General Cycling Discussion - Mehods beat locking skewers - publish or keep secret?

I got some Pinhead locking skewers, and was dismayed to be able to remove the rear one with vise-grips (lawyer lips on front dropouts made that one ungrippable).

So I ordered Pitlocks, and made a disappointing discovery there too: the elaborate little spring ratchet-disc which is supposed to prevent unscrewing except by the regulation tool is far too flimsy to have any real effect. It's barely thicker than foil. I tested, and found that indeed it achieves nothing: taking care to leave its teeth engaged, I unscrewed the nut while measuring torque - and it took no more torque than that used to tighten the nut. I bought more disks to study further, and found that they always fail easily - sometimes splitting, sometimes stripping the central hex hole. So the supposed sophisticated mechanism is a sham, albeit one that has fooled the Pitlock designers to judge by their proud promo literature.

That got me thinking, and I ended up working out two methods for removing skewers without cutting or lockpicking, in under a minute. One is specific to Pitlocks, and one works on any skewer. Both are easily dealt with by design changes.

So - what's the moral course? The argument for publishing is that the vulnerabilities, once identified, can be corrected (and people will not be investing in a flawed system that can be suddenly rendered defeatable by an internet post). The argument for secrecy is that the vulnerabilities have gone unnoticed (or at least unpublished) this long, and may stay unknown to thieves forever. My feelings on the issue wobble .

(Mods - I'd be obliged if you'd fix typo in title - seems I can't.)

"Locks are made to protect you from honest people."

Translation: anyone who wants your stuff bad enough will likely get it.

BUT, these products make it tougher for many, too tough for more than a few. It removes 'opportunity' from many scenarios.

I'm running a $20 set of Trans-X, take a pentagonal 'key'; longnose vise-grips and regular pliers could make short work of them. BUT, somebody'd have to be smart enough to figure that out. THEN, be quick enough to do it without me untwisting their head from their body.

I saw a sticker in a MTB magazine a decade ago, on a reader's bike pictured in it; the sticker said: "WARNING: This bike protected by EXTREME VIOLENCE!" Love to get one, If I could find it........

glad to know before i shelled out any more. was actually thinking of saving up the money for pitlocks but decided to go instead 2 u lock route. yeah i know any lock can eventually be defeated but if gonna steal mine i want them to use more effort than a pair of pliers. and id say make a video and email it to pinhead and pitlock. and if they dont reply or say anything then youtube so theyll either lose money on possible sales or do like kryptonite maybe and change the design and a recall to replace(though i doubt the recall part)

edit: like this? http://www.zazzle.com/protected_by_extreme_violence_bumper_sticker-128521838373758187

edit: like this? http://www.zazzle.com/protected_by_extreme_violence_bumper_sticker-128521838373758187

Not quite; the text on the sticker (probably a 2x3") was exactly as I wrote. Yellow background, black text. I know the magazine was from at least a decade ago. Don't have it anymore, otherwise, I could post it.

kinda like this one? http://www.undergroundgraphics.com/popuplargeimage.asp?strImage=2160.jpg&strImageType=product&strPageTitle=Funny%20Sticker%20-%20Protected%20by%20violence closest i can find quickly. you could probably have 1 made for id say 20 if not under 10

... id say make a video and email it to pinhead and pitlock. and if they dont reply or say anything then youtube so theyll either lose money on possible sales or do like kryptonite maybe and change the design and a recall to replace(though i doubt the recall part)

+1 This seems the best way to go about it. Let the manufacturer know of the defect, and if they don't respond, let the public know. This sorta bums me out, since I use Pinheads, but doesn't really surprise me. Almost everyone I lock up next to has quick release, and my wheels are nothing fancy, so hopefully thieves will pass me by for easier targets.

Thanks, folks. That sounds good, and steers me in a new direction. Happily, the fix for the general vulnerability will cost very little as a retrofit, so there's no massive obsoleting of the installed base.

I guess I'll explain it to the makers, and suggest inclusion in new kits as well as a cheap retrofit option for old customers. It's patentable too; maybe I'll even make a little money!

decided to just get another u lock instead. figured for the price is about the price of a decent/good u lock on sale
edit: good luck on the money making part :D

I agree with privately contacting the companies.

As I use Pinheads, I would love to hear a followup.

Here's a quick (biased, but based on much personal experience) follow-up to the OP's post to clear up a few details regarding the Pitlock lockring. The lockring plays a small role in the overall security of Pitlocks in that it prevents unauthorized opening by someone poking needle-nose pliers inside the narrow housing. It's tough to generate much torque with the tips of those things. Question: When you tested the amount of torque required to force past the lockring, were you using your Pitlock key? If so, that's likely the reason.

What I can suggest is that you send either Urban Bike Tech, Peter White Cycles, or Pitlock Berlin an email with your suggestions. We can forward them appropriately. It does work, too. Pitlock has adjusted the bevel depth on their nuts following a suggestion last year.

Keep it private and try to obtain brycefastener penta-nuts.

Hmm the penta looks interesting but can it be used on bikes though? Gonna email them.

5 sided wrenches are used on fire hydrants.. the valve stem is pentagonal.


French Zefal has an interesting model, skewers gravity lock.
unlocks when the bike is upside-down.

just locking the bike so it wont be easily turned over, would complete the scheme.

myself I have regular allen skewers, & when it matters
I use a chain on one wheel a different lock to the frame and sign post, could get another chain, for the front wheel.

the non QR skewers are just an Inconvenience security..
adequate for where I live. So Far..

Got a email back from the bryce people: We are trying to work with a bike dealer on getting their own keyed fasteners. We are not set up to sell to the public, we are a manufacturer….and we can’t dilute the market with our tools. Hmm you can order a sample but I dont think it would work currently because of the ends but I look forward to them getting a bike dealer onboard.

edit: You should change the poll to publish, keep secret, video and send to manufacturer.

Helloooo!
Any update on this? What happened, was it fixed?. Debating whether to get Pitlocks. Also i don't get Urbanbiketech's post. Is he saying that even if the lockring is defeated the Pitlock still has solid security value, only slightly diminished?

Just found this. Pitlock easily defeated with single screwdriver plus info on pinheads. http://www.lfgss.com/thread81918.html

Publish it so that people don't have a false sense of security. Besides, a casual thief will be deterred by a pitlock since they'll have to come back later with the tools (or buy the tools from Home Depot) to beat it. They'd rather steal the cheaper wheels from the bike parked next to it with a quick release.

I have pitlocks on my wheels and seat, and a cable lock for the seat. If I leave my bike overnight at a place that has high bike theft, I use 2 u-locks, one for the front wheel, frame, and the bike rack, one for the back wheel, frame, and the bike rack, and the cable lock through the frame, seat, and back wheel. I leave one u-lock permanently locked to that bike rack so I don't have to carry it around. I guess it would take over an hour for a thief to cut all the locks, whereas they can cut the cheap cable lock from another bike in minutes. And if a thief still manages to steal my bike, well, my insurance should pay for it.

Larcal - thanks for the link. LFGSS has for now made that thread private, by the way. So the stuff has hit the fan to some extent - British dealer has dropped the product.

Hi Antifriction,

I figured you didn't want to discuss this in public so I just wrote you a long letter only to be informed upon sending that you need 50 posts to do private messages. Might be nice if they told you that before hand. So to respect your imagined stance here, I'll be brief, and circumspect.

Recently lost a cabled front wheel during a 30 minute grocery stop on a ulocked via Sheldon method bike in a rural area. Desperation/poverty is spreading, for sure. So we have two companies making preventively imperfect products and neither has the integrity of Kryptonite when caught with their pants down. It is hard for me to totally understand your post or judge the worth of urbanbiketech's objection to it without being able to view these systems. Clearly, your experience with vicegrips on Pinheads is absurd, and Gator grips only marginally better. Apparently, screwdrivers only work on some of the pitlock pit patterns, or are easiest at least on pits with parallel sides in the key pattern but the lgss thread on that cut off mid stream. Really, the makers did not know this? Is it to much to ask that for 100 bucks you don't get a pit with parallel sides? Jesus

So there have been recent changes in both systems, but they are mysteries wrapped in enigmas, in keeping with the new dystopian plan of being as cheap and childish as possible, forcing us to spend forever in fruitless consumption. That they are a response or solution to anything is not admitted. Pinhead has a new security washer, http://www.pinheadlocks.com/index.php?option=com_virtuemart&page=shop.browse&category_id=15&Itemid=60&lang=en&vmcchk=1&Itemid=60 Pitlock's put in deeper beveling on the nut, but no picture can link to since lgss folded tents.

Would you please tell us, to whatever extent or detail you feel comfortable with, what methods/tools will defeat each system, time involved, and/or a subjective judgement as to how intuitively obvious it is to an averagely cognizant person looking at the lock? If you could preface any remark with what version it refers to that would be immensely helpful, and essential, I'm sure. And what about what urbanbiketech (a distributor) said? Maybe this sounds like asking a lot, but you can just do as much as you want. And thanks for coming back to this. :)

There is no theft-proof. There is only theft resistant.

People have been known to burrow into bank vaults. Given the technology and time, there is no fool-proof safeguard for your bike or components. Even if there were, what's to stop the criminal from stomping your carefully locked wheel and turning it into a potato chip?

That's the inconvenient truth. Deal with it.

...Would you please tell us...

My feeling is that by making people aware of design vulnerabilities, they can make a better informed decision when it comes to their security, additionally it motivates designers to address such issues and make improvements.

you've already seen the lfgss thread... brute force method of jamming screwdrivers against nut and being able to twist loose, that was for pitlocks I think?

for pinheads, the naive (and effective) method is to place a sharp probe/screwdriver/pick/etc against a pinhole and tap with a hammer to unscrew gradually; commonly used at LBS when customer forgets to leave their key and repairs are scheduled
clever pinhead attack; take any pinhead key, and dremel off all but 1 pin; you now have a universal pinhead key that fits any pinhead lock.
Suggestions to manufacturer; use a long necked guard around the pinhead nut to prevent alignment of probe with pinholes.
Grind off excess skewer threads that protrude past the end of the nut; thus a modified 1-pin key will have no purchase.

general purpose wheel skewer attack (for any 'locking' skewer):
bypass the skewer;
skewers hold wheels in place by clamping the dropouts tight aganst the hub
rather than removing the skewer tension; just shrink the hub, then the skewer and dropouts will be clamping against nothing but air
to shrink a hub, take a pair of cone wrenches and overtighten the hub bearings
this makes the hub narrower so it falls right out; or at least removed enough tension, allowing finger friction to unscrew the skewer.
remember to readjust the bearings to normal before using the wheel or you'll destroy the bearings
Suggestion to manufacturer: design a guarded spacer that slips over the hub locknuts on the inner side of the dropouts to prevent this attack (or do nothing, seeing as how it takes bike mechanic knowledge to use this method)

lastly; destructive removal methods such as dremels or battery powered grinders are obvious and highly effective. no point even trying to defend against that....

There is no theft-proof. There is only theft resistant.

People have been known to burrow into bank vaults. Given the technology and time, there is no fool-proof safeguard for your bike or components. Even if there were, what's to stop the criminal from stomping your carefully locked wheel and turning it into a potato chip?

That's the inconvenient truth. Deal with it.

If this subject makes you uncomfortable, deal with it, rather then presenting an extremely overdone straw man arguement meant soley to divert the discussion down a fruitless and boring path. Nobody said anything about theft proof or trying to achieve perfect security or defense against very time intensive/noisy methods. As you well know, such a concept as "fool proof" is the position of a fool, and thus easily debated against. There are two issues, the first being simple truth in advertising. If a ulock is presented to you as being high security but in fact can be defeated in 30 seconds with a pen is that an honest transaction? The second is your right to be able to have the facts which allow you to make some kind of rough but intelligent judgement of the risks or odds that you face according to your own unique situation. But here I am, getting sucked into your trap, so I would ask others to avoid this. Like Xenologer said.

Xenologer, Many thanks. Will comment later, falling asleep, but have you seen pictures of Pinheads new security washer? http://www.pinheadlocks.com/index.php?option=com_virtuemart&page=shop.browse&category_id=15&Itemid=60&lang=en&vmcchk=1&Itemid=60 any clue as to what that helps with?

Larcal - good to hear the support - especially as I'm just licking my wounds from a sally onto LFGSS.com. I joined, and PMed the owner; he re-opened that thread. Also PMed a user & proponent of the new titanium Atomic22 locking nuts, & asked him to try my master-key technique on them. Got a snarky dismissal, and in a fit of grump to be honest foolishly posted the ignored PM, which explained my suspicions on how A22s could be cracked. Many posts and indignations flowed - unscrupulous attack on a worthy company, etc., and now the thread is shut again. I have emailed Atomic22, haven't yet heard back.

Regarding perfect security and so on, what I have been interested in is vulnerabilities to non-brutal attacks (no bashing or cutting, nothing that is obvious property damage) anyone can perform with common tools, once they know how. Especially, the possibility of easily-made masterkeys. The Bic pen type of thing, which turns the supposed security into an illusion, and a fragile bubble. A cinch with Pitlock, somewhat harder with A22 if I'm right.

If anyone reading this has A22s and would like to see if my masterkey concept works, post and I'll PM it to you. Not sure I feel like publishing it at the moment.

Hi Antifriction,

Rushing to work here but want to say this. It is very understandable, but I feel like maybe you did'nt have time to really read my post at first pass, and would request that you take a closer look at it and if you don't want to answer the specific points say so. But really, it doesn't seem like you are that fanatically tight in the censorship camp that you could not really help out here. Few people (on the forums at least) have owned and tried to finagle both systems. And I can't afford to. After all, you started this post with the very disturbing info that any yahoo with no mechanical experience could put me on the dark side of the road, maybe for months, with just a pair of pliers. (By the way, what are lawyer's lips? I don't have anything but a very slight protrusion there.)

I'd like to keep it away from Atomics for the moment, for simplicity sake, and to stay focused, xcept for maybe your opinion that they are a real improvement, or not.

Not to push aside, but in addition to my original post, or to clarify.-- You must be familiar with the recent change in both systems, the Pinhead which I left a link to, the Pitlock pictured poorly on the now gone lgss, which I had very brief contact with. Do they nullify the vice grip attack you mentioned, as well as other well known common attacks. If so, which ones? What happened to your attempts to work with these companies that you mentioned? Imo, any company in the security business that fails to address these issues, especially when the fix is cheap and easy, as you said, is beneath contempt, and deserves what they get.

If you are able to take the supposed upgrades into account, and I emphasize "only if", pray tell, which system would you buy today if forced to chose between these two? (and maybe why if you can) And then, if you think Atomic is superior you could say that in addition. Yes, of course, brutal attacks aside. Cheers

Good post, Xenologer--you made a real contribution with several of your ideas for makeshift do it yourself defenses. Concerning the "general purpose wheel skewer attack". It is a problem, but like you I am not as concerned about it as other attacks as it does require mechanical knowledge, plus owning cone wrenches, as you say. I guess this is one advantage of having cartridge hubs as they don't have cones, so guess you're okay here but not sure, never owned them. All of shimano's are the cup and cone I think. Will try to pursue that spacer idea of yours once I commit to something and report back if possible. Which system has the best odds do you think? If you have an opinion about that Pinhead washer I left a link for and prefer to PM me instead please do. Looks like you have enough posts, unlike me. :)

Antifriction--Is there an attitude here?

"Locks are made to protect you from honest people."

Translation: anyone who wants your stuff bad enough will likely get it.

BUT, these products make it tougher for many, too tough for more than a few. It removes 'opportunity' from many scenarios.

I'm running a $20 set of Trans-X, take a pentagonal 'key'; longnose vise-grips and regular pliers could make short work of them. BUT, somebody'd have to be smart enough to figure that out. THEN, be quick enough to do it without me untwisting their head from their body.

I saw a sticker in a MTB magazine a decade ago, on a reader's bike pictured in it; the sticker said: "WARNING: This bike protected by EXTREME VIOLENCE!" Love to get one, If I could find it........


http://www.ebay.co.uk/itm/PROTECTED-EXTREME-VIOLENCE-rude-funny-motorcycle-bike-car-tool-box-sticker-/150831490148?pt=UK_Motorcycle_Parts&hash=item231e41e464#ht_964wt_147

Antifriction--Is there an attitude here?

A hospitalization, actually.

The POG washer is supposed to deal with the Gator universal-wrench. Here's the Pinhead patent that includes it:
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-adv.htm&r=1&f=G&l=50&d=PALL&S1=08061169&OS=PN/08061169&RS=PN/08061169

In terms of consumer advice, I'm not sure I've heard of any actual thefts of wheels protected by either Pinheads or Pitlocks - even though both are vulnerable to the cone trick, which is somewhat-common knowledge. (Seems like thief population and mechanically-literate population are pretty much disjoint. I call it placebo wheel security - it works so long as everyone thinks it works.) So I rely on them for my wheels of no particular distinction. If I had a Rohloff or suchlike, I'd make sure to snag it with the shackle lock.

I've put in a patent application that deals with cones and every other vulnerability I'm aware of, and submitted it to Kryptonite on Friday. No help in the short term, but maybe worth knowing.

Wouldn't a piece of pipe cut to the right length, and slipped over the cones and locknuts stop this method?

A hospitalization, actually.

The POG washer is supposed to deal with the Gator universal-wrench. Here's the Pinhead patent that includes it:
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-adv.htm&r=1&f=G&l=50&d=PALL&S1=08061169&OS=PN/08061169&RS=PN/08061169

In terms of consumer advice, I'm not sure I've heard of any actual thefts of wheels protected by either Pinheads or Pitlocks - even though both are vulnerable to the cone trick, which is somewhat-common knowledge. (Seems like thief population and mechanically-literate population are pretty much disjoint. I call it placebo wheel security - it works so long as everyone thinks it works.) So I rely on them for my wheels of no particular distinction. If I had a Rohloff or suchlike, I'd make sure to snag it with the shackle lock.

I've put in a patent application that deals with cones and every other vulnerability I'm aware of, and submitted it to Kryptonite on Friday. No help in the short term, but maybe worth knowing.

Hi Antifriction,

Boy, are we separated by a huge canyon or what? The drawings don't display on that patent link.

Look brother, I have not asked you to reveal any lock defeat methods that you don't want to so I don't understand why you remain so distant, saying nothing of substance whatsoever. You like to hint in every single post about your advanced knowledge plus starting this post with alarming and specific info about how easy they are to defeat, so what do you expect will be the response? How about a little responsibility for your words?

#1---Saying the new washer is "supposed to" protect against the gator doesn't help much and is not the answer of someone who is interested in, has successfully worked at, and thought about defeating this system, as you claim to have done. The question was and is, are you convinced that it does in fact do this? You sound like someone who could care less, like they never even considered it.

#2---Does the washer protect against the vise grip attack? This is an obvious low brow attack and you've allready mentioned it so I don't get your reticence here. With your experience, I'm sure just a picture of the washer would suffice

#3---what are "lawyer's lips" I have only the slightest ridge on my front fork, almost not there.

#4 are you familiar with the new upgrade to pitlock from like Feb/2012 being some kind of deeper beveling?

#5 if so what is it supposed to do? Vaqueness okay here

#6 Does it in fact fulfill such purpose? A true improvement?

#7 If you had both systems in your garage, and on the condition they both had the latest upgrade, which would you choose as providing the highest odds of security? And do you hear the condition here????????????.

I don't know why people (on other posts I am not involved with) keep mentioning the lack of certainty in security, as if it is relevent to the discussion, as if it is not a matter of degree. Your slant is to use the "placebo" expression, but Retrogrouch did this too, for some reason assuming I am stupid.

#8 Does the answer to #7 take into consideration knowledge of each upgrade? Either pictorial or experiencial is okay.

#9 Why?---- I.e, is your favorite because it is less vulnerable to common tools iyo? No? is it because it takes more skill or knowledge to defeat iyo" Etcetera.

#10, not a question, but just to repeat. If for some odd reason you have not held an example of each upgrade in your hand, I would still think that with your experience that would not be necessary. A picture would suffice.

I hate to harp on this but I originally started on this because I assumed I was not asking too much of someone who had real interest and knowledge in this. That it would take me just a few minutes to ask and for you to answer and that you would enjoy helping because of your interest. That you would answer easily even more then I could think of to ask in the moment, because it is all so obvious what the concerns are. Once I invest the energy I want to save it. Perhaps wasting more. A failing of mine, I'm starting to see.

Perhaps you could keep this letter form and just put an answer after each question, even if the answer is you don't want to deal it, at least we'll know you heard it. This experience of talking past someone is kind of maddening.

Vagueness over specific details works here if you want to but come on, Antifriction, I should not have to keep being so laborious, if you would just repond as someone who has some real interest in this subject as you claim. There's probably more around this (maybe that i've asked before and can't remember at this moment) so Like, you know, grok it.

Thank you

SkOtt: yes, though it would tend to grind, if not fixed to one part & kept clear of the other.

Larcal - I just survived the implosion of my carotid artery and a consequent stroke and have a reduced life expectancy and so forth, so maybe my sense of scale is a little different than yours. I thought I was being quite forthcoming. As I understood it you wanted consumer advice, so that's what I gave you in my last post. If it wasn't clear enough: use either brand; almost certainly no thief will know enough to defeat them (and anyone who has read this thread knows enough to defeat both).

That's the US Government's patent site, and it does work - the images are TIFFs, so you need to have a TIFF viewer installed. AlternaTIFF works; the site provides a link to it. But you can read the text anyway, and if you want to see the POG there's a photo on the Pinhead site.

#1: I've never seen a Gator wrench - but that's why Pinhead added the POG, so I'd assume it works. Reason I don't care is that other methods (such as cone trick) definitely still work. Does it matter how many vulnerabilities there are?
#2: No. It doesn't shield enough of the edge.
#3: rim on fork tips to keep wheel attached if QR opens - insisted on by lawyers. Mine are tall enough to act as a shield.
#4,5,6: I think it is deeper beveling, don't know why, won't have any effect on the vulnerabilities I'm aware of.
#7 - I do use them - as I said last time. Used Pinheads all last year, even after finding vulnerabilities; using Pitlocks now - because someone stole my pannier, with the Pinhead key in it. I owned both, & was choosing the Pinheads because I like the look of them better. Degree of security? Edge to Pitlocks, not because of the shield - the bolt-head is just as good an attack point as the nut, and is naked in both systems. Pitlock just does a better job of beveling it - I never succeeded in undoing a Pitlock with Vise Grips.