• newfweiler (cs)

    The dreaded yardstick injection attack.

  • Jake (unregistered)

    This is probably First National Bank in Omaha, NE.

  • shrimpmike (unregistered)

    Nah, I think you shouldn't be complaining. The story is entertaining whatsoever. As far as I know, you are not forced to follow uninteresting blogs (which is good, as that would stop everyone in the industry working). I highly respect Alex for finding entertaining stories five times a week - that's much, much more any other blog or most of tv-shows manage to do.

  • fluffy777 (cs)

    I like how the focus of the picture is on the bathroom.

  • 4tehwin!!! (unregistered) in reply to newfweiler

    newfweiler:
    The dreaded yardstick injection attack.

     

    i lol'd

  • gsmalleus (cs)

    You would think that the company that makes these secure doors would have done a bit more testing and had a better design for their doors.

  • Jeronimo (unregistered)

    This problem is more common than you might think...

    At a mid sized bank I worked at recently in the past, they didn't have cool star-trek doors, but did have RFID or something similar to get in, and a sensor to get out.  If you were outside the door, took a peice of paper, slid it under the door and blew on it a little, it would float out into the sensor's range and open the door up for you.

    So much for all the SOX regulations when physical security is this weak.

     

  • Devilfish (unregistered)

    You know, this is right the kind of building where computers enter a Hofstadter-Moebius loop, seal all the doors and start killing the occupants one by one in ironic ways. I'd keep the yardsticks as an emergency measure.

  • wyz (unregistered) in reply to Devilfish

    The "yardstick injection attack" probably still can open the doors. If this is like most buildings, just reach over the wall through the false ceiling panels.

    WTF 2 - The home page ad for "XDrive - A Service of AOL. SAFE and Secure." Given their record of spyware and not playing by the rules, who in their right mind would trust AOL to store any data!

  • Brad (unregistered)

    If the building had been built using metric measurements, then clearly a yardstick would have utterly failed to defeat the security.

  • shambo (cs) in reply to Devilfish

    I did the same thing at the last companies highly secure server room.  They even fixed it with a hastily cut piece of wood.

  • many moons ago (unregistered) in reply to wyz
    Anonymous:

    The "yardstick injection attack" probably still can open the doors. If this is like most buildings, just reach over the wall through the false ceiling panels.

    WTF 2 - The home page ad for "XDrive - A Service of AOL. SAFE and Secure." Given their record of spyware and not playing by the rules, who in their right mind would trust AOL to store any data!

    nah - there is nothing but vaccuum above those panels - remove one and you get sucked up, through the empty space, and get ejected (ejaculated?) out the side of the building, preferably off the roof.

  • sparked (cs)
    Alex Papadimoulis:

    Upon entering a secure area (that is, anywhere except the lobby), one simply waved his RFID-enabled access card across the sensor and the doors slid open almost instantly. When leaving an area, motion detectors automatically opened up the doors.

     
     I knew exactly how this would end after reading that line. Anyone else at HOPE in 2002? A security consultant on one panel there mentioned startling a number of CEO's by greeting them from behind their own desk during using this trick. "They call me unprofessional", he said.
  • Gerbil (unregistered) in reply to sparked

    You would have hoped that the door would have a lip or ran on a runner or something which would close the gap the ground (or at least put that in rather than replace all of the doors)

  • Zorro (unregistered)

    Considering the quality of the motion detector on our paper towel dispenser, I wouldn't use one to secure a pizza pop.

  • Otto (cs)

    What brain dead company actually sells "secure" doors with motion detectors on them?

    All secure doors I've seen/used work in one of two ways. Either you need the ID to go in *and* out, or there's a button on the secure side that will allow the door to open for exiting, but which is physically distant (couple yards) from the door itself (making it difficult to push the button from the wrong side of the door). Alternatively, I have seen normal "push the bar in the middle" doors rigged to be secure by having the bar itself function as that button for exiting. The bar is difficult to "push" from the wrong side of the door.

     

  • Corporate Cog (unregistered) in reply to sparked

    sparked:

    Anyone else at HOPE in 2002?

    Don't suppose we could get a url / pic?
     

  • jtwine (cs)

    I once found myself on the wrong side of a secure door at a previous job without my badge (badge was on my desk) during an all-nighter.  I was able to find a ruler and sheets of paper in an unsecured office and tried pushing them through the space between the door trying to trigger the RTE (Request To Exit) sensor.

    This did not work for me because the RTE sensor was a PIR (Passive InfraRed) sensor.  PIRs tend to be tuned to the particular infrared wavelength of the target, in this case a human.  That is why I was unable to trip the sensor using the paper or ruler, and had to get security to get me back in (an hour or two later).

    It sounds like this kind of thing would be more likely to work with radar/sonar/microwave based sensors.  I usually only see PIR sensors at the workplace, and sonar/microwave at Target.  With that in mind, has this kind of thing been confirmed recently?

    Peace!

  • bob the dingo (cs) in reply to jtwine

    yet another fine example of champagne exposing security holes...

  • Dale Williams (unregistered) in reply to Brad
    Anonymous:

    If the building had been built using metric measurements, then clearly a yardstick would have utterly failed to defeat the security.

    That's when you just flip the stick OVER to the metric side and perform the MIA (Metric Injection Attack).

    DaleWill 

  • Dazed (unregistered) in reply to Otto
    Otto:

    What brain dead company actually sells "secure" doors with motion detectors on them?

    All secure doors I've seen/used work in one of two ways. Either you need the ID to go in *and* out, or there's a button on the secure side that will allow the door to open for exiting, but which is physically distant (couple yards) from the door itself (making it difficult to push the button from the wrong side of the door).

    Indeed. The morons seem to get everywhere.

    Of course if real security is needed you have single-person airlocks under the nose of a security guard, and that's what the bank I've worked at recently has. What you describe is probably just about good enough for many organisations, but I'd have thought that a bank headquarters needed more, at least for the more sensitive departments.

    I love the "yardstick injection attack" though.

  • fly2 (unregistered)

    the 'security' door at a company I once worked for had the nice feature that the motion sensor from the inside would see motions on the outside of the glas door and would thus open the door if you waved your hand near the (outside) top of the door...

     

    Otto:

    What brain dead company actually sells "secure" doors with motion detectors on them?

     

    I think the ideas was, that visitors could leave without needing someone to open the door for them and also possible fire regulations, Mind you, this was not a high security area, just a normal office building and just one of 4 doors, the other 3 requiring a key or the receptionist opening the door for you

  • anon (unregistered)

    What is a yardstick?  I've only heard the word used in a metaphorical sense before.

  • Steamer2k (unregistered)
    Alex Papadimoulis:

     The only thing that was missing was the cool "whoosh" noise and an access panel that could be shot with a phaser to permanently seal or, depending on the plot, automatically open the door.

    :D That's jolly.

  • sdfgsegge (unregistered) in reply to anon

    At the new Alberta Children's Hospital in Calgary, Alberta, Canada, they installed doors that require you to open them with your hands.  That works beautifully with doctors having to wash their hands in the prep room and then use those same hands to open the doors to the OR.  Whee!!  The best part was that no one noticed until the day before the hospital opened.

  • Compulsion (unregistered) in reply to gsmalleus

    gsmalleus:
    You would think that the company that makes these secure doors would have done a bit more testing and had a better design for their doors.

     

    You must be new here :) 

  • GrandmasterB (cs) in reply to anon

    Anonymous:
    What is a yardstick?  I've only heard the word used in a metaphorical sense before.

    Its basically a 3 foot long measuring stick (approx a meter long).   Type 'folding yardstick' into google images for a picture.

  • Pool's Closed (unregistered)

    I think the real wtf here is that i have aids AMIRITE PPL?????

  • sir_flexalot (cs)

    most of those motion detectors are smart and dont' see a white piece of paper slid under the door, but try it with a black piece of paper, i.e. construction paper, and "open sesame!"

  • BitTwiddler (cs) in reply to fluffy777

    fluffy777:
    I like how the focus of the picture is on the bathroom.

     ...while we're on the subject, have you ever noticed that the "emergency exit plan" maps are detailed down to the level of showing which way the stall doors open? As if you're going to run out into the elevator lobby with your pants down around your ankles and your hair on fire, to check whether the stall door swings in or out, left or right?

  • Olddog (unregistered) in reply to bob the dingo

    bob the dingo:
    yet another fine example of champagne exposing security holes...

    Actually, The "Champagne Test" sounds quite effective. Get everyone liquored-up, then let-em do what they normally wouldn't do. Sounds like a good way to find the obscure bugs in the system.

    In this case I would have to applaud the Bank Officials for having the foresight to supply the booze. It worked. Some un-inhibited individual found a way in.

  • dustin (unregistered)

    wtf.

     Why is a bank handing out yardsticks? Shouldn't they be handing out something people that work at a bank can actually use like pencils and pens?

     captcha: tps

  • GoatCheez (cs)

    So the WTF is that there was an unforseen security hole that was caught in time and fixed? WTF?

     

    Of course.... did they ever try sliding underneath? 

  • PeaceOut (unregistered) in reply to jtwine

    You are right, but they needed to take it a step further.  They needed "dual tech" motion detectors that couple PIR and a zoned motion detector.  That way the door would only open when an infra-red radiation source (body heat) and human sized object moving (in order to trip two of the zones at a time, this was designed to stop false alarms caused by rodents).  Draw backs would be 3 times the cost.  Of course, I doubt it was as expensive as re-fitting all of those doors, what a mess up.

  • Olddog (unregistered) in reply to BitTwiddler
    BitTwiddler:

    fluffy777:
    I like how the focus of the picture is on the bathroom.

     ...while we're on the subject, have you ever noticed that the "emergency exit plan" maps are detailed down to the level of showing which way the stall doors open? As if you're going to run out into the elevator lobby with your pants down around your ankles and your hair on fire, to check whether the stall door swings in or out, left or right?

    I like the Mount Blanc pen.  I signals authority and approval. As if some executive has gone over the bathroom plans, and has finally signed off, after much deliberation.

  • m0ffx (cs) in reply to PeaceOut

    It sounds like all they had to do was screw a steel plated onto the doors to cover that gap. A bit of a bodge, but possibly useful anyway since even if the yardstick injection attack hadn't worked, the crowbar injection attack may have leveraged a vulnerability.

    Your idea likely would be more expensive. However, it has the advantage of giving you rodent-detecting capabilities, which could be linked to a system that automagically dispenses rat poison in suitable places.
     

    I would have been inclined to think the rfid should have been needed for getting out also though. That way anyone who's gained unauthorised entry to, e.g. by tailing someone, also has to do the same to get out, and is thus more likely to get caught.

     

  • Harry (unregistered) in reply to Olddog
    Anonymous:

    Get everyone liquored-up, then let-em do what they normally wouldn't do.

    Candy is dandy but liqour is quicker.

     

     

     

  • Uncoolperson (cs) in reply to BitTwiddler
    BitTwiddler:

    fluffy777:
    I like how the focus of the picture is on the bathroom.

     ...while we're on the subject, have you ever noticed that the "emergency exit plan" maps are detailed down to the level of showing which way the stall doors open? As if you're going to run out into the elevator lobby with your pants down around your ankles and your hair on fire, to check whether the stall door swings in or out, left or right?

     you have a better way to represent a door?

     

  • Volmarias (cs) in reply to BitTwiddler
    BitTwiddler:

    fluffy777:
    I like how the focus of the picture is on the bathroom.

    ...while we're on the subject, have you ever noticed that the "emergency exit plan" maps are detailed down to the level of showing which way the stall doors open?



    yes, The Real Wtf (tm) here is clearly that the architect's blueprints aren't discarded in favor of a "less silly" drawing of the exits.

    Honestly, this is like hearing someone complain about how much influence immigrants have on the country, because assembly instructions aren't just in English. I now cower in fear before the thought of the German speaking Pennsylvania Dutch population explosion. We shall all be forced to ride buggies, and wear clothing centuries out of fashion! Oh, the humanity!

    BitTwiddler:
    As if you're going to run out into the elevator lobby with your pants down around your ankles and your hair on fire, to check whether the stall door swings in or out, left or right?


    Chick-a-bow-wow, do we have the same fetish? Oh Yeah!

    ( Also, why the R)*!&%()!*&@$ do these forums insist in popping in  's instead of spaces? It screws up my formatting! )
  • SeeJay (unregistered) in reply to dustin

    I work for a bank and our latest gift was a Swiss army knife with the bank logo engraved on it.  Giggidy.

  • ranthoron (cs) in reply to jtwine
    jtwine:

    I once found myself on the wrong side of a secure door at a previous job without my badge (badge was on my desk) during an all-nighter.  I was able to find a ruler and sheets of paper in an unsecured office and tried pushing them through the space between the door trying to trigger the RTE (Request To Exit) sensor.

    This did not work for me because the RTE sensor was a PIR (Passive InfraRed) sensor.  PIRs tend to be tuned to the particular infrared wavelength of the target, in this case a human.  That is why I was unable to trip the sensor using the paper or ruler, and had to get security to get me back in (an hour or two later).

     You didn't have a match or lighter ready?
     

  • Zylon (unregistered) in reply to GrandmasterB

    For the life of me, I can't figure out why you described a yardstick as "approx a meter" in length instead of "exactly one yard".

  • Martin (unregistered) in reply to m0ffx

    There seems to be an assumption that the door was opened because there is motion detection on the far side to allow easy exits.  I doubt that is the case.  I am pretty sure the problem is that, just as in elevators, they don't want the doors shutting on someone, trapping a leg or other part of the body.  So the "yardstick injection attack" simulated someone trapped inside the door.

     Even with a metal plate covering direct access by folding yardsticks, I suspect it will still be vulnerable to someone slipping a dollar bill in from the side, which could be made to make a right angle turn and proceed into the detection stream.
     

  • Zylon (unregistered) in reply to GrandmasterB

    Whoops, that was supposed to be in response to this: 

     

    GrandmasterB:

    Anonymous:
    What is a yardstick?  I've only heard the word used in a metaphorical sense before.

    Its basically a 3 foot long measuring stick (approx a meter long).   Type 'folding yardstick' into google images for a picture.

  • Martin (unregistered) in reply to Volmarias
    Comment held for moderation.
  • steve (unregistered)

    and the WTF is ???

    Sounds just like windows level security to me.

  • Dazed (unregistered) in reply to Zylon
    Anonymous:
    For the life of me, I can't figure out why you described a yardstick as "approx a meter" in length instead of "exactly one yard".

    Maybe because most people in 95% of the countries in the world wouldn't know what a yard is? Whereas most people in 99% of the countries of the world would know what a metre is?

    I never cease to be amazed how parochial some people are.

  • Martin (unregistered) in reply to Otto
    Otto:

    What brain dead company actually sells "secure" doors with motion detectors on them?

    All secure doors I've seen/used work in one of two ways. Either you need the ID to go in *and* out, or there's a button on the secure side that will allow the door to open for exiting, but which is physically distant (couple yards) from the door itself (making it difficult to push the button from the wrong side of the door). Alternatively, I have seen normal "push the bar in the middle" doors rigged to be secure by having the bar itself function as that button for exiting. The bar is difficult to "push" from the wrong side of the door.

    Shortly before I got to my current job they switched from button/badge to get in and out to a bar that function as the button. But they were these newfangled bars that shoot a light across the bar to serve as a virtual push button. A coworker took a piece of paper, bent it so it would break the beam, insertted it between the doors to break the beam and gain entry. The next day they were similiarly fixed. . .

     ** Martin

     

  • RevMike (cs) in reply to PeaceOut

    Anonymous:
    You are right, but they needed to take it a step further.  They needed "dual tech" motion detectors that couple PIR and a zoned motion detector.  That way the door would only open when an infra-red radiation source (body heat) and human sized object moving (in order to trip two of the zones at a time, this was designed to stop false alarms caused by rodents).  Draw backs would be 3 times the cost.  Of course, I doubt it was as expensive as re-fitting all of those doors, what a mess up.

     It sounds good, but it is even more difficult to get a system like that which passes safety regulations.  Ever since the Triangle Shirtwaist Factory Fire http://en.wikipedia.org/wiki/Triangle_Shirtwaist_Factory_fire in 1911, there have been lots of regulations about appropriate emergency exits.  Essentially no one other than prisons are going to create a set of positive barriers to egress that might not be easily overcome in case of an emergency.  In all likelihood, the sliding doors would, if pushed moderately hard, swing open.
     

  • CynicalTyler (unregistered) in reply to jtwine
    jtwine:
    I once found myself on the wrong side of a secure door at a previous job without my badge (badge was on my desk) during an all-nighter.  I was able to find a ruler and sheets of paper in an unsecured office and tried pushing them through the space between the door trying to trigger the RTE (Request To Exit) sensor.

    This did not work for me because the RTE sensor was a PIR (Passive InfraRed) sensor.  PIRs tend to be tuned to the particular infrared wavelength of the target, in this case a human.  That is why I was unable to trip the sensor using the paper or ruler, and had to get security to get me back in (an hour or two later).

    Then what you're supposed to do is heat an unsecured pot of coffee to 98 degrees F and spray it under the door via straw.
     

Leave a comment on “Insecurity Doors”

Log In or post as a guest

Replying to comment #:

« Return to Article