The Pen Is Mightier Than The ... Lock?

A 50-year-old lock design was rendered useless last week when a brief post to an internet forum revealed the lock can be popped open with a cheap plastic pen.

On Sunday, bike enthusiast and network security consultant Chris Brennan described opening an expensive Kryptonite Evolution 2000 bike lock using a BIC ballpoint pen.   Brennan, 24, of San Francisco, said he successfully opened two Kryptonite locks, an Evolution 2000 and an older Kryptonite Mini lock.  After cutting four small slits in the end of the pen's barrel to ease it in, the lock opened with a single twist.   Subsequent posts to Bike Forums and other websites report the vulnerability applies to many of the company's cylindrical-lock products, including some from Kryptonite's vaunted New York series.

Here is a video of the technique:

"That's the absurdity of it," Brannan said. "It's not picking the lock or smashing it open. It's the absurdity of a small piece of plastic breaking your unbreakable lock."  The vulnerable Kryptonite locks use an axial pin tumbler, a common cylindrical design used in a wide variety of products. The lock's design was invented at least 50 years ago by Chicago Lock.

Kryptonite declined to comment, but in a statement, the company said it is rushing to market a new "disc-style cylinder" design that is more secure. The disc-style cylinder is used in the New York products.

The manufacturer has said: "Kryptonite will provide the owners of Evolution and KryptoLok series products the ability to upgrade their crossbars to the new disc-style cylinder, where possible," the statement said. "This cylinder provides greatly enhanced security and performance.  Kryptonite is finalizing the details of this upgrade process and will publicly communicate these details as soon as possible."

Though not all axial locks are vulnerable, depending on several factors such as the locks diameter (to match the pen) and the lock's engineering tolerances, in early August, another website claimed laptop security locks by Kensington Technology Group, Targus and Compucage International could be easily compromised with a pen or a toilet-paper tube.

Oddly enough, the lock's flaw was apparently first publicized in 1992 in the United Kingdom and the BBC even covered it, but the news apparently didn't resurface until a dozen years later.