Re: Abus 72/40 Padlock Bypass
decsec wrote:I assume that Kryptonite was the only company that changed the locks for free (correct me if I'm wrong)
ABUS had a problem with their bicycle locks (their 48 and 4800 series) about five years ago, and replaced them all for free. AXA had a similar problem with their bicycle locks (but a model that had been out of production for 2+ years at the time the vulnerability was discovered) and they offered a 50% discount on replacement locks. Onity has been sending out replacent kits for their vulnerable hotel locks after the exploit was announced late last year. There wasn't a recall, but there was some good dialog between Medeco and the locksport community around the time that Marc Tobias started publishing his exploits. ABUS made some product changes in response to Jaako's ABUS Plus pick. My understanding is that Cyberlock made a few component changes after bumping issues were reported to them last year. I'm sure there must have been a few other full-on product recalls and other positive changes for consumers in the past few years that I just can't think of at the moment.
This sort of interaction between lockpicking hobiests and manufacturers has actually had a reasonable track record the past few years -- and folks like Stanton Concepts and Commando Lock have clearly seen the benefit, as they're actively reaching out for people to evaluate their products for suggestions on how they can be improved.
Anyhow, I do absolutely agree with your sentiment that companies should be rewarding people's work in bringing these issues forward in a constructive way... but, "security bounties" aside, many manufacturers (ABUS included) have actually responded in fairly cooperative terms lately.