Break That Spine
When it comes to physical door locks, most people think that a lock is a lock and there is no real difference. Sure we have all seen those crazy looking keys with dimple locks, laser etching, magnetic pins or double bidding etc but the lock itself is just a lock … Right?
This article is going to explore how attackers can quickly defeat most European door locks in under a minute and what home and business owners can do to prevent such attacks.
Lets first understand how a European lock works, to get an idea of how to defeat it.
Many people think of a door lock as the entire locking apprentice, which consists of everything from the door handles, dead bolts, plunger, key way, etc. However, in most of Europe, the lock itself is actually an inserted and interchangeable component that goes into the door, which is located where the actual key goes in. This allows for a person to quickly change the lock in case you need to rekey a door. A typical example of why this is useful might be if you have lost a house key, in which case you can quickly change the lock which will fit a completely new key, rather than having to change the entire lock housing or actually rekey the existing lock.
The image above shows a typical European door lock, where the cylindar, circled in green can be removed for quick replacement.
Another important part of European locks is that they operate on a cam system, which is located in the center of the lock, which means that when you turn the key, a cam rotates to (dis)engage the lock. The fact that this cam has to rotate within the center of the lock, means that the metal comprising the lock has a absence of metal in the middle. The absence of metal in the middle of the lock means this presents a sever weak point of the lock.
For our purposes, and what matters to an attacker, are the two points above (which makes these locks vulnerable)
The lock itself is designed to be removed from the rest of the lock housing
The lock operates a central rotating cam where metal of the lock is cut away
This presents an attacker with two options of breaking many European door locks, that being either breaking the lock entirely or pulling the plug out from its housing. This article will be focusing on breaking the lock’s spine, or its central weak point.
Breaking The Lock & Snapping The Spine
Breaking the lock is just like breaking a paper clip, which nearly everyone has done at one point in their life. By wiggling the paperclip at a specific point, back and fourth it weakens the metal and eventually causes the paperclip to snap, this is in effect exactly how to break a door lock. Because the center is the weakest point (where the cam is located), we need to wiggle the metal in that place to weaken it, which will then break. This is known as breaking the spine of the lock.
The question then becomes, what exactly do you grip onto to wiggle the lock? With a paperclip, you just grab both ends, but how do you grip a lock to create the same stress? It turns out, that many, if not most, European locks actually protrude out a few millimeters, which is just enough to grip onto with special equipment such as the one shown below, and because the lock is fastened into its housing, gripping one side is actually all that is needed to create sufficient stress on the center.
The device above is a design from Multi Pick (the link to which can be found at the end of this article) that is designed to grip onto the Euro cylinder locks and then break their spines. It fits over the protruding Euro cylinder, and with it’s very sharp teeth firmly grips onto it. Tightening the device with a hex key creates a firm grip onto the lock which can then be wiggled to weaken and eventually break. Just like with a paperclip, gentle back and fourth, up and down movements on the device will quickly weaken the lock’s center by putting various stress on the metal, and within about a minute the lock will break. Once this happens, the broken lock can be removed from the door entirely and a screw driver can be used to turn the locking mechanism to unlock the door.
Below is a collection of broken Euro Cylinder locks I’ve collected, the bottom one you can see the spine of the lock (broken) is all that would hold it together, while the empty middle is where the rotating cam would be.
Preventing The Snap
Many European lock manufacturers make specially designed locks that have built in weak points along the lock that are designed to break instead of the spine. Think of it like a paperclip that has many pre made cuts along it, if you attempt to wiggle and break the paperclip , it will be one of these already weakened points that breaks first.
The photo above is Yale’s Platinum 3 Star Anti-Snap Euro Cylinder, which is specifically designed to snap at any spot except the spine. Many lock manufactures have similar locks to prevent these types of attacks.
In this case, the lock will break towards the front of the lock (the attacker’s side) along one of the precut lines, instead of the spine where the cam is located, thus preserving the integrity of the lock. You will no longer be able to open the door from the outside, as the front bit of the lock is now broken, but the lock will still be engaged, and the attacker will not have gained entry through this method.
Another method of resisting such attacks is to either get a well fitted locking cylinder that stays flush with the lock housing, or to get a lock housing cover which will remove any protruding part of the cylindar for attackers to grab onto.
The moral of the story, is that a cheap lock may save you a few dollars up front, but may cost you everything inside your home. Choose wisely.
Every tool and lock mentioned in this article can be found below.
Yale’s Platinum 3 Star Anti-Snap Euro Cylinder
https://www.amazon.co.uk/Yale-B-YS3-4040B-Platinum-Anti-Snap-Cylinder/dp/B06X6GV67Q
Multi Pick’s Euro Cylinder Cracker
https://shop.multipick.com/en/Lock-Cracker-Special-for-Euro-Profile-Cylinders
Training Resources:
For individuals looking for a hands on training that includes all of the above topics, Covert Access Team (covertaccessteam.com) provides training courses focused on physical penetration testing, lockpicking, bypassing techniques, social engineering and other essential skills.
Covert Access Training - 5 day hands on course designed to train individuals and groups to become Covert Entry Specialists
Elicitation Toolbox Course - 2 day course of that primarily focuses on elicitation and social engineering as critical aspects of Black Teaming
Cyber Bootcamp for Black Teams - 2 day course designed explicitly for physical penetration testers who need vital cyber skills to add to their toolbox.