Tuesday, July 21, 2015

How to Avoid Fly By Night "Locksmiths"

Within the past fifteen years the locksmith industry has become plagued with fly by night operations.  These operations rely heavily on bait-and-switch tactics, they subcontract all of their work to unskilled staff and are next to impossible to track down when something goes wrong.  These operations typically rely on flooding the phone books and online listings with multiple phone numbers, business names and websites that all forward to a call center in one central location.  They are notorious for inflating their prices to three to four times what a legitimate locksmith would charge for the same work.  Further, being that they are typically unskilled, the work they perform is often questionable and may need to be fixed by a skilled professional.

1) When calling them, ask for their full business name:  When you call most legitimate locksmiths, their greeting includes the name of their business.  For example, our company’s scripted greeting is “Thank you for calling Wooters Lock Company, LLC this is [insert name of employee] speaking, how may I help you?”  By contrast fly by night operations tend to answer the phone with a very generic greetings such as “locksmith services”.  When calling, ask for the full legal name of their business.  If they become evasive and refuse to provide this information, advise them that you will not be needing their services and call a different locksmith instead.


2) When browsing their website, there should be more than just stock photos or clip art:  Most legitimate locksmiths that are online love to show off their storefront or service vehicle and post a brief bio of themselves, how they got into the locksmith trade and how they started their business.  Fly by night operations on the other hand typically use generic photos that they have pirated, or they rely on royalty-free images.  The webpage of a legitimate locksmith should contain photos of at least one of the following: employees in company uniform (with company name or logo to ensure they haven't pirated the image), a marked company service vehicle or a photo of the company's storefront.  This can usually be found on the website's About Us page.

Avoiding Locksmith Scams in Rochester NY
Photo taken from our About Us page
Notice the lettering on my shirt.

3) Pay attention to how they provide their price estimate:  What often happens is one price is either printed in an advertisement or given over the phone, such as $19 for the service call.  As for the services they perform, they almost always add the words "...and up" to their estimates.  When they arrive that's when the price goes up...way up.  By contrast, legitimate locksmiths will give an estimated price range and advise of any increases in price before any work is performed.  A legitimate locksmith will typically ask questions ahead of time to try and determine what type of lock they will be dealing with.  A legitimate locksmith will say something along the lines of:  "based on what you told me, you can expect to pay between $110 and $130 to have your home rekeyed."

By being aware and knowing what to look for, you can better protect yourself against these bait-and-switch tactics.  Many of these companies operate as “locksmith referral services” so even when they are tracked down, it is difficult to hold them responsible for the damages you may have incurred.  Knowledge is power and by looking for the identifiers listed above, you can better protect yourself as a consumer.

What is Impressioning?

Impressioning is the process of generating a key for a lock entirely from scratch without disassembling the lock or having beforehand knowledge of the working key’s depths.  This process involves taking a key blank and making “impressions” on the blank.  These marks can then be used to gain knowledge of the lock’s pinning scheme and from there generate a working key.

Schlage D-Series Key-In-Knob lock impressioned

Impression marks generally have to be taken many times to form a working key.  However, taking impression marks can be done quickly and discreetly.  If one walks by a door on a daily basis, they can take impression marks within a matter of seconds and then proceed on their way to work more on their key later.  Depending on their skill level and the pinning of the lock, by the end of several days or weeks, they will likely have a working key, permitting them entry to that door at their convenience.  This technique is therefore very practical in the field of security auditing/penetration testing.

Impressioning should not be done in instances where a consumer has purchased a home and there is a door they do not have a key to.  In instances such as these, picking open and rekeying the lock to an entirely new key is preferable.  Rekeying the lock is generally much more cost-effective, and it eliminates anyone who still has the keys to that door from returning to illegally gain entry.

Impressioning is however beneficial in instances where a consumer has purchased a non-rekeyable padlock without keys (e.g. from a flea market or antique store).  It can also be a suitable alternative to lockpicking in some instances.

Not all locks can be impressioned, or are very difficult to impression.  Kwikset locks for example use pins that make it very difficult to create and observe impression marks.  However, if a Kwikset lock has been rekeyed with aftermarket pins, this will likely make the lock easier to impression.  Also, some high security ASSA locks utilize special tumblers that are designed to provide deceptive readings if someone attempts to impression one of these locks.

This skill takes a long time to learn, so the concern of a criminal learning this skill and using it to commit a burglary are minimal.  Generally, criminals gravitate toward the path of least resistance, such as looking under doormats for hidden keys, using bump keys, or gaining entry forcibly.  Also, the investment in tools and time would likely dissuade the common criminal.

A locksmith however, specializes in creating keys for locks and therefore is often willing to invest the time and effort in their craft to learn this skill.  I, personally have been working on learning this skill for a considerable amount of time, but the results are now showing.

Sunday, July 19, 2015

How to Identify & Rekey SmartKey Locks

Around 2007 Kwikset released a new type of lock cylinder known as the SmartKey*.  Unlike a conventional pin tumbler lock, the SmartKey can be rekeyed without having to remove the cylinder from the door.  This is especially convenient for homeowners, who will no longer have to hire a locksmith every time they need their lock rekeyed.  In this article you will learn how to identify and rekey a SmartKey lock and also be provided with some information regarding the advantages and disadvantages of using these locks to secure your home.

This lock is purely mechanical and should not be confused with Kwikset's Kevo* electronic deadbolt.  The Kevo can be programmed to use Bluetooth-enabled devices (such as smartphones) to unlock it, but also uses a SmartKey cylinder for purposes of providing users with a mechanical override.  The takeaway from this is that SmartKey has nothing to do with your smartphone.


Identification:  Is Your Lock a SmartKey?

These locks can be identified by a small vertical slot on the plug, located to the left of the cylinder's keyway**.  These locks will also be marked "Kwikset" or "Weiser".  U-Change brand locks may look similar, however the slot in the plug is horizontal instead (U-Change locks utilize a completely different mechanism and are similar in construction to conventional pin tumbler locks).

SmartKey deadbolt (left) next to a conventional Kwikset pin tumbler cylinder (right).  In this photo the rekeying slot has been circled in red.  Both cylinders pictured are capable of being keyed alike despite the fact that they are mechanically different

Rekeying Instructions:

You will need the following:

  • A Working Key (Key A):  If you do not have a key that works on your lock, the lock will need to be removed from the door and reset by a locksmith (we provide this service)
  • SmartKey Learn Tool:  Use Kwikset Part #83283.  This tool has a red protective sheath to prevent the tip from becoming damaged or poking the user.  If you would prefer the basic tool without the protective covering, use Kwikset Part #83282 instead
  • New Keys (Key B):  These are the keys you wish to operate the lock instead of your current set

To rekey your SmartKey lock follow these steps:

Step 4 shown using Kwikset Part #83283
1) Make sure your door is open so you don't get locked out

2) Insert Key A completely into the plug

3) Rotate Key A 90 degrees clockwise to the three o'clock position

4) Insert the tip of the Learn Tool into the rekeying slot, which will now be horizontal.  Apply forward pressure to the Learn Tool until you hear a click

5) Remove the Learn Tool from the plug.  DO NOT rotate the plug at this time

6) With Key A still horizontal you may now remove it from the plug.  If you are unable to remove it, repeat the last two steps

7) Insert Key B fully into the plug

8) With Key B fully inserted, rotate it counterclockwise 90 degrees to the 12 o'clock position and remove it from the cylinder

9) Test your work:  Key A should no longer rotate when inserted.  Key B should now rotate, operating your deadbolt or handle


Advantages & Drawbacks

One advantage of using these locks is that they are substantially more difficult to pick than a conventional Kwikset pin tumbler lock due to their serrated wafers.  Further, unlike Kwikset's pin tumbler counterpart, this lock cannot reliably be "bumped".  This reduces the chances of one gaining entry to your premises without leaving evidence of destruction behind.

Also, as stated earlier these locks are convenient.  They can be rekeyed quickly and without extensive knowledge or tools.  While these locks cannot be master keyed, Kwikset offers a special SmartKey cylinder that utilizes two plugs to allow for a similar effect:  A "Master" key may be inserted into one plug to operate the lock or a different key may be inserted into the other plug, also operating the lock.

While the SmartKey is certainly a convenient design, there are some risks that should be noted.  SmartKey locks are made out of some plastic components, which makes these locks extremely vulnerable to the use of common power tools.  Also, there is a destructive technique that involves using a specialized tool that will not cause noticeable damage to the lock's face.  A burglar could use this tool to gain entry to a residence secured by a SmartKey lock and upon the homeowner's return, their key would work normally as if the lock had not been destroyed.  By contrast, destructively opening a pin tumbler lock would require leaving a substantial hole in the face of the lock, which a homeowner would notice.

One should also be aware that there have been claims of the tumblers coming apart inside these locks, causing a lockout.  This is most likely due to the use of fragile tabs that interface with the lock's wafers.  If these tabs break off, the key can no longer elevate the wafers to their proper position and therefore not open the lock.


Conclusion

The SmartKey lock is a convenient and cost-effective alternative for homeowners and renters, who wish to have their locks rekeyed on a frequent basis.  Unfortunately, because this lock is built to be cost-effective, both quality and security have suffered.  U-Change locks for example are generally considered higher quality and less likely to experience mechanical failure, although they have their own share of security vulnerabilities.  It may be some time before a user-friendly rekeyable mechanical lock hits the market that is of higher quality and provides greater security.  Personally, I would rather use a conventional pin tumbler deadbolt designed to resist common destructive attacks.

*SmartKey and Kevo are trademarks of Kwikset Corporation

**On pin and wafer tumbler locks the plug is the round component, which the key is inserted into