MedecoProblems.com

Documentation of Medeco® high security lock flaws, issues, and information.

Current Fixes and Changes

2012 Update

We were able to confirm Medeco locks that are factory keyed with a production date in the second half of 2011 will contain all the fixes below. Locks off the line prior to this may have many or all of the fixes, however every lock off the line in Q3 or later in 2011 should have all of the fixes described below. This does not guarantee all locksmiths after Q3 2011 will have these fixes in place(or even purchase the new parts), or products sold after that date have all the fixes, only those that are manufacturer keyed and with a production date of Q3 2011 or later will have the fixes. The fixes resolve all known major issues described here except for the key-control issues outlined (the keyway is still not warded enough to stop certain attacks). In addition keys for an existing system still contain the sidebar code for the system allowing for sophisticated possible bumping attacks.

Original Summary

Medeco has responded to various problems with their locks in various ways. It is important to know that if you have a Medeco lock that was not purchased in the last two years there is almost certainly some critical vulnerabilities in your Medeco lock. It is also important to know that while Medeco may have fixed a specific problem in 2006, 2007, or 2008 it does NOT mean that your Medeco locksmith has changed their inventory, pins, or parts yet to the new versions. Unfortunately as Medeco does not increment model numbers or provide a way to show the user what version of a product a customer may be buying it is almost impossible to validate a Medeco lock without taking it apart to check the parts. You will get the most secure version most likely with a factory keyed lock rather than one keyed by a Medeco locksmith. As of right now Medeco is randomly putting some of the new fixes in each cylinder but no cylinder contains all the fixes currently.

Fixes

New Codebooks

All locks prior to December of 2007 that were keyed to the factory codebooks (most locks) could have their sidebar combinations completely mapped to 4 keys. After 2007 Medeco released a new codebook that requires 16 keys to map all of the sidebar combinations. There is another set of codes however we believe it is still fairly restricted and not available to all Medeco locksmiths.

New Pins

Medeco first made higher security versions of their pins decades ago, they were called ARX pins but were only installed for a select few of their top clients. They cost more than normal pins so for most locks the standard pins were used. These pins had the groove closed off and a much more restricted sidebar area. In 2009 due to the various attacks they once again started using high security versions of their pins but now in most of the locks coming off the line. Not all pins in a lock are these pins but to go keep costs down and use old inventory they mix them with their normal pins. This makes some of the chambers in the lock able to resist some of the attacks. Unfortunately these higher security pins restrict the actual height and rotations that a pin can be, this can effect the security in cylinders as it reduces the keyspace.

New Slider

The famous paperclip slider attack that allowed bypassing the entire M3 slider with very little skill in virtually no time. Finally in 2009 Medeco addressed this problem by starting to embed new sliders randomly into some of the cylinders coming off the line. This makes it harder to bypass the slider with various depths that it would actually need to be moved to.

Issue Resolutions

Medeco Deadbolts

Deadbolts prior to 2006 had a very large vulnerability where a tool based off a modified flat head screwdriver was able to bypass the deadbolt and open the lock in under a minute. Medeco released two fixes to this, one right after the Security.org team announced the vulnerability and another fix several months later completely resolving the screwdriver bypass. If your deadbolt is older than this it should be upgraded to avoid this bypass.

Medeco Key Duplication

Unfortunately the latest M3 keys can still be duplicated onto generic non-patent protected keys (plastic cards, safety deposit box keys, etc). Medeco's slider fix however does make key duplication harder as simulating the sidebar offset is much harder.

Decoder/Pick Tools

There have been several decoder and pick tools made for Medeco locks dating back to 1970. Many of these tools used the sidebar groove in bottom pins to properly set the sidebar rotations. Medeco's new generation of security pins closes this groove and while there are some attempts to make tools still work as far as we know most tools cannot decode these pins.

Bumping

Bumping a Medeco lock requires having the proper sidebar code (or a simulated sidebar code close enough to the real code). In masterkey systems this can certainly still be an issue of a lower level key(say a bathroom or closet key) being able to be turned into a bump key if it has the proper rotations and then being able to open higher level locks. To avoid simulated codes (say the 4 or 16 keys to the kingdom) it is important that the lock is keyed to the latest code book. This will require the largest amount of bump keys be tried to open the lock.

Picking

New anti-pick pins make it harder to pick Medeco locks, however there are some very talented pickers still able to pick Medeco locks. It should be noted that sidebar setting keys can still be a risk, similar with bumping above, where if the sidebar code can be set the lock can also be far easier to pick, similar to a standard pin tumbler.