Unlocking the Secrets of Security: An Interview with Mark Tobias

In the world of security and locks, few names are as renowned as Mark Tobias. Recently, we had the pleasure of sitting down with him to discuss his groundbreaking new book, “Tobias on Locks and Insecurity Engineering.” This captivating interview delves deep into the intricacies of lock manufacturing, the challenges of security engineering, and the fascinating vulnerabilities that often go unnoticed.

A Conversation with Mark Tobias

Tobias on Locks and Insecurity Engineering

Mark Tobias has recently released a book that’s been causing quite a stir in the security and lockpicking communities. Entitled, “Tobias on Locks and Insecurity Engineering,” the book is a detailed guide on the complexities of locks and the often-overlooked vulnerabilities that can compromise even the most secure systems.

“This is my eighth book,” Tobias mentioned. “I decided to write about my experience, especially as a lawyer, because all of security is about liability.”

The Birth of Insecurity Engineering

Tobias highlights a critical issue in the world of lock manufacturing – insecurity engineering. “We work for all the major lock manufacturers, both in the U.S. and Europe, and the Middle East. And the problem is what some of them are doing is insecurity engineering,” Tobias explained. “They are not thinking their way through bypass problems.”

The book itself is a 700-page tome full of detailed history, legal insights, patents and intellectual property details – all crucial elements that go into the making and securing of locks. Tobias describes the public’s common misconception about locks as being simple and easy to secure, highlighting the sophisticated and complex engineering that truly goes into making them work both properly and securely.

A Pandemic Project

Mark revealed that the book was a product of his pandemic sabbatical. “I decided during the pandemic, traveling, I wasn’t being interrupted. That was my COVID sabbatical. And I was lucky I didn’t get it. I lived in Pennsylvania where we didn’t have a problem, where I lived. And so I sat for three years and wrote the book.” During this time, Tobias meticulously documented his extensive knowledge and experience, creating a comprehensive guide for industry professionals and enthusiasts alike.

An Insider’s View of Security Failures

The book is not just theoretical; it delves into real-world examples of security failures and how they were rectified. Tobias discussed several notable instances where lock manufacturers had to address security vulnerabilities following his and his team’s discoveries. “For instance, Medeco—a company whose locks we deconstructed in our previous works—had to admit their locks were not as bump-proof as they claimed. This revelation forced them, and many other companies, to rethink their designs and improve their security measures.”

Tobias also discussed the importance of patent awareness and practical knowledge for mechanical engineers, stressing that many are taught theory but lack practical application skills. “These engineers, when they go to work for lock manufacturers, often have no imagination. Now I’m generalizing, but they don’t have any imagination,” he said, emphasizing that practical problem-solving skills are essential in the industry.

The Evolution of Lock Security

One fascinating aspect of Tobias’ book is the evolution of lock security. The narrative takes readers back several centuries, detailing the methods used to bypass lever locks, pin tumbler locks, and warded locks. “I went back 4,000 years in history. That’s probably the best read I’ve ever done in my life,” Tobias remarked. The book offers a rich historical context that enhances understanding of modern security challenges.

Real-World Applications and Future Directions

Tobias and his co-author, Tobias Blaise Manus, have spent years honing their expertise. They’ve consulted for many lock manufacturers, aiming to improve security designs and address vulnerabilities. The book also outlines 180 rules Tobias developed over the years, beginning with the premise that “all security is about liability.”

The Impact of Modern Technology

The integration of electronics with traditional mechanical locks presents new challenges. Tobias talked about some vulnerabilities his team has exploited involving the interface between software and hardware. Projects like using the Flipper Zero device to clone hotel room keys and manipulate Tesla doors illustrate the ever-evolving landscape of security threats and the need for continuous innovation in response.

The Three-Two Rule: Time, Tools, and Training

Central to Tobias’s methodology is the 3T2R rule, a framework designed to assess the security of a mechanism. The rule stands for Time, Tools, and Training, followed by Repeatability and Reliability. This rule helps in understanding whether a lock is truly secure by considering not just the theoretical aspects but also practical, real-world scenarios.

Major Security Cases: A Look Back and Forward

Tobias’s book also covers major security cases, such as the vulnerabilities found in Kaba’s push-button locks and the subsequent industry changes. “Look at the Kaba nightmare in 2010 with the push-button lock that can be opened in two seconds by a magnet. … One of the critical components in that lock, and there are millions of them, is magnetic,” Tobias explained. This example underscores the need for continuous vigilance and innovation in lock security.

What’s Next?

Tobias isn’t stopping with his latest book. He revealed plans to work on a second edition that will address attacks on electronic cylinders and residential-grade electronic locks, which are increasingly becoming targets for various forms of attacks. “Residential grade electronic locks are so vulnerable to every form of attack going,” Tobias noted, hinting at a future filled with more rigorous security challenges and solutions.

Insecurity Engineering Conversation with Marc Tobias Final Thoughts

Wrapping up the interview, Tobias emphasized the importance of feedback from readers and the industry. “If you find anything wrong or want updates, get a hold of me. My email address is in the book,” he encouraged, showcasing his dedication to continual improvement and community engagement.

Conclusion

“Tobias on Locks and Insecurity Engineering” is more than just a book; it’s a comprehensive guide that merges historical context with modern challenges, providing invaluable insights for anyone involved in or curious about the field of security. Whether you are a professional locksmith, a security engineer, or simply an enthusiast, this book promises to be an essential addition to your library.

Pick up a copy of “Tobias on Locks and Insecurity Engineering,” and delve into the world of locks, security, and the ongoing battle against vulnerability. Follow the link in our description to secure your copy today!

Author’s Note: Stay tuned for more insights and updates from the world of locks and security engineering.

Insecurity Engineering Conversation with Marc Tobias

Locksmith Training: Terry Whin-Yates is a 3rd Generation Locksmith with over 35 years of Locksmith Experience. Terry has a Criminology Degree from Simon Fraser University.

A prolific content creator, Terry manages the popular 24Hr Mr. Locksmith YouTube Channel, which boasts over 200,000 subscribers and has garnered more than 25 million views. Through his YouTube channel and other platforms, Terry shares valuable insights, tips, and tutorials on locksmithing, reaching audiences worldwide.

Course curriculum

• 157 lessons
• 7.5 hours of video content
• More info added weekly

Terry Whin-Yates

Terry Whin-Yates is a 3rd Generation Locksmith with over 35 years of Locksmith Experience. Also, Terry has a BA (Hons) in Criminology from Simon Fraser University.

Terrys’ 24Hr Mr. Locksmith YouTube Channel has 200,000+ Subscribers and 25+ Million Views:

Terry Whin-Yates participates in locksmith podcasts, he writes blogs and posts locksmith videos on YouTube, Social Media, Webinars and has Hands-On Locksmith courses for Law Enforcement, Beginner and Advanced Locksmiths in Canada, USA, South America and Asia.

For Locksmith Training go to Mr. Locksmith Training

Locksmith Training