Locksmithing industry changing- how should I plan?

[JackNco]

RFID has been hacked sometime ago. It can now be used to transmit viruses, etc.

Until the security issues are resolved (not possible in my opinion), this technology is on shakey ground. It will always be a plaything of deconstructors.

The current enthusiasm about it is mainly by people who wish to peddle it.

Much like "unpickable" locks. Hahahahahahaha.


.

Have to disagree, RFID has not been hacked, a university proved that in certain conditions where the RFID Reader would except data from the RFID could accept data a virus in theory could be transmitted. but an RFID can only store a small amount of data. the virus woudl have to be very small and basically written in assembly code to do any good.

So its only really a risk for big industry and governments. my Uni already has RFID locks in place, and they can track us round the uni by them.

RFID is already in place here in the UK. no idea how a lockie woudl deal with it if it went wrong.

John

[Father Time]

Have to disagree. I've been keeping my finger on the pulse of hacking community for years.

For your education:

http://www.wired.com/wired/archive/14.05/rfid.html

http://www.rf-dump.org/

These are the tame sites. I don't want to give out hacking information here, but rest assured, RFID is about as secure as Internet Explorer.

It'll either change or join Betamax in the dust bins of history. Can't continue as it is now.


.

[raimundo]

far more than mechanical breakdown, the mechanical lock fails most often when keys are lost. how many bikes do you see rusting away at bike stands, many of these are actually abandoned by the owners who lost the key and can think of no way around the problem, perhaps some of them figure that eventually, they will clean house and find the spare key. In any case, I have solved this problem, with a universal key system that can be secured against loss by pinning it to clothes,
Muahhahhahaha

[nezumi]

RFID CAN be hacked. However for instance if you stole my government ID and went to break into my office you'd either have to deal with the fact that the picture on the badge doesn't match your face, or the fact that the doors are all locked (with medecos!)

The RFID the gov't uses also requires you get within about 6 inches or less of the card to read the information. I haven't practiced with my badge too much, but I know my metro card (which is also RFID) will not function if I put a piece of paper (my bus pass) between it and the edge of my little badge packet. By work badge seems to be only marginally stronger (or they're better readers), but it's still within two inches. You'd have to know I have access to what you want, be able to make a new RFID card with your new picture, and have the balls to walk past two security guards and my coworkers with a fake ID. Certainly possible, but not significantly easier than it was before (when you just flashed a photo ID).

[Grudge]

nezumi has some good points but they mostly rely on the fact that his office uses some 'defense in depth' techniques such as security guards (which is
critically important).

Here are some counter points. 1) At a recent Defcon they manage to read an RFID card at 69 feet. Remember you don't have to use standard 'reader' signal strength. 2) Medecos are great but not if the lock can be bypassed with info off of Amazon.com (won't go into it, but bypass techniques are often possible). 3) Most security guards are brain dead from boredom and barely look at ID cards (after all, 'nothing ever happens here'). 4) RFID info can be 'stolen' (the tag never has to leaves your body) so you could make your own RFID ID electronically and with Photoshop have your picture on a 'badge' too.

Security at his site MIGHT be rock solid BUT you can't simply rely on one security solution (RFID) to fix your problems (but a lot of people seem to thing so). The more confident you are that NOTHING could go wrong breeds the type of 'can't happen here' confidence that security penetration testers thrive on.

[pizarro]

RFID is already in place here in the UK. no idea how a lockie woudl deal with it if it went wrong.

It would all depend on how it whet wrong, and what it would be used to secure. If it did go completely wrong, then the best solution may be to attack the physical locking device, instrad of all the electronics controlling the locking device.

How would you get through a door if it had an RFID lock that is broken?
probably very similarly to how you would get through the same door if it had a normal lock that was broken. It all depends on context and surroundings.

[nezumi]

Here are some counter points. 1) At a recent Defcon they manage to read an RFID card at 69 feet. Remember you don't have to use standard 'reader' signal strength.

Keep in mind, there are two 'types' of RFIDs. I forget the precise names for them. The one kind has a much higher range (and that's what's used at stores for theft prevention, for instance), the other has a range of up to 6 inches, and is severely hampered even with a more powerful transmitter. The government has settled on using the latter (thank goodness).

Regardless, the new standards are much better than they were before. I've heard stories of government labs with samples of anthrax or other diseases with nothing except a locked front door (which is only locked during non-business hours) keeping people out. No guards, no ID checks. An RFID controlled door is better than an open one, says I.

[nezumi]

Alright you lazy apes, why don't we stop talking about this and start doing things?

Contact Fox news:
http://www.foxnews.com/story/0,2933,77538,00.html

Give 'em a call. If each of us gives them a call about their biased reporting, that WILL make an impression. I plan on calling tomorrow at lunch.

Secondly, pick locks in public. Make sure people are aware this isn't something done by scummy men in back rooms while doing drugs, but a respectable hobby done by intelligent people in public.

Thirdly, I fully support putting stuff on youtube about how biased fox news was in this report. Don't put up emotional tripe like they do though, make a REAL news report, with both sides. Call fox news and ask for a statement. Report what they have to say. Get comments. Get the news out. If Fox gets egg on their face for insulting a group of intelligent people like us, they'll think twice next time.

[2octops]

I think this thread took a tangent.

Hard locks wont be leaving the planet any time soon. Everyone thought that automotive locksmithing would go away once VATS was introduced, but that was a long time ago and I'm still in business.

Locks are advancing, so you need to tag along and advance with them. Check out some of the classes put on by your local or state association as well as distributors, ALOA and others. They are the best way to stay up to date with the industry.

I have no clue what kind of work y'all are doing now, but I know plenty of people that specialize in one area like automotive or commercial. Both are very lucrative and wont be going anywhere in any of our lifetimes.

Commercial will open many doors (no pun intended) for you to advance your skills into more than just lock picking. One of my guys does nothing but commercial door repair. He does everything from fresh installs to repairing everthing attached to a door like closers, hinges, frames, thresholds, ect.

The term locksmith is very general and I don't know many that do the same thing for a living.

[nezumi]

Carp, I posted this in the wrong thread! If an admin can delete my above post, that'd be good

[Grudge]

Keep in mind, there are two 'types' of RFIDs... Regardless, the new standards are much better than they were before. I've heard stories of government labs with samples of anthrax or other diseases with nothing except a locked front door (which is only locked during non-business hours) keeping people out. No guards, no ID checks. An RFID controlled door is better than an open one, says I.

That is totally true, there are many different kinds of RFID tags, some active (have their own power) some passive (gather power from the reader) and the tag itself can be as simple as a chip that parrots back a fixed number to a small computer that generates a unique key each time, stores a lot of information and updates itself.

The RFID cards used in my building are the simple 'parrot a number' variety and these represent the most common type I have seen deployed. Almost everyone I have met thinks these cards are 'secure' and have never thought that you could 'clone' one or hot wire into the reader and send a number down the line. The whole point is you need to know about the technology you have so you can know its limitations. Even then, defense in depth is crucial because you should NEVER rely on a single system.

[HeadHunterCEO]

So I have just recently got a job with a locksmith. I love what I am doing, but I am afraid that 10 years down the road I will be underdeveloped technology wise. With that in mind, what would you guys recommend as the best things to start learning now for the years ahead....low voltage, RFID, computer programming...etc??? Thanks.

i think you will find that your talent in one discipline or another will be the deciding factor. If you are brand new to this prof then learn and master all the basics first. access control is still grounded in the basics. You need to know how to shim out a door hinge before you go mounting full mortise shear magnets.

if you stay a locksmith then your future lies in securing doors
learn about what you come across out there
Master what products you install
Pay attention to what your customers are looking for

[raimundo]

RFID is a generic term, much discussion about different types, and no one has used the commercial names, checkpoint, HID, honeywell, westinghouse, indigo, are some that come to mind, there are others, the RFID tag is not only a key card, its also used as a card installed on shipping containers, and trucks, railroad cars. etc. there are a lot of variations and we should put specific information about them linked to their discriptions, brand, model.

[raimundo]

So someone has an rfid card with say a six foot range of effective use, you could stand near the door and wait til someone comes or goes, and just open the door, it would seem that the signal would still be operative after they pass through, and while they are still within the range. absolutely as low tech as possible just walk in while someone who has a card is near. is this a flaw that has been dealt with? Anyone with the card tried this with someone who isnt carrying a card? Just a thought, maybe it happens.

[Roger E]

77luke wrote:
Thanks for the input guys....keep it coming. I was interested a lot in electronics when I was younger- but then the math scared me away.

Luke, I am in the same boat. I took a vocational electronics course in high school (many years ago!), and I was really interested in amateur radio, but I couldn't seem to get a handle on the math. As a result, I didn't think I had the aptitude to deal with electronic access control technology.

My employer sent me to some training at Lockmasters Security Institute last year. The first week was basic electricity, and the second week was access control technology. I was AMAZED at how much I learned! If you've had any exposure to electronics, which you have, you probably wouldn't even need the first course. We started from scratch, and in no time at all the instructors had us wiring up fairly complex systems with biometric readers, electric strikes, alarms, you name it. When I stood back and observed the mass of wiring on the lab table, I could not believe that I had actually put it together, but I understood what it all meant.

I'm sure there are many other reputable training programs of this type available, and there are also several introductory electronic texts on the market which are much more user-friendly than years ago. The important thing to remember is not to let an aversion to math keep you from learning more about access control technology, because you can work around it.