Access Control Exploits: Risky PIRs?

By: Brian Rhodes, Published on Dec 09, 2012

A panicked end user called us this week about a surprisingly simple way their access control system was compromised. After they shared the details, it became clear that almost any electronic access control system can be impacted. Even though the fix is simple, your systems may be at risk. In the note below, we share the details and the recommended solution.

The Target

The end user, who runs a series of food/coffee shops in urban locations, shared a recent event where a maglock secured door was inadvertently made to open after hours without any physical force, fake credentials, or tampering. Mechanical locks that should have kept the door secure after hours were not locked, and the door was open to anyone who pulled it.

With the door unsecured, unrestricted and unsupervised access into the building was possible. In this event, entry was only detected by a separate intrusion alarm system picking up on motion. Alarm sirens sounded, police were quickly dispatched to the scene, and the event was quickly controlled.

The customer immediately investigated the security failure, seeking to understand how the event was possible. Their findings were shocking in how simple the exploit was to carry out, and how a huge number of doors could be at risk regardless of which system controls it.

The Exploit

The event occurred in a large city where transients and homeless often take refuge in door stoops at night. In this event, a homeless individual was sleeping on a piece of cardboard just outside the controlled opening. This person was able to slide this cardboard under the door sweep, into the coffee shop. Because this door was being secured with a maglock, local AHJs required it have a 'request to exit' PIR mounted above the inside door frame, so the maglock releases in an emergency egress situation.

This PIR, which does not detect anything outside the door, was tripped by the body-temperature warmed piece of cardboard slid under the door. Due to the cardboard's contrast of heat and motion on the cold floor, the PIR sensor was tripped and released the maglock. This in turn left the door unsecured, and the homeless individual was able to enter the store unabated. The image below is a standard configuration of a maglock/RTE PIR:

rte pir

The root cause of the problem was not a malfunctioning RTE PIR - in fact, the device functioned exactly as it should have. The root cause was established to be two otherwise minor elements of the situation:

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

1. The door was not mechanically secured by a lock after hours, as closing procedures required. If the shop staff had simply locked the door as required, it would not have been unsecured during non-operating hours.

2. The bottom door sweep/threshold was not properly adjusted and permitted the cardboard to be inserted into a the gap. While it seems like a minor piece of weather-stripping, the bottom door sweep closes any gap and will prevent items like paper, cardboard, or other items from entering the secured area.

The Solution

The customer was advised, and quickly implemented a series of changes that prevent future issues. First, the bottom door sweeps were replaced and adjusted to prevent any gaps, and the access control system was reconfigured to turn-off the PIR RTE during unoccupied hours.

Because the door in question is not an employee entrance, an emergency exit, nor is the room it is associated with occupied during 'closed hours', simply turning off the RTE during overnight hours is not a problem and has been signed off by the local fire marshal. If required, the customer was prepared to install additional 'push button' emergency door releases to facilitate emergency exit.

The Lesson Learned

While the end user experienced no loss as a result of this event, it was operationally disruptive and could have been very costly. The cost to fix the issue turned out to be less than $50 in door accessories and less than 5 minutes of configuration changes to the access control system.

Despite the close call, the event serves as a reminder that big problems can be avoided with proper programming and hardware adjustment. Because this particular exploit could be used on any access control system, it is especially worth addressing before becoming an issue.

Comments : PRO Members only. Login. or Join.

Related Reports on Access Control

Access Control Course Fall 2019 - Save $50 Last Chance on Oct 14, 2019
Register Now - Fall 2019 Access Control Course. Save $50 through October 10th. Thursday, October 17th is the last day to register. IPVM offers...
HID Fingerprint Reader Tested on Oct 09, 2019
HID has released their first access reader to use Lumidigm optical sensors, that touts it 'works with anyone, anytime, anywhere'. We bought and...
Fail Safe vs. Fail Secure Tutorial on Oct 02, 2019
Few terms carry greater importance in access control than 'fail safe' and 'fail secure'. Access control professionals must know how these...
Access Control Mustering Guide on Sep 30, 2019
In emergencies, determining where employees are located can be critical for knowing whether they are in danger. Access systems can be used for...
Access Control Mantraps Guide on Sep 26, 2019
One of access's primary goals is keeping people out of places they should not be, but slipping through open doors (ie: Tailgating) is often...
Access Control Time & Attendance Guide on Sep 24, 2019
Access control systems can do more than lock doors. With little or no extra equipment, they can be used to track labor hours for employees...
Open Access Controller Guide (Axis, HID, Isonas, Mercury) on Sep 19, 2019
In the access control market, there are many software platforms, but only a few companies that make non-proprietary door controllers. Recently,...
Directory of 70 Video Surveillance Startups on Sep 18, 2019
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known. 2019...
Fingerprints for Access Control Guide on Sep 09, 2019
Users can lose badges, but they never misplace a finger, right? The most common biometric used in access are fingerprints, and it has become one...
Assa Acquires LifeSafety Power on Sep 04, 2019
Assa Abloy is acquiring LifeSafety Power, adding to their growing collection of access control brands like Mercury, August, Pioneer Doors, and...

Most Recent Industry Reports

Camera Focusing Tutorial on Oct 14, 2019
Camera focus is fundamental to quality imaging. Mistakes can significantly reduce details, making cameras less effective. In this guide, we...
"UL Has Blood On Their Hands" Alleges The Interceptor / Keith Jentoft on Oct 14, 2019
"UL has blood on their hands" alleges Keith Jentoft of "The Interceptor Project". We examined The Interceptor in-depth last year, see: The...
Access Control Course Fall 2019 - Save $50 Last Chance on Oct 14, 2019
Register Now - Fall 2019 Access Control Course. Save $50 through October 10th. Thursday, October 17th is the last day to register. IPVM offers...
Axis HD Analog Encoder Tested on Oct 11, 2019
Two years after declaring "Everything is IP", Axis has released their first HD analog encoder, the P7304, with support for AHD, CVI, TVI, and SD...
Dahua Celebrates PRC 70th Wearing Communist Party Hammer and Sickle on Oct 11, 2019
Dahua celebrated the PRC's 70th anniversary with a video of various Dahua employees wearing China Communist Party hammer and sickle pins as shown...
Last Chance - Register Now - October 2019 IP Networking Course on Oct 10, 2019
Last Chance - Register Now - Fall 2019 IP Networking Course. The course starts next week. This is the only networking course designed...
Network Optix NxWitness 4.0 Tested on Oct 10, 2019
Network Optix released Nx Witness 4.0, proclaiming new features like a deep learning analytics metadata SDK, increased H.265 support, and UX...
HID Fingerprint Reader Tested on Oct 09, 2019
HID has released their first access reader to use Lumidigm optical sensors, that touts it 'works with anyone, anytime, anywhere'. We bought and...
Hikvision And Dahua Sanctioned For Human Rights Abuses on Oct 07, 2019
In a groundbreaking move that will have drastic consequences across the video surveillance market, Dahua and Hikvision have been sanctioned by the...