Protect Yourself from the Under-the-Door Tool

Intro

How do you protect yourself from under-the-door attacks? And no, mouse traps won't work. This is something much more serious than your average vermin intrusion. I’m talking about bad guys–think Marv and Harry from Home Alone–gaining full access to everything inside your business locations by exploiting easily-fixable vulnerabilities in your door's configuration with an "Under-the-Door" tool . Consider this thing to be the keys to the castle (without the keys), the VIP pass (without the pass)… believe me, nothing is off limits!

What is the Under-The-Door Tool?

The Under-the-Door-Tool is designed to open lever handle doors from the outside via reaching under the door. It is comprised of two parts, a steel rod and a replaceable stainless-steel cable. While its design is very basic, it yields impressive results.

Often a result of the American Disabilities Act (ADA), most commercial building codes now require lever-style handles (vs. round knobs) to increase the usability of these doors for disabled persons. While there is nothing wrong with a handle per se, many doors are not properly configured in other areas around the handle and this is what the UtDT exploits. Primarily, this is the gap "under" the door. Oftentimes, doors are not custom built to the exact location they are installed in and some assumptions are made in the manufacturing process such as hinge placement, which directly affects floor clearance. This clearance has to account for different flooring options (concrete, hardwood, low-pile carpet, etc.) and thus the gap is often generous—allowing for exploitation.

There are three (3) steps to using the Under-the-Door-tool.
1. Insert tool under the door.
2. Work the tool over the latch.
3. Pull down on the cable to open the door.

Protecting yourself

Now that you're familiar with the Under-The-Door Tool, let's talk about how to prevent its use. Luckily, there are a few effective options. The first (best) option is to create a tight seal under the door. When you close the gap under the bottom of the door an attacker won't be able to insert the tool under the door to attempt the exploit in the first place. Commercial threshold guards are available for purchase, just ensure that if you screw the device to the door, the screws are not accessible on the insecure side of the door. During simulations, SEVN-X consultants have actually unscrewed these threshold protectors from the door and performed the attack. Use rivets or install from the secure side of the door. Alternatively, they make more advanced versions that integrate into the door that deploy when the door is closed. As a bonus this will also offer draft protection against losing cool air in the summer and hot air in the winter.

Another effective mitigation is the latch guard, which can be installed to prevent the UtDT from getting behind the lever and "hooking" it. This mitigation does not ensure protection but can certainly frustrate an attacker.

And in true hacker fashion, there are multiple "hacks" that can keep the tool from working as intended including wedging a towel in the handle itself.

Example of a door threshold guard

Wrapping It Up (Get It?)

Now that you know the details you have two choices: protect yourself or let Marv and Harry do some Christmas shopping inside your business. As much fun as booby trapping your office and running the bad guys through a gauntlet of painful obstacles sounds, it's much easier to make a few upgrades to your door to ensure that they won't be coming in this holiday season, or ever! Hopefully this post summarized the risks and preventative measures in an actionable way for you and your organization, but if not, please leave us a comment and let us know about your unique situation.

Previous
Previous

Changes to Google Search And What That Means For You

Next
Next

The New SEVN-X website is LIVE!!!