"The Combo Breaker can guess all three numbers on its own within a few minutes, but if you manually find the first number that makes the dial get stuck when you pull on the shackle, then Samy’s device can open the Master combination lock within 30 seconds, using a maximum of only eight attempts. To be more precise, Samy’s technique will give you the exact first and third numbers of the combination, plus eight possible second numbers." - via TechnoBob's Lambert Varias
Reports of threats made by attorneys for CyberLock targeting security researchers at IOActive have appeared at Ars Technica. The piece, written by the inimitable Dan Goodin, details the work accomplished by the researchers. We've seen this form of bad behavior by outed lock manufacturers before, interestingly - most (if not all) to no avail.
The money quote:
'Thursday's advisory from security firm IOActive is notable not only for the serious security issues it reported in the CyberLock line of access control systems, which are certified to meet a wide range of US governmental requirements and certifications. The report is also the topic of a legal threat from CyberLock attorneys who invoked draconian provisions of the Digital Millennium Copyright Act if IOActive disclosed the vulnerabilities. A redacted version of a letter CyberLock outside attorneys sent IOActive researcher Mike Davis has reignited a long-standing tension between whether it should be legally permissible for researchers to publicly disclose unfixed vulnerabilities in the products they test.' - via Dan Goodin at ArsTechnica