New lock picking technique callled "bumping". Real threat or just hype?

Per this article

Beware the ‘Bump’ Key
As lockpicking gains traction as a hobby, a surprisingly easy new technique has been circulating online and among hackers.

Any lock savvy dopers know if this technique a real security threat for tumbler locks or or just hype?

The technique itself might be quick but you have to, you know, custom make a key to even get started with any given lock. It looks like a new version of the skeleton key to me.


TWEET! Let’s get a few things straight here.

Talk all you want about what a threat this is. Discuss the ramifications to the lock industry.

But no descriptions how to do this or any more links, please. They will be removed. and the thread may be (oh no, he’s going to say it) locked down. :smack:

As you were.


Picky, picky picky!

Ok, leaving out any details, this is not what I have read through sources like Boingboing, etc.

Hardly “new”. From a pdf on TOOOL (the organization mentioned in that article): “Bumping, sometimes also called ‘Rapping’, has been a known technique for at least the past 50 years.”

So, this may actually be the old version of the skeleton key.

All locks are threatened, all the time. A lock doesn’t secure anything, it simply deters casual theft. If someone wants to get past a lock there are many easier ways to do it. This is just a variation of picking a lock that doesn’t require much skill.

Out of curiousity, I dug up some info from the folks who have been publicising this technique. One of the first things they say is that it’s been known for at least 50 years. And it’s very similar to other methods which are even simpler and more universal. So presumably, it’s no greater a threat now than it was decades ago. The “original” source also contradicts itself on how easy the technique is to learn, and whether it leaves any detectable traces on the lock.

Sounds like a ‘jiggle key’ - not a new technique at all.

Really. This is ancient stuff. One of the security blogs I frequent broke this story over a year ago.

Without delving into whether or not bumping, raking or otherwise attempting to pick a lock is legal or not, there is an interesting ethical angle.

In the computer security industry, we’re all about being open and having no secrets. Some of the best cryptography is (or started as) open-source. It’s been <heh> picked at by countless programmers, cryptographers and yes, even hackers, to find vulnerabilities. The mechanism is public and freely discussed. It’s the key selection that’s kept private, just as you keep your house keys to yourself.

It’s about time the same is done with the physical lock industry.

Your risk of having someone pick your locks on your home is very slim. The vast majority of theives aren’t “professionals.” They’re more along the lines of “crimes of opprotunity” rather than the notion of staking out a site and then breaking in.

Most theives are kind of lazy. They’re looking for a quick dash-in-and-grab. They don’t want to rob houses which are a pain in the ass to enter. If you’ve got prickly thorn bushes beneath your windows or a barking dog, they’ll most likely move on to another target.

Now, businesses and homes in which expensive and portable items are visible from the windows are at a higher risk of becoming a target of people who know what they’re doing, but there are relatively simple steps you can take to make your business/home a less attractive target even to them.

Reading the Dutch report on the TOOOL site, it looks like hype. I had a friend in college who bought a set of lock picks and could open doors with ease in no time. And quickly. And, he didn’t have to guess in his own tooling of a bump key or explain to a locksmith why he wanted one.

Let’s think about this in practical terms. Suppose you’re my landlord, a person who owns multiple rental properties, many being old homes split into apartments. It’s not like a big apartment complex where you have a standard lock for all doors. You replace some as you go, buying whatever is cheap, sometimes having a locksmith fit a new one. You don’t have one key that can be a skeleton key for myriad different apartments. If you get a bump key for when your copy gets lost, for when you’re on site and need to let somebody in, for when a resident changes locks without telling you (perfectly feasible), &c., you would only have limited access to the locks on your rental properties. You’d have to get a bump key for each type of lock you have, and you’d have to learn the techniques, if you wanted a back-up system rather than dropping money on a locksmith every time you got into a bind.

As an alternative, you can buy a cheap set of picks and have one tool for the job. (Or one of those lock-smith-bouncing-gun dealies.)

As a landlord who may need access sans key, I can’t see the bump key really providing any sort of panacea for your problems. You’d still have to learn the basic principles involved and practice to get it right, and you’d still have to tool your bump keys to work.

From the angle of your own personal safety, it’s not like a burglar with a pocket full of bump keys is going to look any less suspicious than a burglar with a pocket full of lock picks. And he probably won’t operate much faster. And, according to the methods given, he would probably make a lot more noise. From the method given in the Dutch Police report, the burglar would have to make a noise that I imagine would sound similar to using a brass knocker on your front door in order to get the bump key to work. It’s hard to be stealthy when the list of tools includes a hammer!

Mods: I’ve tried to stay well within the spirit of the rules: no methods, no links, and a practical topic of discussion.

js, very nice explanation. Thanks.