This Little 3-D Printed Robot Cracks Combination Locks in 30 Seconds

samyrobot2-S

CAREFUL WHAT YOU 
leave in your lockers, high school students and gym-goers. An invasion of 3-D printed robots may be coming, capable of popping one of the world’s most ubiquitous brands of combination locks in as little as half a minute.

On Thursday, well-known hacker Samy Kamkarpublished on his website the blueprint and software code for a 3-D-printable Arduino-based lock-opening robot he calls the “Combo Breaker.” Attach it to any of millions of Master Lock combination locks, turn it on, and it can take advantage of a Master Lock security vulnerability Kamkar recently discovered to open the lock in a maximum of five minutes with no human interaction. “The machine pretty much brute-forces the lock for you,” says Kamkar. “You attach it, leave it, and it does its thing.”

In fact, the Combo Breaker is programmed to do far better than a mere brute-force attack. It takes advantage of a mathematical trick Kamkar revealed last month that allows anyone—with a little practice—to find the combination of a low-end Master Lock combination lock in only eight tries. That technique takes advantage of a manufacturing flaw: when the U-shaped shackle of one those combination locks is pulled while its rotor is turned, the cracker can feel resistance on certain numbers that help to reveal the position of the “combination disks” that determine the combination that opens the lock. In combination with some restrictions in possible combinations that Kamkar mathematically deciphered and encoded in a web-based tool, Kamkar exploited that information leak to cut out all but a few possible combinations. The resulting manual technique is easy enough—writers at Ars Technica who tested it, for instance, were mostly able to pull it off after a couple of tries.

Categories: