Misstep 20: Keys to the John

Men's Bathroom Door

Still out in Boston (like last week), and we have another misstep. This time, I take you with me into the Men’s Room. But not too far, you see, because you don’t have to look too hard to see a potential misstep.

I call this a potential misstep because, without violating several laws, I cannot investigate whether or not this is the case. But it does lend to the discussion nonetheless.

The Masters of the SFIC and LFIC

See how there is the shape of an “8” around the keyway? This indicates that this lock has an interchangeable core. (SFIC = Small Format Interchangeable Core, LFIC = Large Format). These are used because it makes it much simpler to change the keying of a lock than removing a door knob, dead bolt, or rim lock — replacing it, and then later on disassembling the lock and re-pinning the core. With these types of locks, you can often use a specially cut key to simply extract the entire core from the lock, and place a new one into service.

Often times, these types of locks are used in “Master-Keyed” systems. Imagine for a moment that you live in an apartment:

The red box is the apartment building, the green box is the first floor, and the blue box is the second floor. Each of the yellow boxes are individual apartments:

A master key system allows the following:

  • Amy to get into her first floor apartment (#11)
  • Sue to get into her second floor apartment (#22)
  • Bob to get into his first floor apartment (#12)
  • James to get into his second floor apartment(#21)
  • First floor maintenance to open all doors on the first floor (apartments #11 and #12)
  • Second floor maintenance to open all doors on the second floor (apartments #21 and #22)
  • The building owner to open all doors (external doors to the building, maintenance closets, and all of the apartments).

The “Master key” system allows you to “pin” a lock in such a way where this is possible, without allowing people to go where they shouldn’t. Therefore, I’m in apartment #12 and I cannot go anywhere else — because I don’t have that key.

The Misstep?

Like our misstep last week, leaving a keyway easily exposed can lead to me replacing the lock with a keyway that will accept any key. In this case, I can take the lock off this door and bring it up to my hotel room and take the pins out. I can then create a series of keys which may allow me to derive the master key for your entire building (hotel, etc). Since it is impossible to quickly change all of the keys in your building that use this key, I can make the duplicate and quickly compromise a great deal of rooms.

The Solution?

Modern card reader solutions are much better alternatives to traditional based key systems. These allow the instant termination of credentials and reduce exposure from folks getting leaked photos of master keys (think new hires), or from compromised lock cylinders.

About Author

Robert Lerner

Leave a Reply

Your email address will not be published. Required fields are marked *