Big, expensive, digital lock defeated by an old credit card and a spring.

A few years back, a customer asked us to test their newly installed (and very expensive) surveillance and security system. The products promised them an automated system that was so secure they wouldn’t have to place a security guard there.

After some recon we discovered that while the entrance was guarded by a very secure keypad + access card combination lock, the inside had an automated “unlock” sensor so if anyone wanted to come out, the door would unlock from the inside. After some careful review of the pictures we took we found out that the top and bottom of the doors were not sealed tight against the floor, we could see a tiny bit of light from there (we took the pictures with a high resolution night capable camera). A plan was set in motion.

We arrived, we approached the door and we remove the piece of gear that would, hopefully, allow us to bypass the very secure lock: a old credit card.

We slid the old credit card under the door and… nothing.

After a few seconds we agreed that the sensor wasn’t picking the movement, maybe because we were too closed to the door and sensors usually “look” a bit farther out.

We retrieved another credit card and we tied it up to a piece of metal string (essentially several springs from the pens click mechanism tied together). We pushed the card under the door again, then carefully with push it farther with the metal string. And farther, and farther and… voila! The motion sensor detected movement “from the inside” and unlocked the door.

We were inside.

Big, expensive, digital lock defeated by an old credit card and a spring.

Presence, Persistence, and Pivoting

Another physical pentest