inner inlay sheet metal)
@@plpGTR It doesn't necessarily need to be single-function. If they need to have that indentation anyway for ease of manufacturing, then they can arrange the assembly in such a way that it "just so happens" to point downwards so it also functions as a drain hole for accumulated condensation. And _additionally,_ it can serve the extra purpose of being an emergency mechanical bypass for when the lock fails and it needs a way to be opened. I have to wonder what the installation instructions mention; do they specify to position the hole in such a way to make it more cumbersome to enact such a bypass? Are there additional fittings included in the installation kit to block access to the hole while still allowing it to do its drainage job and be available for emergency bypass when needed by removing said fitting? I'm reminded of when, iirc, an Air Force budgetary committee asked for justification on why a particularly expensive power wrench was needed. The response was that it was a multi-function tool: it could not only tighten bolts, but loosen them as well.
@@plpGTR this metal doesn’t appear to be bent though it would most likely be cast. Meaning the slants were intended and I agree with other users it’s most likely designed as a bypass.
As soon as you said RFID, I knew exactly what the flaws was gonna be. I used to be the guy tasked with throwing out old or unsold opened product at a hardware store and I saw stuff like this all the time. RFID and electronic locks almost ALWAYS have a physical, mechanical weakness.
Anyone who works in the tech industry hates these, too, because they're *also* flawed from the cybersecurity POV. Anything that uses the credentials of a smart device to open it is a thing that can be cheesed through by compromising the device, not to mention issues with the actual computer security aboard the lock.
@@made.online2149 You can't cheese a mechanical lock from miles away, tho, and just like how Master Lock never updates their designs pretty much all smart locks never get security updates.
Years ago, I heard a security expert say “you’re never safe. If someone wants to do you harm, they can. Most people just don’t have people wanting to harm them.” Locked doors just give the illusion of safety.
I've sold lockpicks to international hackers who get worried that my credit card reader is bugged, while I worry that all these crafty people will steal stuff. Turns out, 99.999% of people are basically honest and decent, and if they weren't society would crumble in a day
Those would both be marketing and tech support arguments. Design team would mention the no pick excuse but focus on redesigning the labyrinth navigated by the wire. A more fundamentals focused engineer would redesign the motor linkage to not be pushable.
A pick: Object(s) inserted into the internals of a lock and manipulated in a nondestructive manner that allows unauthorized entry. I see an unpickable lock that was just picked.
Wrong, A wire is the most basic of picks. I picked my first lock with a bent paper clip, then made a set of basic picks from spring wire. I opened many master and kwikset locks with those hand made wire picks. I still have custom wires in my pick set today decades later. BTW to block the hole attack just cut a common nail to length, crush it in to the into the gap, with the head toward the internal bypass hole; correct size and length nail should block and bind any wire attack.
This reminds me of when I lived in military barracks on active duty. We all had key card locks with metal security doors with metal frames. Soldiers would lose their keys daily, and require a master key from battalion to open them. I got locked out one day and decided to get in on my own. Turned out the door frame was so cheap, I could use a long 20mm wrench, and wedge it in-between the door and frame, and bend the frame far enough to pop the door open.
both LPL and mcnally are my favorite lock pickers. I love how "official" and "professional" LPL seems, where-as I love the choas of mcnally destroying masterlocks reputation
Schlage: Pick -proof! LPL: Unfortunately, you've made the very common mistake of making your lock, which leaves it open to the exploit I'm about to explain.
Drain hole could be angled different like a zig zag or snake shape and also put some fine mesh at each turn of the zig zag so that water still escapes but provides difficulty to sneak a wire through multiple zig zag layers. Also don’t angle the “drain hole” close to the unlocking mechanism.
I agree. Honestly if they still want the drain hole to work as a mechanical bypass they could improve the security by zigzagging the hole as you've mentioned and maybe they could have some sort of mechanism with pins that slide up and down so when you put an object of the right shape in, it'll activate the mechanism in case of electronic failure.
I think they kept it this way because if water actually does get in, the lock itself would fail. And the need for people to get into their own house is much more important than the need to keep others out.
There's a story about a man who was tasked by a wealthy noble to make a lock that could never be picked. The story goes that a particularly audacious thief would pick the lock on the front door at night and make off with a variety of jewelry and silver utensils which irritated the noble to no end, so he went to the town blacksmith and tasked him with designing a lock that would be 100% unpickable, then install it onto ever exterior door in his home. The blacksmith tried to tell him that no lock was completely impenetrable, but the nobleman would not relent, so the blacksmith agreed. Days went by, and the nobleman received word that the blacksmith had completed his task, and that he should take a stroll while the new locks were installed. When the nobleman returned, he found a rather impressive looking lock installed on every door. "No one will ever be able to get through this lock, milord" the blacksmith said. "Splendid" the nobleman replied, "but where is the hole for the key?" "Hole? For a key?" the blacksmith asked. "Yes, a keyhole, so that I can unlock my door." "Sorry milord. A lock that can never be picked, is a lock that can never be opened." The noble was furious. "How am I to enter my home, then!?" The blacksmith scratched his head for a moment, then said "Wait for the thief. When he breaks in through a window, ask him to unlock the door from the other side"
@@cabagezzz In the UK, we have a House of Lords. Some of those in the House of Lords, are nobles. Thus, a nobleman can be referred to as my lord, and be correct. However, quite simply it could be a case that: 1) The blacksmith is just engaging in good customer service 2) The nobleman is the owner of the land that the blacksmith lives on, hence making him the lord over the blacksmith.
@@yandyyay yes but it leaves open the possibility that some non-destructive exploit will be found, as we see in the video here. If the same flaw existed, but was inaccessible from the outside, it wouldn't be a problem.
@@Merennulli Why is it impossible to put the mechanism on the inside? There must be some way to pass the outer handle's movement through to the inside, so that the outer handle actuates the bolt on the inside of the door (if the credentials are correct). It's hard to explain in words, but I'm thinking of something like: The outer handle is connected to a rod which goes through to the inside; this rod is encased in a hollow cylinder which is coupled to the bolt; the inside handle is directly coupled to the hollow cylinder; the rod is only coupled to the hollow cylinder if the credentials are correct (otherwise it turns freely).
@@Merennulli different tail piece design and have the outside ONLY a credential reader and have the "guts" on the inside and use the existing HOLE as a passthrough for the wiring and have the lock/unlock ONLY on the inside
At least this one has an easy way to fix is, just weld the drain closed, or at least weld the right side closed so water can still get out while also blocking a wire from reaching the mechanism. Most of the flaws he finds are fundamentally impossible for the average person to fix.
You can't tell me they angled that drain hole towards a gap in the housing on accident. That was a backdoor intentionally put in there by the manufacturer. It's not a flaw, it's a feature.
you know I'm sort of inclined to agree that its a back door of sorts... that batteries clearly go on the inside of the door, what happens if they are stone dead... sure the lock will warn you the batts are going flat but what if you just don't act on it?
@@yandyyay Those two metal dots on the front towards the bottom are there for you to hold a 9V battery to it. This powers the electronics and allows you to scan your credentials and get inside in the event the internal batteries died. If anything, it is there for if the motor/electronics fails.
The cynic in me says this was done on purpose, so that would-be locksmiths could easily sell entry, in case of an emergency. Remember that much of the "physical secuity" world still operates on a "security by obscurity" mindset.
@@koresoteira447 It absolutely is. The hole itself is angled directly towards the spot the wire needs to go to. Watch it again, preferably in a decent resolution.
@@koresoteira447 If you pause the video around 4:35, you can see the cutout is angled directly towards the spot the wire needs to hit. It looks very intentional to me.
There's also a gap in the mechanisms shielding. They covered most of the mechanism to prevent this kind of attack then left a small opening. It's gotta be on purpose
Thank you for your educational and security awareness content. I have been avoiding going wireless at home for other reasons and this just fortifies my reasoning. Guess still the best option is to have a couple of high-end locks just so it would take longer for the intruders to get in.
The “drain hole” is actually angled towards the mechanism that unlocks it so it’s easier to get something in there to unlock it. After this video, price for the whole lock kit is going to be on sale for $19.99 and infomercials at 2 am 😂🤣
But wait! There's More! Buy 1 lock, get a second lock FREE! and as a special TV only offer if you call in the next 125 minutes, get a free bottle of epoxy seal to stop the exploit for only a $1.99. But wait! There's More!... ...Tiny super fast legalese text scroll with a fast voice over explaining shipping costs and no liability if the lock is picked....
I would assume because of the shape of the hole and the slit that allows the wire to reach the inner part that is is actually a "feature" that allows the lock to be opened with a special tool e.g. when the battery is empty or the key card broken.
LPL’s most unneeded line ‘let’s just show you again to prove it wasn’t a fluke.’ Never seen LPL open a lock and think, that was lucky. Keep up the great work. Love watching your videos
@@taumag5884 Actually he is aware of the fact that too long form content does not do too well currently, so no, padding the video time is not a reason. It's actually to prevent people who might claim he is reshooting the video over and over until he is truely fast just a single time. Doing it a second time in a row with relatively equal speed shows that there is at least some sort of consistency to what he presents in the video.
Yeah, that's because you didn't make one of the locks featured in one of his videos, but hurt butts find a way to soothe the sting and "lucky" is the easiest call when your $500 lock fails to a wire in 5 seconds.
The biggest flaw of all is that the part that does the unlocking is on the outside. On an electronic lock, in a good design, it should always be on the inside.
Yep. The bypass isn't hard to prevent (at least, you're trying to prevent non-destructive entry easy) but there's no fix for vulnerable components like that.
Drill a hole to the right of the drain hole (as seen from the rear). Put as long of a machine screw as you can in, with a nut on the inside, to prevent a wire from going straight to the opening. Test it; Add nuts if necessary.
@@troy3456789 Now it can be opened with a bit of wire + a screwdriver. Easiest option is to just fill that void with tightly packed steel wool. It'll still drain water so you don't end up with a short after months or years outside collecting water, but it'll block that wire so long as it's packed tightly enough
@@vakieh4381 I'm thinking the nut on the inside will turn if you use a screwdriver from the outside. A nylock (locking nut) would help too. The idea is to cause the wire to divert to the wrong angle. (Hole drilled on the side of where the wire goes up; not blocking the important drain hole) Steel wool seems messy and won't stop a stiff wire like what he used in my opinion.
LPL: "Hey, honey, how's college going?" LPD: "Great, dad! They just upgraded our dorm locks to these fancy new smart locks." LPL: "I'll be right there 😐"
I install locks a couple dozen times a year. I always point people to LPL if they ask for an opinion on any given lock. The lock of horror as they watch the video is amazing.
I agree! I have for a long time been impressed at how very professional his videos are. Of course, one would hope that a court lawyer who practised in commercial litigation would be able to do a clear, professional presentation in "one take"; judges aren't impressed if a court lawyer asks for a do-over!
@@GigaBoost It's to maintain integrity, or at the very least, prove without a shadow of a doubt that he isn't manipulating any of the locks when he reviews them. It's also why he often picks locks multiple times, to prove his success wasn't a fluke. The benefit of being allowed to be lazy is just a nice bonus.
I bought a similar kee pad version that uses the same mechanism earlier today. Upon opening it up I was happy to see that Schlage had included a sturdy piece of plastic that blocks the drain hole while still allowing water to get out. Now I leave it to you to find a way around this new feature.
I'm pretty sure if you complain to building management, some poor maintenance person will have to go around with a tube of JB Weld putty and just put a little bit in every drain. I'd imagine the warranty claims department at Schlage is going to be unimpressed with you for this 😂 EDIT People, drilling a hole, chipping it away, etc is a destructive entry and leaves evidence. That's beyond the scope. Is blocking the drain hole like I suggested ideal? No. But the correct solution is to dismount every latch and do an internal modification, which is probably more than most maintenance departments want to get into
@@SunriseLAW If the inside is all plugged up, a thin piece of wire is going to take a very long time to chip through it all. Alternatively, jb weld a small piece of metal like a grub screw at just the right spot.
@@SunriseLAW You weren't using it right then. I've repaired all sorts of parts with jb weld. o2 bungs on an exhaust manifold only worked temporarily, but the fix still last 2-3 months when I allowed the plug to cure for only 5-6 hrs. On key fobs, lamp bases in industrial settings, workshop fixes, autobody repairs etc the stuff cures so consistently to the substrate that getting them to separate is basically impossible.
Which works till water makes its way in and submerge the electronics. A better solution would to install it so that it's recessed and flush mounted in the wall, preventing all access to the drain plug while also allowing it to drain if need be
Holy crap! This one is huge. I can see lawsuits if Schlage doesn't bring out a retrofit kit to block where the wire slips between the guard and the screw post. Wow, when a company like Schlage misses such an obvious exploit for years on such a critical product, Master Lock doesn't look so bad any longer.
All I can think of is some guy with Autocad running designing that housing and being told "there needs to be a drain hole" and then saying "but then someone can stick a piece of metal up there and bypass the lock". And an argument ensuing in which the engineer tries to take a stand, but the product manager is like "overruled" and then the guy just says fuck it and goes to lunch.
@@rmyers99 Nah, it's the engineerings fault in this case. The stamped steel piece is supposed to be shielding against this exploit (after they forgot that in the casting), but they chose the one manufacturing technique that wouldn't actually work because the radius they need for the srew hole leaves this one hole through which LPL could fit the wire. Had this shield been made any other way (molded plastic for example) it would have worked. Should instead have made the actuator that sees machanical load out of steel.
@@BL-yj2wp I'll certainly never bet against cost reduction; but my assumption was that the plastic component was plastic, in surroundings that were mostly metallic, because that's one way to keep otherwise trivial magnetic manipulation from being an issue. Probably not a coincidence that plastic, rather than one of the more expensive nonferrous metals, was chosen for the job; but still a questionable place for steel.
@@repentandbelieveinJesusChrist3 Wrong message you are sending. People do not react to demands of penance, they react more to messages of love. Stop talking from high position, and start talking from equal status.
@@ElBandito The message is entirely unrelated to the video. This is a spambot "spreading" the coder's beliefs however they can where it's unwanted and unneeded. I don't think it matters that they could be more efficient in how they spam.
@@Jake420 Yes, it is, hes saying that he would have never thought from now till ten years in the future he'd watch lockpick videos for fun but he is now. Also the sobbing emoji doesnt mean Im actually crying, its used in this context as a way to say "bro what is this/what are you saying/bruh"
Me: "Oh, a 5 minute video! Maybe this has something interesting or obscure going on?" LPL: spends half the video just showing us how to disassemble the lock. Me: "Well played, sir."
@@Spiker985Studios Even if you seal the drain hole it's still a critical design flaw and your seal can be mitigated very quickly and with minimal notice using a dremel most likely.
@@deedoubs I mean, most would be thieves are going to be looking for easy targets. I don't know about you, but I don't have an electrical outlet near my front door. The only secure thing to do is to confuse the hell out of would-be thieves - otherwise you're just trying to be marginally more secure than your neighbor. If they *really* want that stuff, they're just gonna cause damage and nab it anyway
My building in NYC had relatively secure Mul-T locks/deadbolts for years... Then 6 months ago the management co. decided to put something just like this on all our doors.. without an option. I actually went to the office to complain saying they were ridiculously unsafe but they didn't want to hear it. Too bad this video wasn't out then.
For that price point, they could put a little more space between the drain hole and the plunger point and make a maze where a wire can't go through but water can drain.
To block without disassbly, use a straightened paper clip to stuff the drain hole with as much string that will fit, pushing it toward the left side to fill the path the wire would take. Won't harm the lock in any way.
if i ever move into a dormitory for a while, and i hear LPL say "lets do it one more time so you can see its not a fluke" im just gonna jump out of the window lmfao
That’s what happens when pool of qualified engineers who can design locks keeps shrinking and brands only rely on their legacy brand names to market products to mass consumer.
If you look closely to that drain hole, it has an angle pointing directly on that plastic block, as if it WAS designed for that exact purpose of bypassing lock mechanism.
@@zuttoaragi8349 - Most likely, but it is a very terrible bypass system when even the most unskilled thief can easily learn this, or get it to open accidentally by a little prodding. Much better to just add a good secondary bypass keyhole if the electronic shorted.
YOu know what i love from your videos? They have it all. All the content, the "introduction", the "development" and the "conclusion". You show all it has to be showed. AND THEY ONLY LAST FOR 5 MINUTES. Thats F awesome.
@@the_kombinator I am sorry for your lack in reading and understanding skills. Hara is clearly impressed how much content and story the LPL gets into only 5 minutes (which I agree with is impressive). Hara does not state anywhere a maximum attention span of minutes nor is that implied.
My father was a carpenter and was hired to fix a door to a house that was broken into. When he arrived, he found the door with about 4 deadbolt locks still locked, however the thieves had just removed the outer casing and pulled the door, still in it's jambs, right out of the building, set the door and jambs next to the house, and walked in. Your locks are only as good as the jambs in which the door is mounted. Front door jambs need to thick and set into the house frame with large nails, though bolts are better.
@@edward1927 You could just take a sawsall to the wall next to the door. After all, it;s just some vinyl or aluminum siding, a sheet of OSB or plywood, some 2x4s, and a sheet of drywall. My dad told me a robbery he saw on the news where the burglars used a cordless circular saw and just cut the wall open.
I had a mountain side cell site to work on and the Supra dead bolt had a dead battery on the door. Hinges were outside and just popped the pins and in we go.
Generally speaking, you don't have a lot of thieves showing up to your front door with power tools and looking to saw through the wall for the obvious reason that it's not worth the time, effort, and risk to do something you can accomplish by just kicking the door in.
right at 4:10 where he says "you turn the wire", that wire is passing over a perfectly placed recess in that inner metal bracket. between that and the way the "drain hole" is angled perfectly to feed the wire right where it needs to go, this _has_ to be a deliberate feature not a bug
would it be dumb to assume that its a "secret" way for a lockpicker that specializes in these locks to get it open if the owners lose their credentials to open it?
Exactly what I was thinking. This has to be intended, although they meant it to only be known to locksmiths and security personnel so that they can let people into their apartments. It was definitely not intended to go beyond professionals/intended people.
@@kasper_429 that’s the issue, it’s like having a master code that’s the same for every safe of a particular model. Those out of the loop won’t know but the second information breaks out it’s just free hunting.
@@kasper_429 But that's not how security works. It takes one person to know the secret to share it maliciously or accidentally and the whole security falls away.
Yeah, sure Mark. We're sending the FBI right over. You probably tore off that mattress tag too. Federal offenses. You'll be going away for a long time. 😅
As LPL says in some videos, don't pick locks that are in use, as there is some chance you will break it. (On the other hand, some people like to simply stop using their apartment key and lockpick their way in every day. So really, do what you want.)
"I can open this in just a few seconds with nothing but a thin piece of wire" Now we can debate the meaning, but "open using only a thin piece of wire" seems like a decent definition of "picking" to me.
It’s not a drain whole, because it is sloped in the direction the wire needs to aim. It is a bypass, like the one designed into interior lock sets for bedrooms and bathrooms; so the lock can be breached in case of an emergency or accidental lockout. In the scenarios where this lock would be used, it circumvents lockout due to a dead battery. Likewise, the internal gap next to the screw is intentional. That is where I would block the intrusion, if I preferred to cut a hole in the door or wall when the unit is faulty or the battery dies. What this unit needs is an ability to connect an external power source, like induction with no holes, when the battery dies.
I think if I lived in a large apartment building with these locks, I would be tempted to unlock all the doors and leave them open to get everyone to pressure the management to do something about these locks.
Just put a sticky note on each of the locks with a link to this video. A lot easier and less risk of some neighbor not understanding your intentions and calling the police (or worse).
I've got an electronic door lock. No key hole, no picking. Electronics completely on inner door side, the mechanic coupling of outer door knob is done completely on inner door side. That's a good mechanical design.
4:09 that security flaw is entirely because that's a stamped piece of metal. I can see that there was clearance made for when the round segment got bent down in the press. If it was a solid piece of material there would be no gap for the wire to fit through.
One solution would have been to just extend the length of the guard piece so it could be bent 180° at the end to block off the opening left by the screw tab.
@@HarveyDangerLurker it's just a part of the manufacturing process. Stamped parts are cheap when you need hundreds of thousands of them, and regrettably you need clearances built in for it to work.
The whole design is very weak for a 300 dollar product. One can just drill a little hole at the bottom until they see some plastic shavings and then easily manipulate the lock with any stick that fit through the hole.
LPL- See this electronic lock? Can you guess how we open this electronic lock? Schlage- The key fob, use the key fob! LPL- That's right, we use the drain hole! Schlage- *starts having a panic attack*
Great video. Only critique is to get a impact driver instead of using the drill for the screws. It will prevent stripping of the screws and nuts/bolts.
It's not as if water cares if the hole is angled or not - and a simple barrier over the drain hole and under the plastic bit (so that any water would flow around it) could have prevented this...
This seems a very easy problem to solve too. Just change the shape of the drain hole to be 'Z' shaped. I.e. a couple of back and forth returns, and you wouldn't be able to get a wire to trace into the area it needs to be in.
@@pontoancora The hole on the bottom of a padlock allows water to drain. This prevents the padlock's internal mechanisms from rusting, so they can continue to function properly.