Lindsay Lohan Scams Locksmith – Maybe?

Lindsay Lohan was forced to call in a locksmith when she found herself stranded outside on/off girlfriend Samantha Ronson’s Hollywood home on Tuesday night – but refused to pay him when she discovered another way into the property.

In video footage posted on TMZ.com, the Mean Girls actress is seen walking around the front entrance of the DJ’s house as a friend, known only as Christy, watches the professional work on unlocking the door.

Lohan is then heard telling her pal, “What the f**k, the lock just came undone”, referring to one of the windows, before disappearing out of view as her pal told the locksmith, “You know what sir, we already got in, thanks. We just broke in. We just found a way in.”

But the man refused to leave without at least collecting his £26 call-out fee – and Lohan turned to the paparazzi who were capturing her every move for advice about what to do.

She told the TMZ videographer, “This guy… is asking me to pay him but he didn’t get me in, Christy did. Can you tell him? He didn’t even get me in. He’s trying to charge me $300. I’ve paid these guys before, $80, and now he wants money for trying to get me in, he didn’t do his job!”

After being encouraged not to hand over the cash, Lohan offered the locksmith £13, before returning indoors and refusing to pay anything, prompting the man to return to his van empty-handed.

Its bad enough when you get an average person try to scam you, but when it is someone famous with heaps of cash, well come on.   You call out a locksmith or any tradesman of course you have to pay them.  As for the locksmith asking for $300.00 for a call out, that seems to be a bit silly.  Maybe the locksmith was one of the large scams that is going around at the moment?

Advertisements

The ethics of lock picking and telling

In 2004, a video circulated on the Internet showing how a standard Bic pen could be used to open the U-shaped Kryptonite bike lock. The company recalled the locks, replaced newer purchases, and changed the design for new locks. Problem solved, right?

Not exactly. Despite the fact that the problem had been revealed 12 years earlier in a British bike magazine, Kryptonite had continued to sell the locks unchanged. Angry customers filed a class action lawsuit that was settled in 2005, with Kryptonite offering to replace all affected locks or provide vouchers, and compensate people whose bicycles were stolen as a result of the lock being picked.

“If you don’t make the problems public, the companies don’t fix them and the consumers buy shoddy stuff,” said Bruce Schneier, chief security technology officer at BT.

Bruce Schneier is chief security technology officer at BT.

(Credit: Schneier.com)

There’s been plenty written about breaking into the virtual locks that safeguard sensitive data on the Web. But the picking of real-world physical locks is becoming an increasingly popular pastime for some. Enthusiasts have formed sporting clubs and hold regular competitions. Security researchers write books about how locks can be broken into and show how it’s done on blogs and videos and at security conferences.

Naturally, lock manufacturers aren’t happy. They argue that publicizing the vulnerabilities causes people to panic unnecessarily and puts the public at risk by giving criminals information they can use to break door locks, safes, and other secured assets.

But, just like third-party disclosure of vulnerabilities in software forces manufacturers to acknowledge security holes and patch them quickly, lock manufacturers will find they can’t escape the scrutiny and will have to be held accountable for their products, experts say.

“The concept of responsible disclosure is well and good for new locks that haven’t hit the market yet. But that doesn’t help you when the lock is already embedded in millions of facilities. They’re not going to fix them,” said Marc Weber Tobias, a lawyer who has written a book about breaking into high-security Medeco locks called Open in Thirty Seconds and issued the original security alert on all tubular locks that included the Kryptonite locks.

Tobias will be presenting a session at the Defcon hacker conference in Las Vegas next week on how to break the key control of Medeco M3 locks by making fake keys.

Marc Weber Tobias

Marc Weber Tobias is co-author of ‘Open in Thirty Seconds.’

(Credit: Matt Fiddler)

“How does it help the consumer not to tell them that there is a vulnerability?” he said. “Medeco customers have a right to know whether their locks can be compromised.”

The issue highlights the conflicting world views of two very different groups: hackers who like a good challenge and enjoy taking things apart, and traditional hardware manufacturers who don’t want anyone but certified locksmiths testing their systems.

As the lock manufacturers’ and locksmith trade groups see it, most non-locksmiths picking locks are trying to reduce security, not improve it.

Web sites selling lock picking tools are breaking U.S. federal law, said Tim McMullen, legislative manager for the Associated Locksmiths of America.

Ralph Vasami, executive director of the Builders Hardware Manufacturers Association, said: “We believe that lock picking, obviously, is an illicit activity, even if it’s a sport. We frown on all of that, even if it’s for fun.”

The industry doesn’t need outsiders pointing out flaws with products because there is an established system in place for creating new standards for manufacturers to follow, he said.

Ralph Vasami

Ralph Vasami is executive director of the Builders Hardware Manufacturers Association.

(Credit: BHMA)

“As new technologies have become available that is what spurred product innovation and that spurs development of new standards,” Vasami said. “I think we’re a pretty nimble and flexible organization.”

However, the standards are voluntary, and new security vulnerabilities may not fit in with established procedures. For instance, Tobias said that when he informed the standards group last year that a deadbolt could be broken into with a screwdriver, he was told that the method he was using was not defined in any standard. “The standards aren’t protecting people,” he said.

Unlike with software, where patches and fixes can be downloaded quickly, locks have to be physically replaced when they are found to be vulnerable to picking. This infrastructure issue puts more of a responsibility on vulnerability researchers to not publicize the problems to the public, said Clyde Roberson, technical director of Medeco Security Locks.

“Our responsibility is to make changes when we see a change in the state of the art,” he said. “Everybody has some responsibility to not disclose things that can hurt people and that people don’t have power over changing.”

Asked how a company would know when its locks are vulnerable if it weren’t for independent researchers announcing problems, Roberson said companies should rely on independent testing agencies like Underwriters Laboratories.

“Is it a known vulnerability if people don’t know about it?” he then asked, rhetorically. “I’m not sure you need to worry about it unless people are out there demonstrating it and showing how to do it.”

Keeping a security problem secret
But that notion of “security through obscurity” wrongly assumes that keeping a security problem secret will protect the people relying on the security system.

“The assumption is that the criminals don’t know about it,” BT’s Schneier said. “Criminals know how to pick locks…The secrecy just hides the truth from the consumer.”

“The goal is to make security better. As soon as it’s not responsible to do research, the bad guys win,” Schneier said.

“(The) lock picking (industry) doesn’t get this because they’re basically still a guild–a secret knowledge kind of field, whereas computer security is always built on open knowledge,” he added. “There have been insecurities discovered by computer people-turned-locksmiths that have existed for hundreds of years.”

Lock manufacturers aren’t the only hardware makers confronting this issue. Voting machine manufacturer Sequoia threatened a security researcher who was planning to analyze a machine.

And more recently, Philips Semiconductor spinoff NXP sued to prevent a Dutch university from publishing information on security flaws in its Mifare Classic wireless smart card chip used in transit and building access systems around the world. A judge ruled earlier this month that blocking publication would violate the researchers’ rights to freedom of expression and hinder vital research.

“The bottom line is the public needs to know,” Tobias said. “Let them make their security assessments based on how secure they are told the locks are.”

Misrepresenting hardware as more secure than it actually is poses a liability problem for the manufacturer and for companies using the security system to protect their customers’ assets.

Siemens is having to change 300,000 cards that use the Mifare Classic chip as a result of the discovered security shortfalls, Schneier said.

Locksmith Scam

Locked out? Don’t fall for this locksmith scam

BBB urges consumers to protect themselves from ‘nationwide swindle’

By Herb Weisbaum
msnbc.com contributor
updated 2:32 a.m. ET July 13, 2007

Most locksmiths are honest. A few are not. According to a new warning from the Better Business Bureau, these untrustworthy locksmiths are “ripping off consumers” across the country. The BBB says this “nationwide locksmith swindle” has already resulted in more than a thousand complaints.

“We know that there are thousands more people across the country who have been victims and don’t even know it,” says Alison Preszler with the Council of Better Business Bureaus.

The BBB blames most of the problem on two companies: Dependable Locksmith (New York) and Basad Inc. (Englewood, Colo.). These two firms also operate in other major cities across the country using dozens of generic aliases, such as AAA Locksmith, A-1 Locksmith and 24 Hour Locksmith – names that are also widely used by reputable companies.

The BBB says unhappy customers complain that Dependable and Basad significantly overcharge, charge for unnecessary services, and use intimidation tactics. In some cases, the final bill is four times as much as the quoted price.

“They have made taking advantage of people who are locked out of their house or car part of their business model,” Preszler says.

In Oak Creek, Wis., Carol Pintar was locked out her car on a cold night in December. She looked in the Yellow Pages and found a locksmith in nearby South Milwaukee. They told her the price would be $35.

The locksmith arrived in an unmarked vehicle, rather than a commercial van. That’s usually the case with these dishonest operations. Pintar said he demanded payment upfront – another warning sign. But the price wasn’t $35 as quoted. It was $95.

“I did give him the money, but I really felt funny about the whole situation,” she says. “I just knew it was some kind of scam, so I called the Better Business Bureau.”

The BBB’s Alison Preszler told me, “Many victims have come to us and said they knew they were being taken advantage of, but felt helpless to argue.”

Show me the money
Noelle, who lives in Cleveland, Ohio felt that way. She asked me not to use her last name because she has already been harassed by the company. Last August, after returning to a friend’s house from a rock concert, Noelle realized she had locked her keys in the car. It was 2 a.m.

Noelle looked in the phone book and found “24-Hour Locksmith.” She called and was told the charge would be $40. When the locksmith arrived – in an unmarked vehicle – he told Noelle he’d have to break the door to get it open. “He said he’d have to use a crow bar or break the window,” she told me.

But there was a better option. For another $60, he could use a Slim Jim and pop the door open with no damage. Noelle agreed to the new fee of $100.

.Once the door was open, Noelle was told the bill was $250

“And I was like, excuse me! How do I owe you $250?”

The guy told her there were fees and service charges. And because she was going to pay by check, there was a check-processing fee. He volunteered to drive her to an ATM to get cash, but Noelle didn’t like that idea.

“He would not give me my keys back until I gave him a check for $250. I was very upset because I realized I was being taken advantage of,” she told me. But she needed to get into her car, so she paid.

A few days later, Noelle decided to visit the company, to complain in person. She found several locations listed in the phone book, but they all were bogus addresses.

A common trick
Each of these companies uses a slick trick to appear as if they’re a local locksmith. They place ads in phone directories and on the Internet using fake local addresses and phone numbers that ring at a call center in another part of the country. For instance, dial one of the Dependable Lock companies and your call will be routed to New York.

“Consumers think they’re calling a reputable locksmith and they’re quoted a price that seems very reasonable,” says Claire Rosenzweig, President and CEO of the BBB of Metropolitan New York. “Then these people show up and charge more than you expected.”

For the record: I called both companies and could not find anyone who would talk to me about the BBB’s allegations. The attorney for Dependable Locks returned my call, but would only talk off the record. His only on-the-record comment? No comment.

The bottom line
The Better Business Bureau suggests finding a good locksmith before you need one. That’s a good idea, but most people don’t do that.

So, how do you protect yourself? Be careful. Don’t pick a company at random based on an ad in the phone book. If you’re stuck in a situation where you need help right away, try to find a familiar name.

If you can get to a computer, you can check the company online 24/7 on the BBB’s Web site. If not, call a friend and see if they know of a good local company.

If you’re a member of AAA, you might want to use their locksmith service.

Be suspicious of anyone who shows up in an unmarked vehicle. Never pay before the work is done. Whenever possible, use a credit card. It has built in fraud protection. Finally, if you’re not comfortable with the person who shows up, don’t use them.

If you do get burned, let someone know about it. File complaints with the Better Business Bureau and your state’s consumer protection or Attorney General’s office.