Physical location of smart key activators: A building security penetration test

Jan-Willem Bullee (Corresponding Author), L. Montoya, Marianne Junger, Pieter H. Hartel

Research output: Contribution to journalArticleAcademicpeer-review

1 Citation (Scopus)
38 Downloads (Pure)


When security managers choose to deploy a smart lock activation system, the number of units needed and their location needs to be established. This study aims to present the results of a penetration test involving smart locks in the context of building security. The authors investigated how the amount of effort an employee has to invest in complying with a security policy (i.e. walk from the office to the smart key activator) influences vulnerability. In particular, the attractiveness of a no-effort alternative (i.e. someone else walking from your office to the key activators to perform a task on your behalf) was evaluated. The contribution of this study relates to showing how experimental psychology can be used to determine the cost-benefit analysis (CBA) of physical building security measures.

Twenty-seven different “offenders” visited the offices of 116 employees. Using a script, each offender introduced a problem, provided a solution and asked the employee to hand over their office key.

A total of 58.6 per cent of the employees handed over their keys to a stranger; no difference was found between female and male employees. The likelihood of handing over the keys for employees close to a key activator was similar to that of those who were further away.

Research limitations/implications
The results suggest that installing additional key activators is not conducive to reducing the building’s security vulnerability associated with the handing over of keys to strangers.

No research seems to have investigated the distribution of smart key activators in the context of a physical penetration test. This research highlights the need to raise awareness of social engineering and of the vulnerabilities introduced via smart locks (and other smart systems).
Original languageEnglish
Pages (from-to)138-151
Number of pages14
JournalJournal of corporate real estate
Issue number2
Publication statusPublished - 1 Jan 2018


  • UT-Hybrid-D


Dive into the research topics of 'Physical location of smart key activators: A building security penetration test'. Together they form a unique fingerprint.

Cite this