LSC_127 New Brink’s Heist Clues === [00:00:00] Charles Current: Welcome to Locksports Caster, weekly source for Locksport News. This is episode 127, recorded December 4th, 2022. I'm your host, Charles Cur, and in today's episode as alo selling Mtech in Yale, new clues in Brinks Heist, multiple car brands exposed to hacking criminals, continue to prey on locksmith products, events, meetups, sales giveaways, and. [00:00:36] You can subscribe to the audio version of this show, most podcast apps, and at The Lock Sportscast dot com. You can subscribe to the video version on YouTube, Odyssey Rumble, or Apple Podcast. Links to stories discussed will be in the show notes. Some apps limit the link to show notes and the ability to post links, but you can find full show notes with all of the links at The Lock Sportscast dot com. [00:00:55] First up, I'd like to do a couple quick announcements, a correction from last week. I have to apologize for my American bias on, uh, Lock Fumblers 300 subscriber giveaway. I erroneously said that the dates. Copy and pasted. They, they didn't appear to be correct. That was just my American bias in the way I look at dates. [00:01:20] Um, I should have realized those dates were in a different format. I was reading through it really fast while recording last week. I didn't pre-read it. I was just reading it while recording. And when I looked at 'em, they, it looked like September 12th, but it was actually in the day, month, year format. So it's, uh, the giveaway runs until. [00:01:44] Um, so apologies to Locke Fumbler and to my non-US listeners for my, uh, American bias on reading dates. Also, I've done a horrible job of promoting this this year, but don't forget that the Locke Awards nominations will start on January 1st. You can also, if you follow the link at the top of the page called Suggest videos for 2022, you can add video. [00:02:11] That you think other people might want to, uh, nominate, I will try to put up a list of those in a blog post on the site starting in January so that you can review those, what other people have suggested, and compare those with what you might have in mind before you nominate any videos. And that is@lockeyawards.net or Lock awards.com. [00:02:33] First up in the news asset, Aloy is selling Mtech and Yale businesses to Fortune brands. A announced on Friday that it will sell. Its Yale and Mtech Lock Brands and US and Canada residential business to Fortune Brands home and security in an 800 million US dollar cash deal as it seeks to overturn US antitrust opposition to its purchase of a unit of spectrum brands. [00:03:02] Earlier this year, US Department of Justice had sued to block the 4.3 billion proposed deal by as a. To buy the hardware and Home improvement division or HHI of Spectrum Brands Holdings, Inc. That makes residential door hardware because they say the deal signed last year could lead to higher prices Asset. [00:03:25] Aly CEO put out a statement on Friday that said, while keeping these residential businesses in the US and Canada would have been preferred, we are confident that we have now fully eliminated all competitive concerns alleged by the do. And that the acquisition of HHI is in the long term interest of our shareholders. [00:03:44] They say that, as said, it's residential business outside of the US and Canada are not in scope to be divested In a separate statement, spectrum brands said, The sale of these strong businesses will fully and completely resolve any conceivable competitive concerns and will further benefit consumers by enabling fortune brands to be even stronger competition to all segments of the residential security market. [00:04:11] So it sounds like it is a done deal, and we will wait and see what the US Department of Justice has to say about that. Will they approve it or will they continue to fight? It doesn't sound like they'll have a whole lot of grounds to. To continue to fight that, but, uh, you never know. And over on Twitter, Jeff Moss shared a screenshot of a notice that, uh, Allegion prices are increasing. [00:04:38] The note says that Allegion is announcing a price increase that will go into effect February 25th, 2023, and supersede all of their pricing. The increased percentages are as follows, residential hardware, portfolio, mechanical and electronics, both up five. Commercial hardware portfolio, Schon din lcn, mechanical all up 8%. [00:05:02] Schon din LCN, electronics all up 10%. Balcon and Dexter. 6% accessories including zero G and I V E s 6%. Lock nix up 3% and Steel Craft slash Republic 8%. It says these percentages are averages across each brand at the series level and may be higher, lower, or no increase for some products within those brands. [00:05:32] I know that's not really important to most of the Lock supporters, but the Locksmiths might be interested in that. And the LA Times is continuing their reporting on the Brinks Heist with a new article entitled New, new Clues in Brinks Heist Mystery video shows suspicious men at jewelry. According to the article, suspicious characters were spotted around the event center during and after the jewelry show. [00:05:57] Some of them were reported at the time and some of them were confronted by employees and reported to security. There were a handful of concerning encounters with unknown individuals. In one case, a man wearing a baseball cap, dark glasses and an earpiece was spotted outside the event center. He lingered near a loading area at the rear of the building after the expo closed. [00:06:18] According to Brandy Swanson, the show's manager, Swanson said he was told to leave the property adding that the man got into a red Dodge charger that just looked funny. A photo was taken of the sedan and later shared with at least one jeweler a little after 5:00 PM on July 10th. As vendors were packing up after the expo had. [00:06:42] A man in dark jeans and black windbreaker sat on a folding chair near the back of the San Mateo County Event Center. He sported an earpiece and wore a blue surgical mask that obscured his face. At that point in the day, only authorized personnel were allowed inside the exhibit hall, so the man drew suspicions of the show manager Brandy Swan. [00:07:03] He reportedly told Swanson that he didn't speak English, but she was undeterred. A security guard came up and she told him to follow him out the front door. Once outside the event center, the man in the windbreaker was joined by another man who wore a matching surgical mask. A show staffer took photographs of the men and a silver Honda Civic that they drove off. [00:07:27] Around 6:00 PM one of the jewelers at the show stepped outside the event center and noticed a car in the parking lot that looked odd. It was a gray vehicle whose windows were blacked out so that you could not see inside. Even the front windshield had a dark tent, and the car did not have a front or rear license plate. [00:07:44] The jeweler attempted to photograph the vehicle, he said, but it drove away. He reported what happened to security personnel stationed at the front of the exhibit. Swanson confirmed that the guards had received the tip from the jeweler and said that they also had been unable to take a photo of the vehicle. [00:08:02] Although the appearance of suspicious characters in and around the event center that day would take on an increased significance after the theft, and rightfully so. Two people familiar with the law enforcement investigation of the heist. Caution that investigators believe suspicious individuals frequently watch the jewelry expo, which travels across the country. [00:08:22] Over the years, the event has been hit by snatch and grab style artists who attempt to steal from jewelers and patrons. And the show in San Mateo has been a regular target of such criminals. Typically, they come at the end of the show when the guys are packing their cases and they hope to grab one briefcase and run away. [00:08:42] Sheriff's Department investigators who are working with the FBI have obtained video related to the incident, at least, some of which is from San Mateo event. Swanson said the show gave the authorities several photos and videos taken at the July 10th expo. Swanson said that that night there was a lot of stuff going on and that exhibitors and Brinks representatives had been warned of the troubling activity as the jewelers packed up their showcases. [00:09:09] After the show, a message was broadcast over the facilities loud speaker, informed by the presence of the suspicious men in and around the event center the. Urge Jewelers to take precautions while departing the facility. Although show organizers routinely issue these type of messages on this day, Swanson said that it was offered with extra urgency given what had transpired around the same time. [00:09:36] She said she delivered a separate warning to the Brinks representatives at the venue, at least some of whom were there to handle the intake of the jewelers cargo. And she said, I specifically went over to those guys and said, listen, there's a lot going on here tonight. You need to be aware. I said, listen guys, there are a lot of people around here who shouldn't be. [00:09:57] I don't know if they did anything or not. I said what I wanted to say and walked away. A jeweler victimized in the theft, said that as he packed up his booth, at the end of the day, Swanson told him she had just delivered a warning to the Bris. Callahan that brings spokeswoman said that the company was not aware of a report of suspicious men outside or inside the San Mateo show, and was not advised of such persons near the area where the claimants were signing the shipping contracts and tendered their shipments. [00:10:33] So we have, uh, several reports of suspicious activity, the venue. Is saying that they notified everybody including Brinks. Brinks is of course saying we didn't know anything about it. That is one of the downsides of verbal only communication. You cannot prove that you said it necessarily. If you said it to one person, did they pass it on? [00:10:56] So if there had been some sort of written communication in addition to this via email or something like that, it might have been, uh, provable. Who's telling the truth and who's. We'll see if the investigation shakes out anything out on that front. Next step, we have some security flaws discovered in cars recently. [00:11:16] Both of these have reportedly been already disclosed and patched, but uh, worrying that things like this are still being found so readily. First article was entitled Several Car Brands Exposed to Hacking By Flaw in Sirius XM Connected Vehicle. Researcher Sam Curry described a recent car hacking project targeting Sirius xm, which he and his team learned about when looking for a telematics solution shared by multiple car brands. [00:11:49] An analysis led to a discovery of a domain used when enrolling vehicles in the Sirius XM remote management functionality. Initial tests were conducted on the Nissan Connect Mobile application, which led to the discovery of a vulnerability that could allow a remote hacker to obtain a vehicle owner's name, phone number, address, and car details. [00:12:09] Simply by knowing their vehicle identification number, which is typically visible through the windshield, the attacker would need to send specifically crafted http requests containing the victim's VIN in a certain per. Further analysis showed that the same vulnerability could be exploited to run vehicle commands, including locate, unlock, and start car, as well as to flash, headlights and honk the horn researchers determined that such an attack could be launched against Honda, Nissan Infinity, and Acura cars. [00:12:43] Sirius XM immediately patched a vulnerability after being informed of its existence. The company said that it released a patch within 24 hours and noted. It has no evidence of any data getting compromised or unauthorized modifications being made. And in a separate Twitter thread last week, uh, Curry reported a different vulnerability, one that allowed researchers to control some functions of Hyundai and Genesis vehicles by knowing the email address the victim had used to register a user account. [00:13:15] Details of this attack can be found both on, uh, Curry's Twitter account as well as. Article here on the Daily Swig. The attack allegedly worked on vehicles made after 2012. Hyundai and Genesis also released patches after being notified. Curry noted that recent cybersecurity research on vehicles tends to focus on cryptographic assaults on physical keys, but that novel exploits aside the websites and apps supporting modern communication protocols and controls may have been. [00:13:50] For example, the Hyundai and Genesis mobile device apps allow unauthenticated users to manage functions including starting or stopping, unlocking or unlocking their vehicles, which could be a serious problem if compromised. Using Burp Suite, the researchers proxy app traffic and monitored API calls seeking an entry point. [00:14:12] Korea explained that there appears to be a pre-flight check when JSON web token. Were generated during an app's email and password credential check. However, as the server did not require email address confirmation, it was possible to add a care return line, feed character to the end of the existing victim. [00:14:33] Email addresses during registration, and create an account that bypassed the Jason web token and email parameter check. The app's HTTP response returned the victim's vehicle identification number during testing. Curry was then able to send an HTTP request with crafted account details, and after a few seconds, unlock a test car. [00:14:59] The article says that, uh, the attack chain required many requests. The researchers therefore created a python proof of concept script compiling these steps. And according to a video of the script in action, an email address is all that's required to launch an. Actions that the team were able to carry out included remotely flashing the victim's headlights, honking the horn, starting or stopping the engine, locking or unlocking the car, changing a pin number and unlocking the boot, the trunk for those of you in the us, Carrie said the vulnerability was disclosed to Hyundai roughly two months ago as part of a package of telematics issues impacting different car manufacturers related to Sirius XM remote management. [00:15:45] One we discussed earlier, a fix was issued before the vulnerability was made public, and while Curry said the project was mainly for fun, commenting on the research, specter said, I do want to highlight. We started this research because we all recognized that embedded security for vehicles was getting increasingly better, but application security was lagging behind by a large margin. [00:16:10] We wanted to push that change and we hope we. So you don't have to worry. Both of these particular vulnerabilities have already been patched. But again, it points out that as they say, the, the security of the vehicles is getting better, but the app security's lagging. So the more convenience features you add, the more connectivity you add, the larger the attack surface. [00:16:38] If you've got a whole bunch of different convenience features, you've got apps, you've got wireless, Bluetooth, you've got all these different special features, it only takes one programmer making a mistake in one part of it to potentially create a chain that will allow access. Security is difficult. [00:16:59] That's the lesson here. Security is difficult and, uh, we're getting better, but we're still a long ways from, uh, Moving on to community news. I received a note this week from Culper Woodhill, which was good to hear from him. I haven't heard from him in a while. And in his note he says that, uh, it looks like his article on the origins of Lockwood Manufacturing Company is going to be published. [00:17:21] And I will just read his note here so uh, you can hear it from him. I'm excited to announce that my foot in the door of investigative journalism paid off since 2019, I've been researching the origins of the Lockwood Manufacturing Company. Later known as Lockwood Hardware Manufacturing Company and have found a definitive link between both Lockwood companies that are located in North America and Australia. [00:17:44] Not only did this take much needed time to conduct thorough research, but it was also difficult to find this article a home in a magazine for traditional publication. I'm told from the American Lock Collectors Association that my Lockwood piece will be published in December. Inside the Journal of Locke Collecting Magazine in the upcoming publication of 2022, it has certainly been a journey researching this company from America to Australia. [00:18:14] I've had a privilege of working with some of the company's employees, multiple historical societies, libraries, families related to the owners, especially the Ogden family, and just a lot of awesome Locksports. I found myself working with and through the Lock Pickers United community and eventually the Australian Pickers community who've been incredibly generous to invite me into their community, to help me along my journey to uncover the historical truth about Lockwood Brand in Australia. [00:18:42] What it meant from way back to 1887 in America and what it still means today. The wealth of information from these communities combined can only be measured as invaluable. I think the many individuals that have worked with me reached out, returned my emails and phone calls, organized packages to be sent from halfway around the world and to have made this historical article possible. [00:19:05] You know who you are and I thank you. So congratulations to Culper and uh, we'll look forward to that article being released. I'm gonna include a link in the show notes to the uh, American Block Collectors Association's. They say that the Journal of Lock collecting is published five times a year. Um, to join, just click on the membership application. [00:19:29] So, so those of you who are interested can head over and check that out. Moving on to videos, videos. This week we have making a mini Safe with combination Lock from stainless steel and brass milling turning EDM machine. Um, what a. The video's pretty cool. It's, uh, a lot of footage of the machinery working as he's building this combination. [00:19:54] Say from scratch, the video was posted on the YouTube channel, Matthews Tools. The description reads this project took a lot of time and energy, roughly two months of work, and cost quite a few overtime hours. The raw materials mostly consist of stainless steel and brass, but of course I also used aluminum to lighten the structure. [00:20:13] It has become quite a heavy piece compared to its size. Weighing about five pounds. Fine adjustment of the door took a lot of time and precision. I tried to produce as precise parts as possible so that the structure would work without gaps. Anyway, pretty cool video. I recommend you go check that one out and Roon night put up a video called Next Generation of My Cuff, pick 3.0 and My Best Time Getting Out of Thumb Handcuff. [00:20:40] Description says this will be my third model of cuff picks, and I really like this one. Took over four hours to finish making, but happy with the final results. Picked myself out of thumb cuffs and handcuffs in under one minute. My personal best so far, and I will have a link to that one in the show notes too. [00:20:59] It's an interesting, uh, pick arrangement. A very flexible set of joints so you can reach it around whichever way, but it all folds up to be pretty. Right. So next up, Terrell shared a tweet from Info InfoSec Exchange where somebody posted a screenshot of a song title cover art, and said that his kids love this song and that the song is basically completely about Lock picking and how locks work. [00:21:26] And I was able to find a YouTube video on a Netflix junior YouTube account called How Do Keys Work Story Bots Answer. And, uh, it contains the song in, in the video and it's, uh, a little cute little video from the story. Time bots, learning how locks work, and, uh, shows some great diagrams, some animations of the pins, and the sheer line and how all that works. [00:21:56] Pretty cool stuff. And Steve Lato, uh, Lao's Law posted a new video called New Law would make it illegal to appear into someone Else's. This is a, the video is about an ordinance being is considered, considered, not yet actually in place, but being considered for approval in New Jersey. The law would, uh, make it illegal to look in people's cars if you don't have a specific right to be there, uh, trying to prevent car thefts and, and stealing. [00:22:27] There are a couple other things in the law about, uh, making it illegal to use tools to scan for key fob. But again, he goes into a little about the legality of Lock picking and, and owning Lock picks and, uh, the fact that he thinks this law is too vaguely written to actually be enforced in a court. But, uh, anyway, sounds like they're trying to make some steps, but, uh, they might be missing the mark. [00:22:58] Moving on to the product front, uh, only really have one thing looks. Houdini, Lock Lube is officially available at some Walmart stores and on the website, uh, I'll have a link to an article about it here. The article's terrible, really, it has no real information. It's kind of a punny written article, but uh, also include a link to the walmart.com website that has the, they have multiple listings for Houdini. [00:23:23] Only one is actually sold by walmart.com. The other is, you know, the affiliate thing that they have going on or, Um, but one of 'em is actually sold by walmart.com and can be shipped to your local store if it isn't already there. So just in case anybody's interested, Walmart, Houdini in the links. Moving onto events and meetups, lay Lock Pick Festival taking place, uh, this week, December 10th and 11th in Paris. [00:23:53] Not open to the public for locksmiths only, but if you're in that area, might be something to check. January 27th through the 28th, we have Cactus Con in Mesa, Arizona at the Mesa Convention Center, and they will have a Lock picking village according to my sources. And then we have Clacky Con taking place May 5th through the seventh taking place in Durham, North Carolina. [00:24:25] For Lock Pictures, United Belts. This week we really only have one new one. We have a brown belt by Nix. Congratulations to you Nix for your new brown belt. Very well done. Anybody not already familiar with the Lock Pictures United Belt System? You can find links in the show notes to several videos and pages that explain the rules and what it's about and how to, uh, how to get started. [00:24:45] So be sure to check it out and join the. Now it's time to take a quick break. Say thank you to the people that made this episode possible. I'll start with the financial supporters. We have. Meddler, Panda-Frog, Michael Gilcrest, Starrylock Williams Brain, Dave db, decifer, Liibans, Locksports, Journey. Pat from on said test. [00:25:00] Go through records and code. Anthony aka Terrell, Dr. Hog Master Clayton Howard, aka. Cool tune. John Lock. Mr. Picker. Cranky. Lock. Picker. G P. Picking Barebones, Lock picking Deadbolt, cafe, nwa, Lock, picker Snake, and Paracentric. Thank you to all of you, chief Content producer for this episode. Yet again gonna be Anthony a k Chirael, other content producers, barebones Lock, picking Coupler Woodhill I Fisk, Jeff Moss, Joshua Gonzales, Lock Fumbler Mix. [00:25:27] 7 7 7 Oz Oak City, Lock Sport Panda-Frog, Chirael Locke, and Tony Valey. Thank you to all of you for your. This show would not be possible without that support, so please help keep the show going. The number one thing you can do to help the show is sending in news links, events giveaway information, anything you have that's Lock sport related that you think the community would love to know about. [00:25:50] Send it into podcast at The Lock Sportscast dot com. Don't forget to share the show with your Lock picking friends. Leave a review, comment thumbs up. Whatever the application you consume on allows you to do, don't forget to subscribe on your favorite applic. If you wanna support financially, you're welcome to via PayPal, Patreon, or Subscribe Star. [00:26:10] You don't get anything extra for it. Just a way of supporting the show if you want to. Definitely not required, but all types of support are appreciated. Thank you to everyone who has supported the show so far. If you wanna send some feedback, you can go to Lock Sportscast dot com slash contact or go podcast at The Lock Sportscast dot com. [00:26:29] If you want it, share it in the show. Let me know. If you don't wanna share it in the show, please let me know that. If you want it shared on the show, you're welcome to submit a note, video or audio recording, as long as you keep it reasonable. Length, polite, work, family safe, no politics and no drama. Moving on to criminal news, we've got two different stories of thieves targeting locksmiths. [00:26:49] First up, we have Accused Thieves, target Locksmiths, steal key programming machines out of Memphis, Tennessee. So Locksmith was working at Techno Keys helping a customer when two young men came into the. Ask about key fobs for infinity cars. The locksmith told the men that they couldn't have them and they left the store. [00:27:10] Reportedly the men then went around to the back of the building, broke into his work van, and stole key programming machines. Locksmith says it's not the first time that this has happened. They've been hit three times over the last year. He said, this time Thieves got away with the Smart Pro key program. [00:27:29] $17,000 and the Auto Pro pad key programmer worth 2,900 us. He said the machines allow criminals to program keys for most vehicles. Police say the suspects were caught on camera and seen leaving techno Lock and keys in the stolen black Infiniti that may have been used to commit other crimes. Thanks to a crime stoppers tip, they were able to identify the suspects and made one arrest. [00:27:55] An 18 year old suspect was booked into the Shelby County Jail on two counts of theft of property. And also this week in a separate case, police arrested another suspect, 19 year olds old after he was caught in the act using a programmer to steal a white infinity from a parking lot. Police say that while that suspect was running from the officers, he dropped a backpack that contained programming plugs, nine key fobs, four USB cables, and a stolen gun. [00:28:25] He faces several charges of evading, arrest, theft, and burglary of a vehicle. They know what they're after. They know where to find it, and they are going to keep trying to steal. The second story is, was entitled Auto Technician Recalls being Shot in an attempt to steal a key program he used in car thefts. [00:28:46] This is outta Chicago. So the technician, Mike, who wanted his last name withheld programs key fobs for drivers who need a replacement. He believes he was targeted for his key programmer on the South Side Alley two weeks. He says he definitely needs to be screening his customers better. He said he was called for a job in the city's grand crossing neighborhood, but the customer who requested a new FOB wasn't there with the car. [00:29:14] Instead, he says two other vehicles boxed in his car and a handful of robbers armed with long guns started rifling through his backseat. He said at that moment I started to go in reverse. I mean, I was hoping to get them because my car was the only weapon I had, and obviously they had. Said he managed to crash his way out, but the offenders opened fire hitting him in the wrist and right shoulder bullet FRAs lodged in his hoodie. [00:29:43] The article says that, uh, he is just the latest victim in increasingly common crime. The theft of programmers, which McCarthy's used to open locked vehicles, they say in June. Video captured thieves using a sledge hammer smash into a bridge view locksmith. After searching for less than two minutes, the burglars race outta the business with eight programmers. [00:30:06] The technician, Mike's car is currently shot up, bent up, and otherwise unusable, and, uh, he is currently unable to make living, especially with his wounds still healing. So again, be careful out there. This is becoming more and more common it sounds. Moving on to Sales Barebones Lock picking Discount code Bones 10 for 10% off store wide now, including Law Lock Tools, and the code will run to the end of the year south or still has two products on there. [00:30:40] Cosmetically, blemished, Lock Pick Tools and Accessories. Sale Page Review Guru still has a link posted for 10% off with Law Lock Tools with a minimum purchase of 50 pounds it looks like. 3D Lock Sport, 10% off. With the code Ls cast 10 Mako locks, 15% off with the code by Mako and UK Lock Pickers dot code uk. [00:31:05] 10% off if you use the code gift. And in giveaways we have Lock Fumblers 300 subscriber appreciation giveaway, and that runs until December 9th. December 9th. If I read the digits correctly, it's December 9th and the drawing will be on December. So you still have a little bit of time left if you are checking this episode out right after it comes out. [00:31:28] So be sure to head over and get entered in that Panda-Frog is doing an advent giveaway, so be sure to check out Panda Frog's channel. And while you're there, be sure to keep an eye out for his latest video in the huge two K subscriber giveaway that he's doing with five videos total. So be sure to check that. [00:31:50] The giveaway ends one week after the fifth video is posted. And if you're really into giveaways, head over to, uh, CLK supplies, check out their hashtag Lock Boss giveaway. Lots of good prizes in that one. And that brings us to the end of the show. Thank you everyone for listening. I really appreciate all of the new subscribers, all of the old subscribers, the people that have been listening for a long time. [00:32:13] All the people that help send in news, links, events, giveaway information, all that wonderful. And to, of course, the patrons and other donors, uh, love you all wouldn't be able to do this show without all of that support. Really, really keeps me going and keeps me motivated, so thank you and keep it legal.