Physical Penetration Test Examples: Lock Bypassing

The third and final most common way an attacker will gain access to your organization is through Lock Bypassing. The most famous form of this would be lock picking, however, most modern locks are designed to make that very difficult. But there are other ways to get past a lock without necessarily picking it.


Here are some examples:

  1. In many organizations, the entrance is protected, however the exit just has a motion detector. A lot of the times, the motion sensor can be set off by shooting a can of compressed air into the crack of the door. If that doesn’t work, something can be waved under the door far enough to set off the motion detector.

  2. Sometimes the lock can be bypassed by inserting a credit card into the crack of the door, disengaging the latch. This can also be used in conjunction with a tailgating attack. A credit card can be taped to the inside of the door such that, when the door opens the credit card falls and covers the latch, preventing the door from locking.

  3. A third method, shown below, is using an under-the-door tool. If the gap in the bottom of the door is wide enough, the under-the door tool can be slipped under the door, and used to pull the handle from the inside, thereby bypassing the lock.

An under-the-door tool can be used to pull the handle on the inside of the door.

How to Protect Against Lock Bypass Attacks

First and foremost, all of the above mentioned attacks require a gap between the door and the frame. Therefore, the best way to prevent these types of attacks is to ensure none of the exterior doors have gaps wide enough to fit anything through. Additionally, ensure latches are covered and the entrances to your facility are protected with monitored video surveillance.

Look what we found in  the net