How I hacked a building with a can of coke
0x02 - Understanding the mindset of a hacker
The introduction
The following story is intended to outline a few different elements I've discovered in myself since receiving an ADHD diagnosis in late 2020 and reflecting on my life and childhood. I've long struggled to understand why I made some of the seemingly odd choices that I did in life, or why I struggled in certain areas of community and society that seemed to be so easy for others. Since my diagnosis, it has helped me to better understand so many strange things about myself and how my brain functions.
The prologue
For as long as I can remember from childhood, I have never seemed to process the world around me quite the same as many of my school peers. As I grew older and discovered computers, I found an incredible excitement in understanding how they worked, and how to troubleshoot them when they didn't. From the years of breaking my family computer over and over, I slowly began to build a basic process for how I approached problems and attempted to remove variables and find the answers I was searching for.
Eventually, I would being to describe some of this process to people as "the hacker mindset". As I got older and started finding like-minded individuals, I began to learn I was not so alone in this strange way of thinking. More and more of my coworkers seemed to share this way of seeing weaknesses, vulnerabilities, and risks in the environment around us. I slowly began to find my people in the hacker community.
I recounted to others how I could be standing in line at an unfamiliar building and my eyes would wander around to the walls and ceiling and start identifying physical security weaknesses. This was long before I knew the term Penetration Tester or that it was even a job function. I could never quite understand why I was so curious about how things worked and the ways that they could be exploited.
Maybe this was my mischievous side acting out when I was bored.
Maybe this was my as-yet-undiagnosed ADHD seeking a dopamine hit.
Maybe it was a glitch in the matrix.
Maybe I'm getting off-topic.
Oh, yeah! Let's hack a building with a can of Coke.
The story
One day after work, I was standing in the lobby of our building awaiting the arrival of a friend. Our building doors were automatically locked from the outside, requiring employees to badge in via a card reader. I had done this a hundred times without much thought. However, as was common to happen to me in a moment of boredom, my mind started to wander.
As I was standing there my brain began to ponder another one of my random observations and thoughts:
This door and the walls around it are pure glass floor-to-ceiling. The door bar is directly attached to the glass. When you pull from the outside, the door is latched by some mechanism and you cannot open it.
When operating the door from the inside of the building and attempting to exit, the door bar itself is not a mechanical lever and does not move to unlock the door. Yet, when you push the door bar, the entire door immediately swings open allowing you to leave.
How?
The analysis
My first thought was a motion sensor above the door. I looked up, but there was absolutely nothing there but glass.
My next thought was that there may be a floor sensor to detect weight or something that would indicate to the door that a person is present and the door should unlatch. The floor beneath me was pure tile and contained no sensors that I could see.
At this point, I grew more curious to determine the extent of when exactly the door latch would unlock. Perhaps this could lead me to my answer. I realized that every single time I had ever left, I always pushed the door bar itself. To further test, I decided that while standing directly in front of the door, I would try pushing on the glass itself. As I did this, the door shook but did not open.
Ah ha! I was getting somewhere. So now I knew that even while standing in the same spot that the door would normally open, it refused to if I pushed on the glass. This led me to the conclusion that the door bar itself, must be responsible for allowing me to leave. But as I previously said, the door bar does not move. It isn't mechanical. Well, the bar is made of metal, perhaps it is using capacitive touch to determine when human skin is touching it.
To test this new theory, I simply touched the metal bar and listened very quietly. click. Ah ha! If I touch the bar and then push on the glass, will it open? Success! What if I touch it while fully covering my finger with a thick cloth? Nothing happened... So, the bar itself is responsible for determining if a person is attempting to open the door through touch.
While my brain was undergoing this entire adventure of exploration, I was drinking a can of Coke. Having determined that a bare finger would trigger the latch to open and that a covered finger would not, I wondered if an aluminum can could trigger it.
So I touched it to the bar.
click
JACKPOT! I immediately drank the remaining contents of my beverage and began using my pocket knife to cut the can into a single long strip and proceeded outside. From the outside of the building, I proceeded to push the flat piece of the can through the gap in the doors and let the natural curl of the can reach around the doorframe and touch the metal bar.
click
I pulled the handle from the outside and walked into our "access-controlled office building" without having used my authorized badge.
And that is how you hack into a building with a Coke can and a little bit of curiosity.
The hack
Video summary for the visually impaired:
The video above shows an unidentified individual attempting to open a glass door from the outside by pulling on the handle. The door shakes but does not open. They then proceed to slip a thin piece of aluminum, cut from a coke can, between the gap in the doors and touch the metal handle on the inside of the door, engaging the unlock mechanism and they pull open the door from the outside.
The epilogue
You may be wondering, as a security professional, did I report this to the building management and help them ensure a safe and effective resolution was put in place to prevent an actual malicious attacker from accessing our building?
The day after I took the video I escalated things through my leadership and it was taken to the building management company. Weeks went by and nothing happened in the office. I wondered if they just simply didn't care.
One day as I came into the office I noticed that the large gap between the doors had been "filled" by a piece of rubber being attached to the side of each door. These rubber pieces did a great job of preventing the wind or rain from entering the door, but did absolutely zero against the Coke can or a more sophisticated tool.
In the end, nothing else was ever done beyond the rubber strips. Sadly, this is a very common occurrence. The problem identified was remediated in a manner that barely fixes any fundamental flaw and only (maybe) stops the specific attack reported, all while leaving the root cause wide open to many other variations of the attack.