Security by Insecurity = Insecurity
The rather expensive education of protecting your personal belongings from
theft offered up by many so-called security "experts" usually involves
obfuscating the simplicity with which most barriers can be bypassed. This is
simply a part of the flawed concept of "security by obscurity" that many
self-proclaimed security authorities pass on to everyman as their intimate
brand of super-secret technical wizardry. These security experts want us to
believe that they can, for a fee, mentor us on how to secure our most treasured
belongings. More often than not, their instruction is completely invalid.
Last year, at DEFCON, there was an entire ballroom reserved for nothing but
lock picking. Hackers have always had a romantic fascination with picking locks
(myself included), and this ballroom was packed with those who were teaching
techniques, some of them selling wares, and there were a host of avid students
of the sport.
Let's just focus for a minute on your transportation. I'm sure you've all
seen the movies where there are elaborate collections of "high-tech" tools used
to start a car (especially those with a steering console ignition) minus a key.
Usually, these absurd methods either involve large vise-like tools (e.g., slide
hammer puller) that remove the lock from the console (and expose an abysmal
myriad of color-coded wires), or the use of brand-specific bypass keys, and
many yet still show the silliness of pulling a few wires from underneath the
dashboard to simply "hotwire" the ignition. Most of these Hollywood techniques
irreparably damage the vehicle in some way, and all of them offer nothing in
the form of car-jacking reality. Real car thieves are having a good laugh.
A good locksmith (one that knows the true intricacies of locking
mechanisms) can open your car and start it in seconds, without the use of any
high-tech gear. No need for Slim Jims, pick guns, or Lever Wedges (expensive
lock picking tools marketed to the programming equivalent of script kiddies).
The job can be done with nothing more than a couple of simple rake picks. And
the beauty of a steering console ignition is that you don't need any
sophisticated external leverage device to tum the lock - it's built in to most
console ignition locks.
While I've heard that the use of two simple jagged rake picks can do the
job in short order, one might also use a snake rake pick and a double ball pick.
But simple rake picks work just fine, as they do on almost all locks.
To test this theory (one that I acquired from real experts), I performed a
quick trial run on several subjects that included all manner of console
ignition switches, and all turned out to be easy "pickings."
My first test case, a 1995 Jeep Grand Cherokee, proved to be a reference
standard for all other experiments. The first attempt at entering the vehicle
and successfully starting it took a little under 30 seconds. Most others took a
similar amount of time.
And, remember, the beauty of 4-inch slender picking tools is that if the
cops show up in under the 30 seconds it takes to drive off with your cache, you
can quickly and easily hide them in your shoe (or wherever your imagination
takes you), and claim that all cars look alike these days.
Oh yeah, and getting into your house is even easier.
No, I'm not providing you with exact details on how to do this, but, we're
just speaking hypothetically here (yes, that's a disclaimer).
To quickly conclude... this is why some governments hire hackers. Hackers
don't bullshit you about your security. They show you how easy it is to break
in and steal your shit (after the "security experts" have "consulted" you that
your security is now OK - subsequently implementing a whole host of useless
measures), and hackers prove that their possession of real security knowledge
far surpasses that of the "security expert."