Security as A Frame of Mind

I was visiting my sister in SFO recently. She lives in this high-tech apartment building. It was beautifully engineered, honestly.

As I was asking the front desk lady to program the elevator up to the floor she lives on, a thought came to mind. The building itself was secure by design. Those with unauthorized access would have an extremely hard time trying to get to any floor or apartment that they shouldn’t have been in.

This thought probably came from reminiscing on one of the many Darknet Diaries podcasts that touch on the idea of physical penetration tests. It all boils down to: can you find a way into somewhere where you shouldn’t be?

Well, let’s walk through it. Here are some potential vulnerabilities to an apartment complex: thieves looking to steal packages, undesired guests, and homeless people. These were the first few that came to mind.

Every rent-paying tenant in that building has a keycard. To access any common area, elevator, or room – one needs a keycard.

Let’s say any one of these people shows up at the doorstep. The engineers who designed the system put into place a few safeguards that all rely on a physical tap key card.

Imagine the person is able to get in. Perhaps a kind person held the door open for them, or they looked normal and the building attendant buzzed them in. The person goes straight to where they see doors. All are locked with needing keycard access.

The next plausible step may be to find an elevator. These elevators do not have buttons in the traditional sense. Rather, a receptacle for one to tap their keycard. The sensor before one enters the elevator is meant to be tapped. Upon tapping, the sensor reads which floor one resides on and automatically calls one of the elevators to go up to that floor. The inside of the elevators have two buttons: “Door open” & “Door close” Even someone who may have hopped onto an already open elevator would have a difficult time getting to a specific floor.

Let’s say they are committed to getting to the floor. So much so that they commit to socially engineer the front desk person. They would realize that those on a guest list have to show physical identification. A simple name or floor number won’t get anyone very far. If they did successfully socially engineer the attendant – the temporary keycards granted only work for one time. After time expires, the card itself becomes useless. These systems ensure access to the floors in the building wouldn’t be easy for any common person.

The safety of all tenants is dramatically more guaranteed with the system they designed. From the physical structure to the programmed technology in the keycards, the apartment complex had a well thought out plan for how they would ensure security (with minimal personnel) and it works well.

This story doesn’t have any great conclusion. I was just in awe of the level of thoughtfulness that the engineers had. When one designs with safety in mind and practicality as a key ingredient, the outcome is something that is really beneficial for the intended users.

Give an engineer a task and any constraints. A thoughtful, driven one will give something back that may have never even existed before but works so well.