AXA lock flaw

2007-12-06

in Geek stuff, Security

In a situation somewhat similar to the bump key vulnerability, another serious mechanical lock flaw has been found, this one affecting a popular kind of Dutch bicycle lock.

I found this by means of an interesting blog about mechanical locks.

Report a typo or inaccuracy

{ 6 comments… read them below or add one }

. December 7, 2007 at 9:49 am

The most common kind of lock in the Netherlands:

Wheel lock

Also called an O-lock or ring-lock, this is a mechanism mounted on the frame that immobilises the rear wheel by moving a steel bolt through the spokes to prevent motion. It uses a straight or circular bolt which extends from the housing. This type of lock, found particularly on bicycles in Scandinavia, the Netherlands, and China, prevents riding the bicycle but does not secure the bicycle to a stationary object. Some models have an optional cable or chain that plugs in to the body of the lock to enable the bicycle to be secured as well.

These type of lock are very effective and convenient for securing a bicycle against opportunistic theft, when the bike is left unattended momentarily.

R.K. December 7, 2007 at 11:44 am

Even if these particular locks are flawed, the idea of a lock integrated directly into a bicycle is quite a good one.

Litty December 7, 2007 at 2:55 pm

You read an amusing collection of blogs.

Milan December 7, 2007 at 7:39 pm

You read an amusing collection of blogs.

There are two big clusters: environment and security. Literature blogs are also in the mix, as well as some local blogs.

Even if these particular locks are flawed, the idea of a lock integrated directly into a bicycle is quite a good one.

I agree – especially if you also use a D-lock for extended periods of absence. Defence is depth is an excellent technique. So is built-in security.

Anon December 12, 2007 at 10:13 am

Axa bike locks in the media

Some Dutch media picked up on my last posting on AXA bike locks, including one of the most popular consumer television programs ‘Kassa’. Saturday prime-time, 1.4 million people watched Dirk Bolderman, head of AXA bicycle locks, answer the question how many locks might have this flaw. His answer: “Between 1998 and 2005 we produced four million locks. We assume 100.000 to 200.000 might have this vulnerability. And the locks can not be identified by their serial number”….
(video available as 33 MB quicktime or on YouTube)

Milan December 17, 2007 at 8:38 pm

Toool’s field test on AXA locks

By Barry on news

In cooperation with Kassa TV and one other organisation we performed a little test. In and around Amsterdam we tried to open over 150 bicycles. We got help from random bicyclists, bike shops, and even received assistance from local law-enforcement. Result: we managed to open around 50% of them….

By far the most interesting and intriguing thing we found is that almost all locks we could open used the so called ’standard key profile’ (blank AX1P). Locks using the ‘mirror image profile’ (AX1RP) seemed almost impossible to open. And we are still investigating why. And we do warn people the flaw might be exploitable in the mirror image profile someday soon … many people are now looking into it, and it could be a matter of time. But for now it seems ok …

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Previous post:

Next post: