Physical location of smart key activators: A building security penetration test

Jan-Willem Bullee (Corresponding Author), L. Montoya, Marianne Junger, Pieter H. Hartel

Research output: Contribution to journalArticleAcademicpeer-review

1 Citation (Scopus)
57 Downloads (Pure)

Abstract

Purpose
When security managers choose to deploy a smart lock activation system, the number of units needed and their location needs to be established. This study aims to present the results of a penetration test involving smart locks in the context of building security. The authors investigated how the amount of effort an employee has to invest in complying with a security policy (i.e. walk from the office to the smart key activator) influences vulnerability. In particular, the attractiveness of a no-effort alternative (i.e. someone else walking from your office to the key activators to perform a task on your behalf) was evaluated. The contribution of this study relates to showing how experimental psychology can be used to determine the cost-benefit analysis (CBA) of physical building security measures.

Design/methodology/approach
Twenty-seven different “offenders” visited the offices of 116 employees. Using a script, each offender introduced a problem, provided a solution and asked the employee to hand over their office key.

Findings
A total of 58.6 per cent of the employees handed over their keys to a stranger; no difference was found between female and male employees. The likelihood of handing over the keys for employees close to a key activator was similar to that of those who were further away.

Research limitations/implications
The results suggest that installing additional key activators is not conducive to reducing the building’s security vulnerability associated with the handing over of keys to strangers.

Originality/value
No research seems to have investigated the distribution of smart key activators in the context of a physical penetration test. This research highlights the need to raise awareness of social engineering and of the vulnerabilities introduced via smart locks (and other smart systems).
Original languageEnglish
Pages (from-to)138-151
Number of pages14
JournalJournal of corporate real estate
Volume20
Issue number2
DOIs
Publication statusPublished - 1 Jan 2018

Keywords

  • UT-Hybrid-D

Fingerprint

Dive into the research topics of 'Physical location of smart key activators: A building security penetration test'. Together they form a unique fingerprint.

Cite this