Dominic leads a very interesting life. His full time job is in computer security, on the side he white hacks various companies and offers them solutions. He also runs a well known 3D print YouTube channel. Dominic also likes to pick locks and more importantly take them apart.
We first met Dominic at hack fest in Quebec city, he was hanging around the 3D printing village. 3D printing really has two sides, printing and designing. Dominic has the skills for both and we have used his talents to prototype items over the years, the Sphere is an example.
Emails with Dominic always had a fairly standard flow of: I am working on this, picking open that, have a nice summer. Then 2021 it changed..... "I can pick open a lock with a zip tie. An expensive high security one."
Sentences like that really grab our attention, it quickly brings back memories of Kryptonite locks being picked opened with Bic pens or Kaba push button locks being bypassed with magnets.
Our reply was pretty crude "More information required. Is it a custom Lock pick?".
Dominic had actually been sitting on this bypass method for sometime. He had even reach out to Alligion the manufacture several times. His proposal was to be a paid product tester for them. Given his back ground as a professional pentester and someone who just picked opened one of their high security locks with a Zip tie it was reasonable. His original white hat hacker idea was for this bypass method to never become public. Inform Alligion and have them develop a fix for older models and reengineer the existing one to prevent the bypass. If no one knew what the bypass ever was this would certainly be a solid solution to a problem that only a very few people knew even existed.
After more than a year of "maybes" from Alligion Dominic felt like they were stalling and would never move forward with suppling a fix for all the vulnerable Schlage C0 Series (electronic pin access) locks that had been sold.
That is when he sent SPARROWS the email "I can open a lock with a zip tie. An expensive high security one."
Dominic wanted a way to get the hack exposed and force large companies to take responsibility for the security of their products at the same time get some press for himself as a security professional.
This is where Adam Bluestein comes into our story. SPARROWS had been running a lock pick village for several years at an event called Fireside (Steven and Daniel bring back Fireside). It was at one of these events that we had met writer Adam Bluestein and he expressed an interest in writing a story on lock picking. Adam is the real deal having published stories in Fast Company, Men's Journal, Bloomberg and many other publications.
Adam wanted the story and so did Bloomberg Business week. Given the size of the audience that this would reach Dominic was exited to make his bypass public. Over a period of a few months SPARROWS helped Adam in reaching out to Dominic and various other members of the community like Bosnian Bill, Serepick, The Lock picking Lawyer and we also directed him to those he should be aware of like Lock noob and the OG's like kokomo lock and Wizwazzle.
Almost all of these names are mentioned or were interview for the article. Adam did a very though job of describing the community, its members and the awkward position that lock manufactures find themselves in as lock picking becomes a more accessibly hobby.
The one thing the article did not really show was HOW the bypass worked in detail.
So here it is.
HOW TO PICK OPEN A $400 LOCK WITH A ZIP TIE
To bypass an electronic pin access control Schlage C0 Series you need to modify a slim zip tie. Zip ties are perfect for the job because you need the flexibility and their nylon construction lessens the possibility of damaging any of the internal electronics.
On the left and right side of the zip tie close to the tip you add a series of cuts that flair out like a barb.
This zip tool is then inserted in the drain hole in the base of the lock and travels about 10 cm up. Once in position you work the tool so that one of the barbs can snag on an arm (black in the photo below). Once snagged you slowly pull the zip tool 1cm down and the locking post will be depressed. Now try the handle and it should be unlocked. Job done....... a $400 lock opened with a $0.05 zip tie.
Not only did Dominic develop the bypass he also made a fix. The Tie Breaker. So if you happen to have one of these locks at work we have a solution to make it safe from zip ties.