Security Issues, Articles, Alerts

Prescription Drug Containers : They are not secure against simple attacks

We’re sorry. You do not have permission to access this content. Please sign In to be granted access.
Sign In

Magnetic Trips On Alarm Systems Can Be Easily Bypassed


Magnetic trips are based upon simple reed switch technology, are not secure, and can be easily defeated by magnets, as shown in the video.

Kids and burglars have figured out how to circumvent the system by placing a small magnet next to the trip, which blocks the detection of the absence or the removal of the normal magnetic field that occurs when the door is opened.

Parents in Florida have found that after setting the alarm at night, their kids figured out the way to defeat the system and sneak out at night without setting off the alarm. Likewise, burglars can place very small magnets next to the door trip during business hours within a commercial facility, and then enter after hours. If no other detectors are in place for the protected area, then the door trips will not trigger an alarm.

The magnet that we used in the demonstration cost about $.25 at Home Depot.

Security Engineering Failures In Lock Designs And Legal Liability

Lock manufacturers can be liable for designs that have serious security vulnerabilities. Several class action lawsuits have been filed against lock makers for such design issues. Especially in the United States, liability can attach, especially is someone is hurt or killed, or significant property damage occurs. Essentially the rule is that if the lock has a state-of-the-art design and the attack is also complex or sophisticated, then the manufacturer will not be liable. However, if the design defect is simple and should have been anticipated, and the attack is also simple, then the lock make will be held responsible.

We have reduced this premise to our 3T2R rule, which states that the criteria is Time, Tools, and Training. If training to learn the attack is minimal, required tools are simple, and the time to bypass the mechanism is minimal, then liability will generally attach. However, if the reverse is true, then the lock maker should not be held liable. The other component to the test is Repeatability and Reliability of the attack. Just because there is an exploit does not mean the lock is not secure. However, if the exploit is both reliable and repeatable, then obviously there is a problem. Remember, all security is about time delay, and all Standards are also based upon the time it takes to defeat the lock.

Many lock makers have argued that they are not liable or anything because the locks were not used in their normal anticipated state. This is not correct, because locks are designed to be attacked. That is also why we have standards to assess their resistance to forced and covert entry.

There are several cases in this area that are instructive.

Kryptonite bike locks were attacked in 2004 by Marc Tobias, Matt Fiddler, and others, through the use of a ballpoint pen. The design engineers failed to “connect the dots” between the design of a tubular pin tumbler lock, impressioning technique, the diameter of the keyway and its correlation to the diameter of common plastic ballpoint pens. The defect was disclosed by Marc Tobias in 2004 and led to the recall of 350,000 locks, at a cost to the company of $10,000,000. The design issue also affected Kensington and its computer cable locks, and Harley Davidson motorcycles, as well as elevator control companies and others that utilized tubular lock designs in vending machines and alarm panels.


The Kaba Simplex 1000 push button lock was the subject of a class action lawsuit in 2010 because the locks had a fatal design defect that allowed them to be opened with a strong rare-earth magnet in seconds. These locks can be found in millions of installations including airports, banks, universities, hospitals and other areas that require some level of access control. The problem with the design was a critical component that was subject to magnetic fields. While the lock was designed in 1965 when the first patent was issued, it was still being sold in 2010, so 1965 standards did not apply with regard to security.

Kaba response to class action lawsuit Kaba_response

One of the best deadbolt locks made by Medeco was knocked-off and produced in Canada. The company copied a design defect that was corrected by Medeco in 2007.  The engineers that developed this lock failed to understand that the entire security of the system was based upon two tiny screws that retained the plug within the cylinder.

HP is a trusted company, and consumers believed they knew what they were doing when they designed their laptop lock to compete with Kensington, which is the leader and innovator in the industry. HP introduced a lock that was subject to attack within a couple of seconds and offered essentially no protection against theft.

HP produced an easily defeated laptop lock, which is an excellent example of insecurity engineering. Watch the video.

Stack-On is one of the largest gun safe and vault manufacturers in the United States. They produced a series of safes that were deemed defective in design and one of their safes caused the death of a three year old, which was examined by KENS-TV in Austin, Texas. That video report can be found on this site.

A class action lawsuit was filed by Marc Tobias and Larry Drury in 2012 and ultimately settled by the company without admitting liability. It cost them several million dollars.

Unsafe Gun Safes Can Be Opened By A Three-Year Old

Prescription Drug Containers Insecurity: An Overview

Security Laboratories did an extensive analysis of prescription drug containers produced by several different manufacturers in the United States. Watch the introduction and overview by Marc Tobias and Tobias Bluzmanis

I interviewed Dr. Bud LaTeef in Pittsburgh, Pennsylvania. He is a pain management specialist and developed a supposedly secure drug container several years ago and has sold many of these to clinics and individuals. I interviewed him about his design and philosophy. Unfortunately the team that developed his container knew little, if anything about secure product designs. Watch my interview with him, then how we compromised his container in seconds.

We analyzed another container called the PillPod. This is actually a neat design, but can be relatively easily decoded by a teenager. Watch our analysis.

SaferLock was invented by two college students and is a good idea, but defective in its design. We developed several methods to compromise the container.

Finally, we analyzed several containers made by Vaultz in Cleveland, Ohio. While these containers are secure, the locks are not. Watch how we instantly opened these containers.

Read the full article in Forbes and watch the other relevant videos about this topic.

BoxLock Padlock To Protect Containers From Access: Defective Design

Theft of packages is on the rise, especially with the heavy reliance on deliveries by Amazon, FedEx and the postal service. We analyzed two approaches to protection for containers that are left outside of residences or buildings. These are produced by a company called CleverMade, and by BoxLock.

Read the article in Forbes and watch the video segments.


An Answer To Porch Pirates Is CleverMade And It Is Not Good

A company called CleverMade produces a product to protect against the theft of packages from a secure container that can be opened by delivery people from UPS, USPS, and FedEx. The CEO, in an article in Forbes, said the container was a good deterrent. That may be, but it is definitely not secure. Read the article in Forbes and watch the video segment that we produced.

Secure Doors and Glass Inserts: Wendt Security Center Germany

In Europe, secure doors and glass meet higher standards than in the United States for forced entry. Doors can cost up to seven thousand dollars.

Watch Addi Wendt demonstrate attacks on glass, and describe the construction of doors. Addi was the president of the Lockmasters European Security Group and developed a global reputation for innovation in the design and manufacture and sale of covert and forced entry tools. He died in 2019, and his two sons, Sascha and Enrico are now  running the company from Bergheim, German. They maintain a training and security center and serve locksmiths and government agencies worldwide.

Security Labs is proud to be part of the Group/.

Interview With Professor Ross Anderson At The University Of Cambridge

Professor Ross Anderson is one of the leading experts in the world on computer network systems and their attack. He has written one of the best references on “what can go wrong” with system design in his classic book “Security Engineering.” The book is in its third edition and I highly recommend it to every software and hardware engineer.

Watch my interview with Ross Anderson at Cambridge.

Analysis Of Lasershield Alarm System: Easy To Defeat

Lasershield alarm systems were heavily advertised a few yeas ago as an easy-to-install alarm system for apartments, dormitories, and residences. The systems is abased upon a totally wireless approach, operating at 433 MHz. We analysed this system and met with their design engineers and determined that the systems could be easily compromised with a handheld two way radio transmitting on the operating frequency for the alarm receiver.

Watch my demonstration. This should be a wake up call for other alarm systems, some of which can be easily defeated.

Lishi Tool To Open VAG Vehicles In About A Minute: LockFest 2016 Czech Republic

I interviewed one of the most clever and well-known covert entry tool designers in the world, from China, Mr. Li. He has designed many tools to open different vehicle locks rapidly. These tools are sold by Wendt in Germany as well as other vendors.

The World (supposedly) Safest Locks Easily Defeated By Paper Clips, Screw Drivers

Read the Homeland Security Newswire that discussed our presentation at a cyber security conference and how easy it was to defeat the security of some locks by paper clips, screwdrivers and other simple implements.

The world (supposedly) safest locks easily defeated by paper clips, screw drivers _ Homeland Security Newswire

Lock Bumping: An Inherent Threat In Pin Tumbler Locks

Lock bumping was introduced in the media in Europe in 2005, first in Germany on national television. In 2006, Marc Tobias met with several lock manufacturers to discuss the threats to security and in 2006 he went public in the United States at Def Con and on many television networks. The Association of Locksmiths of America attacked him as both irresponsible and that the problem really did not exist.

The technique of lock bumping was actually first discovered and patented in England around 1925, and was used by our intelligence services during WWII. it was largely forgotten until the 1980s when a series of burglaries occurred in Denmark, using the technique.

It became a major security issue in the U.S. and Europe after 2005 and lock manufacturers scrambled to deal with the issue. As a result of disclosures by Marc Tobias, Tobias Bluzmanis, Barry Wels, ToooL in the Netherlands, and other groups, it was demonstrated and understood that even high security locks could be bumped open. Today it is one of the primary tests to determine the security of locks, and is part of the ANSI and UL standards.

Read the articles that Marc Tobias published for the industry regarding lock bumping and how it worked, and why it was a threat. The subject was also treated extensively in “Open in Thirty Seconds: Cracking one of the most secure locks in America.”

Lock Bumping; A Threat to Physical Security_

White Paper: bumping_040206

Open letter to ALOA on lock bumping: ALOA RESPONSE

Read the article published by Marc Tobias on the ethics of full disclosure and non-disclosure by lock manufacturers:  Ethics of Full Disclosure

Lock bumping received a great deal of publicity in the media, both print and television. Read the article on KELO-TV.

KELOLAND.COM_ News, Weather and Sports for Sioux Falls, South Dakota, Minnesota and Iowa

Watch the special report on KELO-TV South Dakota, the statewide CBS affiliate.

Read the article posted in the Argus Leader, Sioux Falls, SD on lock bumping threat, posted in 2006..

Argus Leader – Business

Stack-On Gun Safes: Security Analysis By Security Laboratories: 2012

In its Federal class action lawsuit, Marc Tobias and Larry Drury alleged that certain designs of Stack-On gun safes were defective. It is the opinion of Marc Tobias that Stack-On lacked competence in security engineering to understand the issues involved to make their safes secure. There have been several recalls by the CPSC regarding their safes, and there is significant evidence that the design of one of their safes led to the death of three-year-old Ryan Owens in Vancouver, Washington.


Stack-On has never admitted any liability, nor that there designs were in any way unsafe. As a lawyer and physical security expert, i would highly recommend that no consumer purchase any Stack-On product to protect weapons.

Watch our videos of the analysis of different Stack-On designs.





“Devils Ring” Magnetic Attack On Electronic Locks: Addi Wendt at Lockmasters Europe

Video interview with Addi Wendt

The Magnetic Ring Attack on Electronic Locks – Schneier on Security is a round aluminum enclosure about four inches in diameter that contains several magnets in a concentric circle. When spun around some of the earlier designs of electronic cylinders, it would cause them to open. This was a significant security issue for lock manufacturers. Watch the video with Marc Tobias and Addi Wendt, President of the Lockmasters Security Group in Europe.[/vc_column_text][/vc_column][/vc_row]

Magnetic Ring with four magnets positioned with opposite poles


The photograph shows the Devils Ring, with metallic rings that are attracted to the internal magnets to show their position. There are four magnets within the ring.

Master Keying Vulnerabilities Disclosed: New York Times 2003

A 2003 article by the New York Times examined the security vulnerabilities of master key systems, especially in apartment complexes. Matt Blaze first reported on the issue, and Marc Tobias was also quoted in the article.

In the research paper, Mr. Blaze applies the principles of cryptanalysis, ordinarily used to break secret codes, to the analysis of mechanical lock designs. He describes a logical, deductive approach to learning the shape of a master key by building on clues provided by the key in hand — an approach that cryptanalysts call an oracle attack. The technique narrows the number of tries that would be necessary to discover a master-key configuration to only
dozens of attempts, not the thousands of blind tries that would otherwise be necessary.

Many Locks All Too Easy To Get Past – The New York Times

Gun Lock Security Report By Marc Tobias: Engadget 2004

A detailed report in 2004 was published by Marc Tobias and Investigative Law Offices, P.C. to warn consumers about the dangers in relying upon the security of many different gun locks. Read the report, which detailed an eleven-year boy in Toronto who was able to remove gun locks from weapons in seconds.


Think the laptop lock is secure? Think again: Your Tech Weblog 2006

Computer-hardware makers keep churning out new laptop locks, and Marc Tobias keeps trying to crack them — often with what he says is absurd ease.
Read the story in Your Tech Blog published in 2006.

Your Tech Weblog_ Think the laptop lock is secure

TSA Luggage Locks Art Not Secure: Report by Security Labs

TSA luggage locks are not secure. A detailed report was issued in 2004 by Security Labs and Marc Tobias. TSA_luggage_locks_report

An article was also written by Marc Tobias entitled “Unpacking the security baggage, in Homeland Science and Technology. GDS_TSA

There are seven designated TSA approved locks and keys. Wendt in Germany can provide all of the keys, as shown in the photograph.

TSA Luggage lock keys for all approved locks

Luggage_Key_Set - Copy - Copy - Copy

Editorial About ALOA, Medeco, And Lock Bumping

ALOA, the Associated Locksmiths of America, attacked Marc Tobias and others for demonstrating the ability to bump open pin tumbler locks, and also disputed the information published about Medeco High Security locks. Marc Tobias has been a member of ALOA since 1991. Marc posted an editorial, Part I and Part II to state his opinion with regard to the position taken by ALOA and its Board.



Stack-On Defective Safe And The Death Of Ryan Owens: Media Coverage

The death of Ryan Owens likely could have been prevented if Stack-On Corporation had designed their safe properly so it could not be jiggled open. In our opinion, they had no idea what they were doing and the consequences in using a solenoid design to keep their safes locked. Ed Owens, the father, filed a lawsuit against the sheriffs department in Vancouver, Washington and one that suit. The media reported on the death and the lawsuit. Watch the TV reports where Marc Tobias demonstrated how to open the suspect safe model from Stack-On. The safe was provided by the Sheriffs Office for testing.

This report is from KATU-TV.

This report is from KGW-8 TV


Safe Designs That Use Solenoids Are Not Secure

Many safe manufacturers utilize solenoids to accomplish locking and prevention of the bolt works from moving. Typically a keypad or biometric authentication such as fingerprint is utilized to trigger the solenoid and retract the locking pin.

A solenoid is actually a coil with a ferrous pin in the center. When the coil is energized with a voltage, the pin will retract. The problem with using solenoids as the primary locking system is that they can be vibrated to the open position, often quite easily. This was the case with the Stack-On safe that was the subject of a Class Action lawsuit by Tobias and Drury in 2012, and also the subject of the Def Con lecture in 2012.

Security Laboratories was retained by Ed Owens, the father of the three-year-old victim, to determine why the safe could be opened by jiggling. We utilized a high speed camera to photograph the actual movement of the pin in the lock position.

This was also part of the problem with the Sentry fire safe that we analyzed in Vancouver, Washington. In that case, we were able to retract the magnetic pin from outside of the safe and allow it to open.

Watch the video within the Stack-On safe.

Impressioning Of Disk Locks Using Two Techniques: Foil And Velcro

Disk locks are very popular for different security applications, including bike locks. Kryptonite faced serious legal and security issues in 2003 because the locks could be impressioned in seconds with a ball point pen. As a result, manufacturers moved away from pin tumbler locks in favor of disk locks, first invented by Abloy in 1907. Abloy is the largest lock manufacturer in Finland and produces high security cylinders that use rotating disks.

Some of the less expensive locks have poor tolerances and fewer disks. They can be impressioned rapidly with several techniques. Two of them are shown in the video. One is by John Falls with his foil impressioning system. The other is demonstrated by Marc Tobias. Watch the video.

Reconsidering Physical Key Secrecy: Tele-duplication Via Optical Decoding

This is an interesting Research Paper on physical key security, published by Benjamin Laxton, Kai Wang and Stefan Savage, Department of Computer Science & Engineering University of California, San Diego La Jolla, California, USA. It examines physical key control and the ability to duplicate, replicate, and simulate keys through various means.

The access control provided by a physical lock is based on the assumption
that the information content of the corresponding key is private — that duplication should require either possession of the key or a priori knowledge of how it was cut. However, the everincreasing capabilities and prevalence of digital imaging technologies present a fundamental challenge to this privacy assumption.

Using modest imaging equipment and standard computer vision algorithms,
we demonstrate the effectiveness of physical key teleduplication—
extracting a key’s complete and precise bitting code at a distance via optical decoding and then cutting precise duplicates. We describe our prototype system, Sneakey, and evaluate its effectiveness, in both laboratory and real-world settings, using the most popular residential key types in the U.S.

Sensitive Compartmented Information Facility (SCIF): Power Point Presentation

A SCIF is utilized by the United States government to protect confidential information and sensitive conversations. A SCIF is within every federal building that deals in classified materials.

Watch the Power Point presentation on SCIFs.


Medeco Maxum Deadbolt Design: Analysis Of Security Vulnerabilities

In 2007, Security Labs gave a Def Con lecture about the design flaws in the Medeco Maxum deadbolt lock. The issue allowed a small screwdriver to be utilized to open the lock in a few seconds. Medeco quickly remedied the problem, but the underlying lessons remain.

Read the White Paper that was published by Marc Tobias on this issue. it is also the subject of the Def Con lecture on this site.


Lasershield Alarm System: Analysis and Design Flaws

In 2007 Marc Tobias interviewed the engineering team and CEO of Lasershield to discuss the design of their wireless alarm system. It operated at 433 MHz and could easily defeated. The company heavily advertised nationally the security of its products. it was not true.

Read the report on Lasershield. LASERSHIELD_2007

Forced Entry Techniques And Tools: From LSS+ Multimedia Edition

Detailed information about forced entry tools and techniques are disclosed in Locks, Safes, and Security, and in the Multimedia edition. The following material is from LSS+ as a primer. Many videos are shown in LSS+ and in DAME regarding forced entry techniques for locks and safes.


USPS Post Office And UPS Boxes At Risk From Thieves: Lock Bumping

Post office box locks are standard five pin tumbler cylinders that can be easily bumped open, even though they have a restricted and protected keyway. Unfortunately the keys and locks can be purchased on eBay because they are surplussed out at closed military bases. Marc Tobias conducted an in-depth analysis of locks by USPS and by UPS Mail Boxes. These locks are not secure and as demonstrated in the video, can be quickly opened by bumping with an easy-to-produce blank.

Watch the special report on KELO-TV Sioux Falls about security and post office boxes.

Download the video file from this report: KELO-TV VIDEO RE BUMPING 040406

Biolock 333 Fingerprint Lock Is Defective In Design: Open In Seconds With A Paperclip

Security Labs analyzed the BioLock 333, produced in Hong Kong and was being sold by Brickhouse Security in New York. Our lab was asked to evaluate its design. We found it could be opened in seconds with the insertion of a paperclip into the keyway. We would not recommended that anyone purchase this lock, even though it looks secure. it is not.

Amsec 1014 Safe Is Not Secure: Design Relies Upon A Solenoid That A Child Can Open

The Amsec 1014 small consumer safe is not secure and can be opened in seconds by jiggling, as shown in the video by a child. This safe relies upon a solenoid to accomplish locking, but solenoids are not secure at all and can be vibrated open. See the reports on Stack-On Safes to learn what can happen. Their safe was opened by a child, which resulted in the death of a three-year old in Vancouver, Washington.

Lock Bumping Report On WMC-TV Channel 5 Memphis By A Local Locksmith

A good report was aired on WMC-TV Channel 5 in Memphis, featuring a local locksmith speaking about the threat of lock bumping.

How anyone could break into any lock in less than 10 seconds: Lock Bumping

“How anyone – including you – could break into any lock in less than 10 seconds…and what you better know about it…”

This article was posted by Mulholland Brands Manufacturing about the threat from lock bumping. Read down to the middle of the page to find the article.

Lock Bumping _

Kwikset Kevo Deadbolt And Security: CNET Review

How secure is the deadbolt in the Kwikset Kevo smart lock? Experts and amateurs alike allege that Kwikset SmartKey locks are flawed and unsafe. What does this mean for the Kevo?

Read the analysis by CNET and the comments of Marc Weber Tobias.

How secure is the deadbolt in the Kwikset Kevo smart lock_ – CNET

Why Pharma’s Anti-Tampering Strategies Don’t Work: Dr. Roger Johnston

“We’ve never seen what we would consider effective tamper-detection for a drug product,” says Dr. Roger Johnston, head of the Vulnerability Assessment Team as Los Alamos National Laboratories. In this exclusive interview,

Johnston gives us the ten top failings of anti-tampering efforts, and solutions for improvement. Also, click the “Download Now” button at the end of the
article to obtain Johnston’s PowerPoint presentation on improving tamper detection systems.

Why Pharma’s Tamper-Evident Packaging Strategies Don’t Work _ Pharmaceutical Manufacturing

Security in Depth: 2009 Article By Dr. Roger Johnston

Security in Depth is a good thing: 4 layers of security trumps 1 layer of security every time, right? Well, not so fast! Layered security can be a useful tool, but it also holds lots of hidden dangers.

Almost every vulnerability assessor is familiar with the following scenario, which the author has personally witnesses at least 2 dozen times (including at nuclear facilities): A security manager is shown a simple, successful attack on a security device or system, or a portion of the overall security program. Then he/she is shown an inexpensive counter-measure, or at least a partial fix that is relatively painless. The instant response: “Well, yes, that is all very interesting, but we have multiple layers of security, so a failure in one layer does not mean that our overall security has failed. Thus, we don’t need to be concerned with this vulnerability, nor do we need to implement the recommended countermeasure(s).”

security in depth (2009)

Cargo Security Issues: Research on Improving Cargo Security

This is an excellent paper on many facets of cargo security, written by the team at the Los Alamos National Laboratory. It covers seals, RFID, GPS, terminology, tags, and overall security considerations and vulnerabilities.

cargo security issues (2006)

cargo security issues (2006) Powerpoint Presentation

Layered Security: Self Defense or Self Delusion? By Dr. Roger Johnston

Read the article by Dr. Roger Johnston and the LANL team.


Security in Depth is a good thing: 4 layers of security trumps 1 layer of security every time, right? Well, not so fast! Layered security can be a useful tool, but it also holds lots of hidden dangers.

Almost every vulnerability assessor is familiar with the following scenario, which the author has personally witnesses at least 2 dozen times (including at nuclear facilities): A security manager is shown a simple, successful attack on a security device or system, or a portion of the overall security program. Then he/she is shown an inexpensive countermeasure, or at least a partial fix that is relatively painless. The instant response: “Well, yes, that is all very interesting, but we have multiple layers of security, so a failure in one layer does not mean that our overall security has failed. Thus, we don’t need to be concerned with this vulnerability, nor do we need to implement the recommended countermeasure(s).”

Is this the correct decision? Ultimately, maybe it is and maybe it isn’t. But to knee-jerk the decision not to explore the possibility of improving a given layer or portion of a security program based solely on the idea that there are additional layers is certainly not the right response.

287 Security Blunders You Should Avoid: LANL Vulnerability Assessment Team

The VAT analyzes the most common security blunders. Here are their Top Ten:

1 Lack of Critical/Creative Reviews & AVAs
2 No countermeasures for Cognitive Dissonance
3 Compliance-Based Security
4 Confusing Inventory with Security
5 Confusing Control with Security

6 Thinking that finding vulnerabilities is bad
news & means that somebody has been
screwing up
7 Mindless faith in “Security in Depth”
8 Thinking that all vulnerabilities can be found
& eliminated
9 Focusing on threats instead of vulnerabilities
10 Mindless faith in Technology & Snake Oil

Read the article by Jon S. Warner, Ph.D.,  Roger G. Johnston, Ph.D.,  CPP and  the Vulnerability Assessment Team Argonne National Laboratory.
287 security blunders (2009)

Countermeasures to Wishful Thinking: Bahrain Lecture

Bahrain talk (2006)

A lecture by Roger Johnston, Ph.D. at Argonne National Labs.  He discusses the following myths:

 security maxims (there’s no free lunch)
 high tech ≠ high security
 inventory ≠ security
 RFIDs & CMBs
 tamper-indicating seals & cargo security
 tamper-evident packaging
 biometrics & access control systems
 counterfeiting security devices
 data encryption/authentication
 polygraphs
 “security in depth”
 effective vulnerability assessments

Read about the common security maxims:

1. Infinity Maxim: There are an unlimited number
of vulnerabilities, most of which will never be
discovered (by the good guys or bad guys).

2. Arrogance Maxim: The ease of defeating a security
device is inversely proportional to how confident the
designer, manufacturer, or user is about it, and to how
often they use words like “impossible” or “tamper-proof”.

3. High-Tech Maxim: The amount of careful thinking that
has gone into a given security device is inversely
proportional to the amount of high-technology it uses

4. Low-Tech Maxim: Low-tech attacks work
(even against high-tech devices).

5. Yipee Maxim: There are effective, simple, & low-cost
countermeasures to most vulnerabilities.

6. Arg Maxim: But users, manufacturers, and
bureaucrats will be reluctant to implement them.

7. Insider Risk Maxim: Most organizations will ignored
or seriously underestimate the threat from insiders.


Anti-Evidence Seals: A Paper By Roger Johnston And Jon S. Warner, Ph.D. In 2006

AE Seals (2006)

Summary: Current tamper-indicating seals are WAY too easy
to spoof.

 That’s bad because they are protecting important
 There are workarounds.
 But much better seals are both needed and
possible: Anti-Evidence Seals

This article is about anti-tamper seals and how easily they can be defeated.

Advantages of Anti-Evidence Seals: About Tamper Protection

Seals are used in a variety of protective environments. This article explores the use of seals and their often simple bypass.

AE seals summary (2007)

examples of seal applications
• utility meters
• records integrity
• nuclear safeguards
• waste management
• cargo & port security
• banking & courier bags
• ballots & voting machines
• computer physical security
• loss detection & prevention
• law enforcement & forensics
• protecting medical sterilization
• protecting instrument calibration
• hazardous materials accountability
• protecting food & drugs, etc

Vulnerability Assessment And The Human Factor: A Summary Of Resources

POWERPOINT: VAT and human factors (2009)

VAT human factors research (2010) Article by Roger Johnston and the Vulnerability Assessment Team at LANL.

This article covers: 

Nuclear Safeguards
Vulnerability Assessments
Novel Security Approaches
Human Factors in Security


Future Directions in Physical Security

future (2008) Power Point presentation 

future (2008) Article

This is a presentation by Roger Johnston  and Jon S. Warner, Ph.D. at LANL. The authors discuss the future direction and technology that will appear in security issues and protection. This includes:

  • Wishful thinking about high-tech will only increase.
  • As high-tech increases, careful thinking about security will decrease.
  • At some point, a terrorist incident will shut down a major U.S. port/s with severe economic & geopolitical implications.
  • The RFID allure will die out and will be replaced by true security devices, including RF devices.
  • There will be serious GPS spoofing incidents.

Tamper Indicating Seals: How To Do Vulnerability Assessments

how to do seal VAs (2006) Power Point

how to do seal VAs (2006) Presentation

Watch the Powerpoint Presentation by the Team at LANL.

defeating a seal:  opening a seal, then resealing (using the original seal or a counterfeit) without being detected. Defeating seals is mostly about fooling people, not beating hardware (unlike defeating locks, safes, or vaults)!

attacking a seal:  undertaking a sequence           of actions designed to defeat it.

This presentation is by the Vulnerability Assessment Team at LANL (Los Alamos National Labboratory).

New Approaches to Tamper and Intrusion Detection for Safeguards and Transport Security

In this Powerpoint presentation, the LANL Team discusses new approaches regarding tamper intrusion and detection. Definitions are presented, including:

tamper detection:  delayed (after the fact) detection of unauthorized access.

intrusion detection:  immediate (real-time) detection of unauthorized access.

lock:  a device to delay, complicate, and/or discourage unauthorized entry.

seal :  a tamper-indicating device (TID) designed to leave non-erasable, unambiguous evidence of unauthorized entry or tampering.  Unlike locks, seals are not necessarily meant to resist access, just record that it took place.

tag:  a device or intrinsic feature (“fingerprint”) for uniquely identifying an object or container.

defeating a seal:  opening a seal, then resealing (using the original seal or a counterfeit) without being detected.

attacking a seal:  undertaking a sequence  of actions designed to defeat it.

Virtual Numeric Tokens: Roger G. Johnston Ph.D.

new approaches (2003)

Imagine an anti-counterfeiting tag that:

Is inexpensive & unobtrusive.

Is very difficult to counterfeit in large numbers.

Can be automatically checked by wholesalers, retailers, or volume end users (with an inexpensive reader).

Can be checked by consumers (without a reader).

Typically detects more than 98% of the fakes examined.

Effectiveness scales automatically with the level of concern.

Does not become easier to defeat over time, or as technology advances.

Product Authenticity Strategies: Vulnerability Assessment Team At LANL

product authenticity strategies (2012)

product authenticity strategies (2012) Powerpoint

product authenticity talk (2011)

These articles and powerpoint presentations considers different issues involving:

numeric tokens (CNT)
trusted manufacturer & good cargo security
dedicated manufacturing day(s), on-site personnel, courier(s)
buy the manufacturer (maybe team with other end-users)
make he product yourself (maybe team with other end-users)
measure orthogonal physical properties
product forensic analysis
track & trace
don’t buy brokered, resold, repackaged products
don’t accept low bids or lowest prices

Security Theater In Future Arms Control Regimes: Roger Johnston Ph.D.

See the three different presentations below about the concept of “security theater.”

security theater (INMM 2010)

security theater talk (INMM 2010)

security theater talk

This is a presentation by Roger G. Johnston and Jon S. Warner, Vulnerability Assessment Team, Nuclear Engineering Division, LANL.


“Security Theater” (also known as “Ceremonial Security”) involves procedures, policies, and technologies that give the superficial appearance of providing security without actually countering malicious adversaries to any significant degree. As vulnerability assessors, we frequently find Security Theater across a wide range of different physical security devices, systems, and programs,
as well as in domestic and international nuclear safeguards. Security Theater is not automatically a bad thing; it can have its uses. The real problem occurs when Security Theater is not recognized as such, or when it stands in the way of good security or is preferred over real security. In this paper, we present a vulnerability assessor’s view of where future arms control verification regimes are likely to be plagued by Security Theater, based partially on our understanding of current security vulnerabilities and our experience with Security Theater. We also offer suggestions for spotting Security Theater, and for preventing it. Future nuclear safeguards measures that are particularly at
risk for becoming merely Security Theater include tamper-indicating seals and information barriers.

Threats vs. Vulnerabilities

This article discusses “Being Vulnerable to the Threat of Confusing Threats with Vulnerabilities* It was published by the LANL Vulnerability Assessment Team.

threats vs vulnerabilities (2010)

The author begins the article by stating: The following ideas are common, but I think quite wrong and thus myths:

A Threat without a mitigation is a Vulnerability.
A Threat Assessment (TA) is a Vulnerability Assessment (VA).
Threats are more important to understand than Vulnerabilities.
Many of the most common tools used for “Vulnerability Assessments”
(whether true VAs or actually TAs) are good at finding Vulnerabilities.

Countermeasures To Perceptual Blindness: Roger G. Johnston Ph.D.

perceptual blindness (INMM 2010)

perceptual blindness talk (2010)

Perceptual Blindness, also called Inattentional Blindness, is the common phenomenon of a person failing to perceive objects or actions that are in plain sight. Causes beyond just basic human psychology can include not having a mental framework prepared in advance to perceive the objects or actions (that is, not being ready for the unexpected); wishful thinking or denial (due to cognitive dissonance) that prevents someone from seeing what he or she would like not to exist; intense mental focus on certain features which can cause mental distraction in regards to others; or deliberate misdirection by another person.

Fortunately there are potential—though largely untested—
countermeasures to perceptual blindness. These include choosing one or more inspectors or security guards to be the generalist to examine the general scene without specific assigned detailed observational responsibilities; conducting training to improve observational skills; making relevant personnel aware of perceptual blindness issues and demonstrating perceptual blindness to them; using magicians to demonstrate misdirection and sleight-of-hand techniques; engaging in frequent mental “what if” exercises to better mentally prepare observers for the unexpected; and implementing countermeasures to groupthink, denial, cognitive dissonance, and wishful thinking.

Possible results:

There are serious implications for security guards
& safeguards inspectors, especially those who:
 check security badges
 watch video monitors
 make daily rounds
 inspect seals
 guard gates
 operate safeguards equipment

Better Approaches to Physical Tamper Detection

ShmooCon talk (2010)

The Vulnerability Assessment Team at LANL has worked hundreds of security problems, including:

Seals & Tamper/Intrusion Detection
Cargo security
First to show how easy it is to spoof, not just jam GPS. First to
suggest countermeasures.
Defeats of a number of different biometric and other access control
devices (many different ways).
Attacks on RFIDs & contact memory buttons
Sticky bomb detection
Demonstrated attacks on an electronic voting machine from the voters’ end.

Product authenticity (especially wine & pharmaceuticals)
Questioning the security of urine drug tests
Better ways to protect logged/monitoring/surveillance data
Nuclear Safeguards
Special Field Tools
Vulnerability Assessments
Consulting & Security Training
Human Factors in Security / Security Culture & Climate

Sticky Bomb Detection with Other Implications for Vehicle Security

sticky bomb detection paper (2010)

This is a paper by Roger G. Johnston Ph.D., Jim Vetrone, and Jon S. Warner from LANL.

A “sticky bomb” is a type of improvised explosive device (IED) placed on a
motor vehicle by (for example) a terrorist. The bomb is typically attached with
adhesive (“duct”) tape, or with magnets. This paper reports some preliminary
results for a very rudimentary demonstration of two techniques for detecting the placement of a sticky bomb on a motor vehicle. There are other possible security applications for these techniques as well.

Don’t Swallow the Snake Oil: Understanding the Vulnerabilities & Limitations of High-Technology

snake oil talk (2006)

This is a presentation by Roger G. Johnston, Ph.D., CPP and Jon S. Warner, Ph.D., from LANL Vulnerability Assessment Team.

They present a history of snake oil:

Ancient World: medicines made from snakes are believed to have curative powers.

1880: John Greer’s snake oil cure-all.

1893: Clark Stanley (“The Rattlesnake King”) sells his Snake Oil Liniment at the World’s Columbian Exhibition in Chicago. A big hit. Contained mineral oil, camphor, turpentine, beef fat, and chile powder…but no snake extract!

Today: A product is called “snake oil” if it is fake, shoddy, or severely over-hyped.

New Tamper-Indicating Seals

TEP and new seals (2006)

This is an article by Roger G. Johnston, Ph.D., CPP*, Jon S. Warner, Ph.D., Sonia J. Trujillo, Anthony R.E. Garcia, Ron K. Martinez, Leon N. Lopez, and Adam N. Pacheco of the Vulnerability Assessment Team Los Alamos National Laboratory.

Product tampering is a serious product safety issue. Unfortunately,
neither tamper-evident packaging used on consumer products, nor
tamper-indicating seals used for cargo, warehouse, and factory security
provide reliable tamper detection. We believe there is a better approach
to tamper detection, at least for tamper-indicating seals: anti-evidence
seals. Conventional seals must store evidence of tampering until such
time as the seal can be inspected. But adversaries can too easily hide or
erase the evidence, or replace the seal with a counterfeit seal.

With anti-evidence seals, in contrast, we store information when the seal is first installed that tampering has NOT yet been detected. This information
(the “anti-evidence”) gets instantly erased once tampering is detected.
There is thus nothing for an adversary to hide, erase, or counterfeit. This
paper discusses 5 new prototype electronic seals based on the anti-evidence

Security Advice By Roger G. Johnston, Ph.D. At LANL

security advice (2012)

In contemplating the use of any new security measure, strategy, or product, you need to determine the correct answers to 3 questions:

(1) To what extend does this really improve security?

(2) What are all the costs, trade offs, and side effects (because there always  some)?

(3) Is 1 commensurate with 2?

Assessing the Vulnerability of Tamper-Indicating Seals

This is a paper written by Roger G. Johnston, Ph.D., CPP, Vulnerability  Assessment Team, Los Alamos National Laboratory

seal VAs (2005)

The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory
(LANL) has studied tamper detection for 13 years. We have conducted vulnerability assessments (VAs) on hundreds of seals and cargo security programs, and undertaken research and consulting for over two dozen government agencies and private companies. This article discusses how we conduct VAs and what we have learned about seals.

Magical Seals, Secure Voting Machines, and Other Fantasies About Election Security

older election integrity invited talk (2011)

suggestions for better election security (2012)

election security invited talk (2012)

An analysis  of election security issues by Roger G. Johnston, Ph.D., CPP and Jon S. Warner, Ph.D.

So Why So Much Bad Physical Security?

Security Theater is easy, thinking and Real Security is hard
Committees, bureaucrats, & knuckleheads are in charge
People & organizations aren’t used to thinking critically about it
Physical Security as a “Taking Out the Garbage” slam dunk thing
“If it’s important, somebody must have thought it through” Myth
Lots of hype, snake oil, & bad products
Blind faith in precedence and “authorities”
Physical security is not a well developed field

Usually we can defeat security devices (including high-tech ones) without attacking the computer/microprocessor, reverse engineering the software, or having an owner’s manual! Might this also be true for electronic voting machines?

Chirping Tag and Seal: 9th Security Seals Symposium Houston, TX, Sept. 2, 2010

chirping tag and seal (2010)

This conference presents information on seals and their security. The LANL Vulnerability Assessment Team analyzes many different kinds of seals, including:

cargo security
nuclear safeguards
banking & couriers
drug accountability
records & ballot integrity
evidence chain of custody
weapons & ammo security
tamper-evident packaging
anti-product counterfeiting
medical sterilization
instrument calibration
waste management &
HAZMAT accountability

How To Spot Security Theater: Roger G. Johnston, Ph.D.

how to spot security theater (2010)

Bruce Schneier coined the term “Security Theater” to describe the situation where phony security measures provide a feeling of improved security, but in reality provide little or no actual security.[1,2] Another name for Security Theater is “Ceremonial Security”.

As a vulnerability assessor, I frequently find Security Theater across a wide range of different physical security devices, systems, and programs, as well as in domestic and international nuclear safeguards. It’s important to realize, however, that Security Theater is not automatically a bad thing. It can present the appearance (false though it may be) of a hardened target to potential adversaries, thus potentially discouraging an attack (at least for a while). Security Theater can reassure the public while more effective measures are under development, and help encourage employees and the public to take security seriously.

The Crisis in Physical Security Education: Roger G. Johnston Ph.D., Janie A. Enter, M.S., Ed.S., Eddie G. Bitzer, M.A.

phys security education (2006)

Definition of Physical Security

Protecting valuable tangible assets from harm, or using
physical methods to protect intangible assets. Tangible assets can include, for example, people, equipment, buildings, cargo, money, weapons, museum artifacts, consumer products, food and drugs, medical supplies and equipment, chemicals, hazardous materials, etc.

Intangible can include, for example, computer data, software code,
communications, trade secrets, intellectual property, medical histories and
other sensitive personnel data, instrument calibration, sterility of medical
supplies/equipment, etc.

The “harm” we wish to avoid can include theft, sabotage, tampering, destruction, vandalism, espionage, or counterfeiting. Physical methods for protection can include guards, guns, fences, access control, biometrics, closed-circuit TV cameras, intrusion detectors, locks, safes, vaults, and tamper-indicating seals…plus a lot of other things. Cyber security, cryptography, forensics, and background investigations are


Changing Security Paradigms: Roger G. Johnston Ph.D.

changing security paradigms (2010)

Any field is molded and constrained by its paradigms. A “paradigm” can be defined as:
(1) a pattern, example, or model;
(2) a mode of thought or practice; or
(3) an overall concept or strategy accepted by most people in a given field.
The field of security relies on a number of paradigms, both stated and unstated. Many of these are in the process of changing—or at least should change—in order to adapt to a rapidly changing world and to improve security effectiveness.

Pharma Tampering, Counterfeiting, and Supply Chain Security

pharma security issues (2010)

There are many widespread mistakes & myths about cargo security and physical security that should be avoided. Current tamper-indicating seals, tamper-indicating packaging, and product anti-counterfeiting tags aren’t very effective.

There’s little sophisticated R&D underway—mostly people and companies
are pushing pet technologies, not trying to solve the problem holistically.
Product counterfeiting and (especially) product tampering are going to get
a lot worse, including terrorist acts.

For many pharma manufacturers, there is a Due Diligence problem for:

tampering & counterfeiting.
Don’t underestimate virtual numeric tokens!

How to be a Better Seal User: Roger G. Johnston Ph.D.

how to be a better seal user (2003)

Tamper-indicating seals have been used for over 7,000 years. Today, seals are widely used to help counter cargo theft, smuggling, sabotage, vandalism, tampering, terrorism, and espionage. Despite their antiquity and modern widespread use, however, there remains considerable confusion about
seals, as well as a lot of misconceptions, wishful thinking, sloppy terminology, and poor practice.

The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory has intensively studied tamper-indicating seals for the last 12 years. We have provided consulting, vulnerability assessments, and security solutions for over two dozen government agencies and private companies. This article summarizes some of our recommendations for using seals more effectively and with greater sophistication.

An Anti-Counterfeiting Strategy Using Numeric Tokens: Roger G. Johnston Ph.D.

drug anti-counterfeiting (2005)

The counterfeiting of pharmaceuticals continues to be a major worldwide problem, with serious public health and economic consequences. In theory, anti-counterfeiting tags could help to solve this problem. Unfortunately, there are currently no practical, effective tags that significantly resist counterfeiting. This paper discusses a different, relatively low-tech and low-cost approach called the “Call-in the Numeric Token” (CNT) technique. It relies on participation by pharmaceutical customers (possibly including consumers). They check, via phone or Internet, on the validity of the unique, random, unpredictable identity (ID) number assigned to each pharmaceutical container they possess. The numerical container ID is a virtual tag or token, rather than a physical one that is susceptible to counterfeiting.

Counterfeiters are hampered by being unable to guess valid IDs, by being unable to easily acquire large numbers of existing valid IDs, and by being detected when multiple customers report the same IDs. At least some counterfeits can be detected even if only a small percentage of customers participate. The technique is particularly well suited for single-dose (“unit of use”) packaging, but can otherwise be adapted and automated for resellers, wholesalers, re-packagers, and other high-volume customers. While it will not absolutely end counterfeiting, CNT can make pharmaceutical counterfeiting easier to detect and study, and more difficult for counterfeiters. The technique is also applicable to other kinds of products.

Some Comments on Choosing Seals & on PSA Label Seals: Roger G. Johnston Ph.D.

choosing seals and using PSA seals (2006)

Some Comments on Choosing Seals & on PSA Label Seals

Maxims for Choosing Seals!•

There is no 􀀂best􀀃 seal. The optimal seal
depends on details of your application
– Goals!
– Adversaries!
– Consequences of Failure!
– Facilities!
– Personnel!
– Ergonomics !
– Training!
– Containers!
– Hasps & Doors!
– Time & Money Constraints

Under-Utilized Methods for Mitigating the Insider Threat: Roger G. Johnston Ph.D.

insider threat mitigation (2012)

Security Culture & Climate

Security Climate (informal perceptions) is probably even
more important than Security Culture (formal policies &

In a healthy security culture/climate:

Everybody is constantly thinking about security.

There are on-the-spot awards for (1) good security practice & (2)
proactive/creative thinking and actions.

Security ideas, concerns, questions, suggestions, criticisms are welcome from any quarter.

No scapegoating! Finding vulnerabilities is viewed as good news.

Physical Security, Security Theater, and Snake Oil: Roger G. Johnston Ph.D.

CFP talk (2011)

Physical Security: Scarcely a field at all

You can’t (for the most part) get a degree in it from a major 4-year research university.

– Not widely attracting young people, the best & the brightest.
– Few peer-reviewed, scholarly journals or R&D conferences.
– Lots of Snake Oil & Security Theater.
– Shortage of models, fundamental principles, metrics, rigor,
R&D, standards, guidelines, critical thinking, & creativity.
– Often dominated by bureaucrats, committees, groupthink,
linear/concrete/wishful thinkers, cognitive dissonance.

Physical Security vs. Cyber Security: Which is Dumber? Roger Johnston Ph.D.

Johnston Microsoft Talk

The author notes some cyber dumbness:

Failed Electronic Redaction

Inadvertent release of information embedded
inside Office & Acrobat documents

Malicious Thumb Drive in the parking lot problem
(or CD on the desk with a fake IT Department memo)

Susceptibility to Phishing

Security Theater with Adhesive Label Seals

Closed Source

Amateur Hour Cryptography

“It takes a smart man to know he’s stupid. — Barney Rubble, The Flintstones”

Think GPS Cargo Tracking = High Security? Think Again: Roger Johnston Ph.D. and Jon S. Warner, Ph.D.

GPS cargo tracking (2003)

The Global Position System (GPS) is being increasingly used for a variety of critical applications. These include public safety services (police, fire, rescue and ambulance), marine and aircraft navigation, cargo security, vehicle tracking, and time synchronization for utility, telecommunications, banking, and computer industries.

While people tend to think about GPS as being high-tech and thus high security, the fact is that the satellite signals used in most GPS applications are not secure. The civilian GPS signals—the only ones available to private industry and the vast majority of the federal government—are neither encrypted nor authenticated. They are thus easy to counterfeit, unlike the military GPS signals.

New bottle cap thwarts wine counterfeiters

wine authenticity (2008)

When the Roman historian Pliny the Elder wrote “in vino veritas” – in wine, there is truth – he must not have been drinking from a counterfeit bottle. Argonne researchers Roger Johnston and Jon Warner have created a device
to ensure that modern wine connoisseurs can have faith that they are drinking what they pay for.

Bumping Medeco Locks: Harry Sher Demonstrates The Technique

This is another example of one of the videos in the Defenses Against Methods of Entry series, called DAME, by Harry Sher and produced by Marc Weber Tobias. The series is being updated and placed online.


Many wireless alarm systems can be defeated through a Denial of Service attack. Watch the videos on how a system was defeated a few years ago by jamming the receiver that operates on a discreet alarm frequency.  The two videos show normal operation, and then the system defeat.


Traditional magnetic trips for doors and windows can be easily defeated with magnets. Watch the video demonstration.


The KBAB SIMPLEX 1000 was easily defeated with a rare earth magnet in 2009, and resulted in the filing of a class action lawsuit against the company. Watch the video that demonstrates the ease in defeating this lock. The company made design changes to fix the problem by removing a ferrous component that was critical to locking.


The KABA SIMPLEX AND E-PLEX 5000 and 5800 were subject to multiple design issues that allowed us to defeat this sophisticated electronic lock within seconds. Watch the videos that were shown at DefCon


The Electropick is a device that can easily and rapidly pick pin tumbler locks. One of the best tools is produced by Wendt. it has special tips for bumping of difficult-to-open locks as well. Watch Addi Wendt demonstrate their pick opening pin tumbler profile cylinders.


The Kaba Saflok InSync cylinder uses a simulated key with RFID to control its mechanism. While this is a very clever and popular lock, it can be opened in seconds with the insertion of a shim wire through its USB data port. This video was produced several years ago, and the manufacturer may have closed the gap that allowed this defeat to occur.

This is an excellent example of insecurity engineering and is discussed in the new book entitled Tobias on Locks and Insecurity Engineering, published by John Wiley.


Reed switches are the preferred technology for alarm trips that are used on doors, windows, and moving objects. Watch the video that was produced by Magnasphere about these vulnerabilities.  Magnasphere is the leading high-security alarm trip supplier.


The lock that was developed by Rayonics and ACSYS is extremely clever but can be defeated because of insecurity engineering issues.  Watch the video produced by Security Labs to provide an in-depth discussion for design engineers.


NOBLE is one of the leaders in the laptop-lock sector.  They developed a “wedge lock” to mate with the small slots on computers to attach cable locks. Watch our analysis of how we developed many methods to instantly defeat this design. This is a perfect example of insecurity engineering failures.


Watch the detailed discussion of traditional and high-security balanced magnetic switches by Magnasphere Corporation. They produce UL 634-rated switches for government institutions.  Watch this excellent video.


Watch Rick Kirtchner the former CEO of Magnasphere Corporation, explain how the BMS works and is defeated. The Balanced Magnetic Switch is the primary component in alarm systems for government agencies and high-security facilities.


Watch the video demonstration of how the Biolock 333 was defeated with a paperclip. This is a perfect example of insecurity engineering and is discussed in the new book by Marc Tobias, Tobias on Locks and Insecurity Engineering, published by John Wiley. This lock looks secure, but is not.


Borescopes are optical devices designed to look into very small openings in locks and safes for decoding tumbler packs. Watch the video by Wendt in Germany of the

use of a borescope with a camera and high-resolution display for reading the wheel pack.




Many safes are designed around a solenoid to block the movement of bolt systems. Most of these can be rapidly defeated by introducing shock and vibration. A tool produced by Wendt in Germany is attached to a reciprocal drill motor to generate the required energy to move the solenoid to an unlocked position. Watch the video.


CX5 Security Solutions is a Canadian company that produced a deadbolt lock that appeared to be a knockoff of the Medeco Maxum high-security deadbolt. The CX5 can be easily defeated and demonstrates insecurity engineering, as described in Tobias on Locks and Insecurity Engineering book published in 2024. Watch our video analysis.