ASG's Great Conversation Security Blog
Search ASG

Follow ASG

Don't Miss The Conversation - Follow The Great Conversation by email

Your email:

Latest Posts

Posts by Month

ASG's Security Solutions Blog

Current Articles | RSS Feed RSS Feed

What If Your Security Could Be Hacked With a Paperclip?

Posted on Fri, Aug 06, 2010
  
  
  
  
  
  
  

bent paper clipAt last Friday's DEF CON 18 convention in Las Vegas, Hackers, Crackers, Feds and Security Professionals gathered to share their secrets and check out some of the newest security technology - and learn how to bypass it. While DEF CON is primarily focused on network and information security, every year they feature a “lock hacking” team to run some of the latest technology through its paces.

Thanks to Wired Magazine, you can read about some of the results and watch demonstrations in video such as this one:

 

This video brings up an issue that we address all the time: your security is only as strong as your weakest link. Oh sure, biometrics is really cool and normally very secure, but if you pair it with a cheap, ineffective mechanical lock, you’ve just spent a lot of money for no security at all. If you’re not looking at security holistically, you’re bound to spend huge amounts of money and effort to secure the front door, while leaving the back door completely open.

Recently, we posted a report on how to begin a security solution by building a holistic business baseline titled 9 Critical Questions You Must Ask Before Implementing Your Next Security Solution. Once you’ve built a business baseline to help determine your needs, goals, and resources, the next step is to examine your potential security solution as a whole to determine any weaknesses or gaps that need to be filled or addressed.

But a new security solution isn’t the only thing that should be examined for weakness. Here’s an important question for you:  When was the last time you performed an analysis of your existing security solution and how effective it is? This doesn’t mean that you need to hire an outside company or an expensive analyst to do it (though those can be worth every penny). When was the last time you tested your system to be sure it works? When did you last audit for security vulnerabilities? Have you ever tried to hack your own system?

At the end of the day, where will the paperclip hack that undermines your security plan show up at your facility?

Tags: , , , ,

Comments

This is the most common of failures in security systems planning in my view. The vast majority of Electronic Access Control systems that are installed are using electromechanical locking devices (i.e. electric strikes, electrified cylindrical and mortise locks). These types of locks all include a key bypass. The problem is that the VAST majority are still using standard pin tumbler locking cylionders that can be easily bypassed through the use of a bump key or traditional picking methods. In one instance installed just this week we were contracted to install mag locks and touch sense bars on a pair of double doors leading into an area housing generators for emergency power at a very large server farm. These servers are the hub of information for a large manufacturing firm. The doors in question are thought to be the most secure in the entire company, employing a card-in card-out system as well as the usual compliment of door position sensors etc. The problem is they also had us install akeyswithc for override that had housed in it a lock cylinder with a standard Yale mortise cylinder, part of thiere massive masterkey system. With the $12,000.00+ they will have spent to secure this door I could easily open the doors by picking the lock and simulate a VALID ENTRY!! An $80 high security lock cylinder from Medeco, Mul-T-Lock or Assa would virtually eliminate this problem.
Posted @ Wednesday, August 11, 2010 11:34 PM by paul brandon
Comments have been closed for this article.