Security specialist Marc Weber Tobias said he would meet with Swiss lock-maker Kaba to discuss ways how the Access Control E-Plex 5800 model and its predecessor can be foiled.

 

“It is a threat to the government,” Tobias told AFP after his presentation at DefCon, which ended on Sunday. “I am serious about it because I don’t know where they have been installed,” he continued. “They could be at the Pentagon.”

SecurityNewsDaily reports that the Kaba 5800 was described as the first lock certified as meeting new DHS requirements for coded access that keeps track of which contractors or federal workers open which doors. The lock is designed to be opened by swiping a key card and then entering a long number code.

Tobias and colleague Toby Bluzmanis showed how a Kaba 5800 could be opened by poking a piece of wire through the casing of a small LED light on the lock face and short-circuiting underlying electronics.

Red and green LED lights on the lock are part of a feature that lets a receptionist open a door remotely with a push of a button.

AFP notes that the lock may also be opened with the thump of a mallet or by removing an inside plate and inserting a wire in a way that lets someone, from that point forward, open the door by pushing a handle up instead of down. “We figured out nine different ways to break 5800,” Tobias said.

An earlier generation of the Kaba lock could be opened by using a magnet.

The Kaba 5800 model costs more than a $1,000 and the company was said to have sold fewer than 2,000 units. The model with the new DHS standard will be available next year.

Tobias see a more general problem with the lock industry: “This is a problem endemic in the lock industry, they think like engineers not hackers.”