Kaba Simplex lock opens in seconds with a rare-earth magnet
A $300 pushbutton lock from Kaba could be bypassed in seconds with a rare-earth magnet, and that exposed how little price says about real security.

A premium mechanical lock can look bulletproof right up until someone sidesteps the intended defense entirely. The Kaba Simplex magnet bypass is one of those ugly, useful lessons: a lock with a polished reputation, a serious price tag, and a huge footprint still had an overlooked path that let it open in seconds.
The bypass that changed the conversation
Marc Weber Tobias’s Forbes reporting put the Kaba Simplex series 1000 at the center of the story. His account said a strong rare-earth magnet could open the lock in seconds, and that Kaba had learned of the vulnerability in August 2010. The number that made the story sting was the price: about $300 to $400 per lock, sold as a serious mechanical access-control device rather than a novelty.
That price, and Kaba’s scale, were part of the point. Tobias described the company as one of the world’s largest lock makers and said it had likely sold millions of Simplex mechanical push-button locks over roughly 35 years. When a product that established becomes vulnerable to something as simple as a magnet, the issue stops being about one model and starts being about how buyers decide what security actually means.
Why this was more than a picking problem
This is not a classic lockpicking tale, and that is exactly why it matters to the locksport crowd. The attack did not rely on finesse at the pins, drilling through hardened parts, or brute force against the body. It went straight to a hidden weakness in the operating model, which is the kind of bypass that should make every serious lock evaluation more skeptical.
That is the real takeaway for high-end mechanical hardware: price and reputation do not guarantee resistance to the simplest viable attack. A lock can feel substantial, look reassuring, and carry a premium badge while still leaving an easier route open than the buyer expects. If you only test for conventional picking resistance, you can miss the failure mode that matters most.

Where the lock showed up in the real world
Tobias said the Simplex locks appeared in thousands of locations, including hotels, banks, casinos, office buildings, and airports. He later said he was hearing from security officers and locksmiths around the world in both commercial and government sectors who wanted to understand the attack and their own exposure. That kind of reach is what turns a niche exploit into a broader security story.
NBC News later reported on August 8, 2011 that Tobias demonstrated the magnet bypass at Defcon 19 alongside Tobias Bluzmanis and Matt Fiddler. NBC also reported that Tobias said the Simplex 1000 was used in Department of Defense and Department of Energy facilities. Once a bypass is demonstrated on a stage like that, the conversation shifts from theory to operational risk fast.
What the magnet attack teaches you to look for
The Simplex case is a reminder to evaluate a lock the way an attacker would, not the way marketing copy would like you to. Ask what can bypass the intended mechanism without ever really engaging it. A good lock might resist standard picking but still fail if there is a design shortcut, a hidden interface issue, or a weakness in the way the mechanism is actuated.
For locksport readers, that means judging hardware by threat model and design scrutiny, not by sticker shock. A $50 lock can be solid in one scenario, while a $400 lock can be wrong for the job if its attack surface is broader than expected. The right question is not whether the lock sounds premium, but whether it survives the actual methods a capable attacker would use.
- Look beyond pick resistance and test for bypass paths.
- Compare the lock’s construction to the threats you actually care about.
- Treat brand reputation as a starting point, not an assurance.
- Assume any hidden interface can become the weakest point in the system.
The response and the aftermath
Tobias’s later video description said Kaba had fixed the problem and that an upgrade kit could be obtained from the factory. That matters because it shows the vulnerability was not just an academic curiosity or a one-off stunt. It was serious enough to force remediation, which is the only outcome that really proves a flaw was operationally real.
The story also spilled into legal territory. Consumer Law Group says a Canada-wide class action against Kaba Ilco was commenced on March 28, 2011, alleging that Simplex and Unican mechanical pushbutton locks were improperly designed and marketed because they could be opened with a magnet. The same source says a proposed Quebec settlement was reached on July 7, 2016.
Why Marc Tobias’s reporting still lands
Part of why this case stuck is the voice behind it. Marc Weber Tobias has long been one of the most recognized figures in the field, and his work has shaped how security people talk about compromise, accountability, and design mistakes. When he says a lock with a serious reputation can be opened in seconds with a magnet, the industry has to stop and look hard at what it has been assuming.
That is why the Kaba Simplex story keeps its value even now. It is not just a famous bypass, and it is not just an old headline. It is a clean warning that expensive hardware can still fail at the one point nobody expected, and once that happens, the only honest way forward is to test the design, not admire the brand.
This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.
Did this article answer your question?


