top of page

Public Spaces - Physical Security and Information Security Views

In a recent discussion with colleagues from diverse security backgrounds, blending information security and physical security perspectives shed light on the intricate nature of public space security. Each viewpoint offered valuable insights, highlighting the significance of addressing both digital and physical threats to protect public areas effectively.

In examining public space security, the focus is typically on conventional checklist items. This includes essential measures such as network encryption, access control systems, and surveillance cameras. However, transcending the checklist is crucial. Blue teams emphasize the value of threat modeling, where potential vulnerabilities are identified and assessed based on their likelihood and impact. From cyber threats like network breaches to sophisticated social engineering tactics, the digital realm poses diverse challenges to public space security.

The reality is public spaces can take on a more ephemeral quality for the information security teams. While they are often perceived as areas where the public interacts with corporate resources, the reality is far more nuanced. Common examples include conference rooms, huddle rooms, and meeting spaces, anywhere external parties may attempt to physically connect to the organizational network. However, access to these spaces is typically restricted through measures like port security, which binds known or "good" MAC addresses to network switch ports.

  • A common starting point for network penetration involves flipping a device over to locate the label displaying its hardware MAC address. Once identified, this MAC address can be cloned to your laptop using tools like mac-changer to disguise the device's identity. Another approach is to passively monitor network traffic using a tap, allowing adversaries to gather valuable insights into network activity without alerting the target to their presence.

One particularly contentious public space in the realm of information security is wireless networks. Regardless of how diligently one manages signal strength, a wireless network inherently remains public. The signals emitted cannot be contained within the confines of an environment, making it trivial for anyone to analyze them. For 2.4GHz/5GHz wireless networks, depending on their deployment, extracting authentication information, impersonating networks, or denying access can be relatively straightforward tasks.

  • When attacking 802.11 targets, our standard "arsenal" is an Ubuntu laptop, the aircrack-ng suite of tools and two Afla AC1200 using 9dbi omni-directional antenna.

Moreover, the realm of mobile devices is frequently underestimated in public space security considerations. Phones, tablets, and laptops that accompany employees in their daily movements present a dual challenge. Firstly, these devices are constantly seeking to reconnect to familiar networks, including corporate networks, employee home networks, and any other saved networks such as those encountered during travel (e.g., airport lounges, hotels). This persistent behavior creates vulnerabilities that can be exploited, posing risks not only to the devices themselves but also to the security of the employee's home wireless networks. Secondly, the ongoing transmission of identification data associated with these devices raises substantial privacy concerns.

Need a vulnerability assessment or penetration test performed - contact us today!

Interested in attending training on the topic - contact us today to enroll in a class!

Passively gathering IMSI, IMEA, and Bluetooth information allows for the perpetual tracking of employee phones, regardless of their location, with the correct tools, of course.

  • Look at the TinySA, hackRF, and Portapack in these areas if you’re looking to better understand the vulnerabilities.

It's a common misconception perpetuated by Hollywood that simply removing the SIM card from a mobile device erases its digital footprint. However, in reality, the IMSI (International Mobile Subscriber Identity) and IMEI (International Mobile Equipment Identity) remain unchanged. Even if you replace the SIM card and power the device back on, it promptly registers with cellular networks using its unique hardware identifier.

This persistence of identifying information poses significant implications for privacy and security. With the IMSI and IMEI intact, malicious actors equipped with the right tools can perpetually track the device's movements and activities. This tracking extends beyond mere location monitoring; it opens avenues for potential exploitation, such as unauthorized access attempts or targeted surveillance.

  • If you are truly seeking to "go dark" or remain anonymous, stop using a cell phone.

The ability to establish a line of bearing (LOB) based on the device's hardware identifier adds another layer of vulnerability. For individuals seeking to evade surveillance or maintain anonymity, this feature poses a considerable challenge. Even with measures like changing SIM cards or switching networks, the underlying hardware signature remains a persistent beacon, enabling determined parties to track and monitor the device's activities.

Need a vulnerability assessment or penetration test performed - contact us today!

Interested in attending training on the topic - contact us today to enroll in a class!

Attacking the mobile devices directly opens avenues for malicious actors to coerce them into authenticating to a spoofed network mimicking either the corporate or home network. Once authentication information is extracted and passwords are cracked, access to the home network, or potentially even the corporate network, becomes attainable. Subsequently, leveraging this access to infiltrate the corporate target environment becomes a plausible scenario.

The attention shifts when attacking physical security - common elements such as perimeter fencing, security personnel, and surveillance systems form the backbone of physical security measures in public spaces. Real-world case studies serve as stark reminders of the critical role physical security plays in preventing unauthorized access and mitigating potential threats.

When discussing physical security and public spaces, the location often dictates several potential vectors of concern. The immediate areas that come to mind for most facilities’ security personnel are waiting areas, shared conference rooms, and loading zones.

However, for remote smaller branch offices located in shared public spaces with other businesses, a multitude of threats emerges. These include shared "private" employee entrance spaces, shared walls and ceiling spaces, along with public entryways that cannot be adequately protected cheaply or without impacting the "curb-appeal" of the location.

These public spaces face a myriad of threats, including piggybacking, which unfortunately remains prevalent.

  • Despite its preventability, executive management often eschews implementing controls and relies on badges and CCTV instead.

The most common attack vector in shared spaces is badge cloning. Depending on the badge controls and the facility's location, the likelihood of this being leveraged varies. Malicious parties may gather targeted badge data in shared spaces, posing a significant threat. They may even follow key employees as they leave the campus or wait outside their homes to gather badging data upon their return.

  • For duplicating RFID badges, I highly recommend relying on the proxmark3 and the I-Copy XS as your go-to tools. These devices offer reliable performance and versatility in cloning RFID credentials, ensuring efficient replication for various access control systems.

While Hollywood often glamorizes lock picking as a swift endeavor, the reality is more nuanced. Attacking the locking mechanisms or electronic access control systems proves to be more effective.

Need a vulnerability assessment or penetration test performed - contact us today!

Interested in attending training on the topic - contact us today to enroll in a class!

When it comes to forcible entry equipment, selecting reliable vendors is paramount. Covert Instruments, ITS Tactical, Zero-day Gear, and MOTIS Fire and Rescue stand out as top choices in the field. These companies offer a range of high-quality tools and gear designed to aid in forced entry situations. Whether it's lock picking tools, padlock bypass equipment, or specialized entry kits, these vendors consistently deliver products.

  • For a starter kit, I would recommend the Southord PXS-14, bump keys, padlock bypass tools, a shove knife, a Loid entry tool, at least one inflation bags, and a J-tool. I find these are out most commonly employed .

When aiming to bolster security against such tools, it's essential to implement robust measures. Opt for high-quality locks – aim for ANSI Grade 1 or equivalent standards. These locks are rigorously tested for durability and resistance to tampering, providing a solid foundation for your security system. Utilize deadbolts whenever possible. Deadbolts offer an additional layer of security by providing a sturdy bolt that extends deep into the door frame, making it more difficult for intruders to force entry. Install anti-pry strips on public-facing doors to deter unauthorized access attempts. These strips reinforce the door frame and prevent attackers from leveraging tools to pry the door open, enhancing overall security. Consider implementing push-button releases on external perimeter doors, particularly in public spaces. Push-button releases offer a convenient yet secure means of exiting a building while still maintaining effective perimeter security. Additionally, removing egress motion sensor door unlocks can prevent unauthorized access attempts, further enhancing security measures. By adhering to these recommendations, you can significantly enhance your facility's resistance against intrusion attempts and bolster its overall security posture.

By integrating insights from both digital and physical security realms, a comprehensive understanding of potential threats emerges. This collaborative approach allows for the identification of vulnerabilities across multiple layers of defense, enabling organizations to develop robust security strategies that adapt to evolving threats.

Moreover, the synergy between information security and physical security highlights the interconnectedness of these domains. A breach in one area can often lead to vulnerabilities in another, emphasizing the importance of a unified security posture. By fostering collaboration between security teams and leveraging the strengths of each discipline, organizations can create a more resilient security framework that better protects assets, data, and individuals within public spaces.

Ultimately, public space security is not a one-size-fits-all endeavor. It requires a nuanced understanding of the unique challenges and risks inherent in different environments. By adopting a proactive mindset and staying abreast of emerging threats and technologies, organizations can stay ahead of adversaries and safeguard the integrity of public spaces for the benefit of all stakeholders. Through collaboration, innovation, and vigilance, we can build a future where public spaces are protected from the diverse array of threats they face.

22 views0 comments


bottom of page