U-Lock Security
And security problems...
U-Locks are physically one of the safest ways to lock up anything. Name brand varieties (Kryptonite, for example) are made from hardened steel, and as such are quite resistant to filing or sawing. I can say from personal experience that trying to use a propane-oxygen torch on a hardened U-Lock is also not very productive, as the cutting process can take upwards of 45 minutes--plenty of time for someone to pass by and notice a thief trying to steal your bike. Many thieves try using car jacks to break the locks, and though this can be effective, it is very conspicuous. The bolt itself is also well designed. Though it often varies by company, it is usually some variety of a catch that fits over a notch on one of the legs of the U. Most Kryptonite locks use a curved steel bolt that rotates over the notch on the bar. This is obviously very hard to tamper with, making it difficult for someone to use brute force to break the lock and steal the bike.
For years, these traits served to make U-Locks the ultimate mechanism for securing thing such as bicycles, barbecue grills, and gates. However, there is one element of U-Locks that makes them almost worthless: the lock itself. U-Locks have for decades used "tublar cylinder" locks (the type with the round key). Many people thought these were safer than the traditional flat key lock, since it would be harder to pick them. This is in fact true; picking a circular lock is difficult. Most have seven pins, set at different depths, and requiring different levels of depression. And, unlike a traditional lock where after setting the pins, all one needs to do is turn the cylinder with some flat object, a tubular lock requires that the pins themselves be moved in a circle, making "traditional" lock-picking quite difficult.
However, tubular cylinder locks are very vulnerable to a technique known as raking. Racking is simply forcing some object into the lock and physically turning the lock's cylinder, so that the pins are forced into position without you actually going through the trouble of trying to set them. Because a tubular lock lacks the grooves common on flat key locks, all one needs to defeat a tubular cylinder lock is a round, reasonably sturdy object the same diameter as the key. For Kryptonite locks, a plastic pen cartridge will usually do the trick. Older models had slightly wider keys, so while a Bic pen will not work on them, the cap off of a thin Crayola marker fits perfectly. To open your tubular lock, simply force the pen cartridge or marker cap in as far as possible--you may need to tap it a bit--treating it as if it itself were the key. Full insertion is important, because if you don't depress the pins at the bottom, the lock will not turn, and all you'll do is tear up whatever you're using to force the lock. However, if you succeed in depressing all the pins (it's not that hard, especially with practice), the next step is simply to turn your marker cap or pen, and the cylinder itself will follow just as easily as it would if you were using a key. After opening your lock, remember to turn the pen/marker cap back to its starting point, or else you won't be able to fit a key in the lock, as the cylinder will still be turned to the unlocked position. Some people on online forums noted that if you turn the lock the full 180°, you may not be able to return it to the locked position with the pen/cap, so be careful when trying this out.
Though this technique has been known for some time (the UK magazine New Cyclist had an article in 1992 detailing this method), it wasn't until late September 2004 that it became publicized, thanks in great part to the internet. The results, of course, were not at all good for lock-makers. Kryptonite, because it was well-known, got most of the bad press, and has voluntarily decided to run an exchange program (details below). However, a Kryptonite U-Lock is not the only thing vulnerable. Any device with a tubular cylinder lock is at risk. This includes anything from U-Locks by other manufacturers to the key switches on some home security systems to the locks placed on many soda vending machines. Though it is probably possible to modify the cylindrical lock's design to make it impervious to office supplies, the only available solution currently is to replace the cylindrical lock with a traditional flat key lock.
Recall Information:
Kryptonite has decided to voluntarily recall and exchange many of its lock models. Details are available on their web site (http://www.kryptonitelock.com), which also includes a convenient form. Kryptonite will pay postage; the customer need only provide their name, address, lock model(s) and key number(s).
Sources:
USENET newsgroup rec.bicycles.marketplace
http://www.mountainbike.com/community/article/1,4823,10262_621,00.html
http://www.bikebiz.co.uk/daily-news/article.php?id=4637
http://www.thirdrate.com/
http://www.bikeforums.net/ and http://videos.bikeforums.net/