Secure card access is usually expected to be, well, secure. One thing that I discovered (along with thousands of other people) was that any card could access ATM locations. By that I mean when you had to enter a “secured” lobby to use a bank machine. I’m not sure if this is still the case but, there was a time when any old card would work to open the door. AAA, Gas Card, hotel key cars would generally work. Well, here is an interesting article about a HIPAA compliance effort that involved a physical penetration of a target, a medical facility.
On the day we planned to get into the building, I decided to try the magnetic swipe system. In a worst-case scenario, I figured I could fumble my way in, acting as if my card had malfunctioned and asking an employee to open the door from the inside.
Without having an “official” magnetic access card to duplicate, I pulled every card with a magnetic stripe from my wallet, including my bank ATM card, a credit card, and a shopping card from a major grocery store. To my surprise, the first swipe from the shopping card opened the door.
The author, Steve Stasiukonis, goes on to detail the access and just how far you can get when you look like you belong. I do miss conducting those type of engagements.
[tags]Physical Security, Access Cards, Magnetic Locks, Physical Penetrations[/tags]