Access Control Exploits: Risky PIRs?

By: Brian Rhodes, Published on Dec 09, 2012

A panicked end user called us this week about a surprisingly simple way their access control system was compromised. After they shared the details, it became clear that almost any electronic access control system can be impacted. Even though the fix is simple, your systems may be at risk. In the note below, we share the details and the recommended solution.

The Target

The end user, who runs a series of food/coffee shops in urban locations, shared a recent event where a maglock secured door was inadvertently made to open after hours without any physical force, fake credentials, or tampering. Mechanical locks that should have kept the door secure after hours were not locked, and the door was open to anyone who pulled it.

With the door unsecured, unrestricted and unsupervised access into the building was possible. In this event, entry was only detected by a separate intrusion alarm system picking up on motion. Alarm sirens sounded, police were quickly dispatched to the scene, and the event was quickly controlled.

The customer immediately investigated the security failure, seeking to understand how the event was possible. Their findings were shocking in how simple the exploit was to carry out, and how a huge number of doors could be at risk regardless of which system controls it.

The Exploit

The event occurred in a large city where transients and homeless often take refuge in door stoops at night. In this event, a homeless individual was sleeping on a piece of cardboard just outside the controlled opening. This person was able to slide this cardboard under the door sweep, into the coffee shop. Because this door was being secured with a maglock, local AHJs required it have a 'request to exit' PIR mounted above the inside door frame, so the maglock releases in an emergency egress situation.

This PIR, which does not detect anything outside the door, was tripped by the body-temperature warmed piece of cardboard slid under the door. Due to the cardboard's contrast of heat and motion on the cold floor, the PIR sensor was tripped and released the maglock. This in turn left the door unsecured, and the homeless individual was able to enter the store unabated. The image below is a standard configuration of a maglock/RTE PIR:

rte pir

The root cause of the problem was not a malfunctioning RTE PIR - in fact, the device functioned exactly as it should have. The root cause was established to be two otherwise minor elements of the situation:

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

1. The door was not mechanically secured by a lock after hours, as closing procedures required. If the shop staff had simply locked the door as required, it would not have been unsecured during non-operating hours.

2. The bottom door sweep/threshold was not properly adjusted and permitted the cardboard to be inserted into a the gap. While it seems like a minor piece of weather-stripping, the bottom door sweep closes any gap and will prevent items like paper, cardboard, or other items from entering the secured area.

The Solution

The customer was advised, and quickly implemented a series of changes that prevent future issues. First, the bottom door sweeps were replaced and adjusted to prevent any gaps, and the access control system was reconfigured to turn-off the PIR RTE during unoccupied hours.

Because the door in question is not an employee entrance, an emergency exit, nor is the room it is associated with occupied during 'closed hours', simply turning off the RTE during overnight hours is not a problem and has been signed off by the local fire marshal. If required, the customer was prepared to install additional 'push button' emergency door releases to facilitate emergency exit.

The Lesson Learned

While the end user experienced no loss as a result of this event, it was operationally disruptive and could have been very costly. The cost to fix the issue turned out to be less than $50 in door accessories and less than 5 minutes of configuration changes to the access control system.

Despite the close call, the event serves as a reminder that big problems can be avoided with proper programming and hardware adjustment. Because this particular exploit could be used on any access control system, it is especially worth addressing before becoming an issue.

Comments : Members only. Login. or Join.

Related Reports

Add Door Operators To Fight Coronavirus on Mar 31, 2020
IPVM recommends that integrators advocate and end-users consider adding door...
Keypads For Access Control Tutorial on Jul 28, 2020
Keypad readers present huge risks to even the best access systems. If...
Forced Door Alarms For Access Control Tutorial on Aug 17, 2020
One of the most important access control alarms is also often ignored....
Use Access Control Logs To Constrain Coronavirus on Apr 09, 2020
Access control users have included capabilities that are not commonly used...
US GSA Explains NDAA 889 Part B Blacklisting on Jul 31, 2020
With the 'Blacklist Clause' going into effect August 13 that bans the US...
30 Million Criminal Face Database Tested (Captis Intelligence) on Apr 27, 2020
30 million criminal mugshots are now available for facial recognition...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
ADI Branch Burglary on Apr 03, 2020
A security systems distributor branch is an odd target for burglary but that...
Disruptive Free Lead Generation Added To IPVM on May 15, 2020
IPVM has added lead generation for sellers, for free, disrupting the...
Access Visitor Management Systems Guide on Jul 22, 2020
"Who are you, and why are you here?" Facilities that implement Visitor...
Hands-Free Bathroom Doors For Coronavirus Mitigation on Apr 10, 2020
Coronavirus has increased concerns about picking up germs, especially from...
Door Fundamentals For Access Control Guide on Aug 24, 2020
Doors vary greatly in how difficult and costly it is to add electronic access...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...
Convergint Coronavirus Cuts on Mar 25, 2020
One of the world's largest security integrators, Convergint, has made a major...
Exit Devices For Access Control Tutorial on Aug 25, 2020
Exit Devices, also called 'Panic Bars' or 'Crash Bars' are required by safety...

Recent Reports

IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Norway Ethics Councils Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
Today is your last chance to save $50 on registration for the Fall 2020 Video...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...
China Bems Temperature Measurement Terminal Tested on Sep 22, 2020
Guangzhou Bems (brand Benshi) is the manufacturer behind temperature...
Axis Exports To China Police Criticized By Amnesty International on Sep 21, 2020
Axis Communications and other EU surveillance providers are under fire from...
Milestone XProtect on AWS Tested on Sep 21, 2020
Milestone finally launched multiple cloud solutions in 2020, taking a...
Mobile Access Control Usage Statistics 2020 on Sep 21, 2020
Most smartphones can be used as access control credentials, but how...
Axis Compares Fever Camera Sellers to 9/11 on Sep 18, 2020
Axis Communications, the West's largest surveillance camera manufacturer, has...
Avigilon Elevated Temperature Detection Camera Tested on Sep 17, 2020
Avigilon has entered the temperature screening market with the release of...
Chilean Official Investigated for Motorola And Hikvision Contracts on Sep 17, 2020
A corruption investigation is underway in Chile after a crime prevention...
Huawei HiSilicon Production Shut Down on Sep 17, 2020
Huawei HiSilicon chips are no longer being manufactured or supplied to...
Virtual ISC West and GSX+ Exhibiting Contrasted on Sep 17, 2020
Both ISC West and ASIS GSX are going virtual this year, just weeks apart, but...