Pentester says he broke into datacenter via hidden route running behind toilets
Lock down your 'piss corridor' – or even better, don't have one at all
Many security breaches involve leaks, but not perhaps in the same way as one revealed by noted security consultant Andrew Tierney, who managed to gain unauthorized access to a datacenter via what he delightfully terms the "piss corridor."
Tierney, who works as a consultant for security services outfit Pen Test Partners, revealed in a Twitter thread how one of his more memorable exploits involved demonstrating that it was possible to gain physical access to the supposedly secure area of a datacenter via its toilets.
Posting a diagram to illustrate, Tierney showed that the unnamed facility had a separate bathroom area for the general office space and the secure area where the IT infrastructure is housed. However, the two toilet facilities were adjoined, and Tierney realized there was actually a shared access space for servicing the toilets that ran behind both sets of cubicles, which he christened the "piss corridor."
One of my favourite physical access jobs to a datacenter involved toilets.Let me explain.I needed to gain access from the less-secure side of a sub basement floor to the more-secure side. General office space to data centre. pic.twitter.com/5C4yXD1Yeq
— Cybergibbons (@cybergibbons) July 4, 2022
It turned out this access space could be reached through a concealed door in an accessible cubicle – a larger cubicle designed for wheelchair access – on either side of the secure/insecure divide. So that's exactly what Tierney did, entering the toilets on the general office space side and accessing the "piss corridor" via the accessible cubicle, exiting on the supposedly secure side the same way.
Tierney omits to mention whether the concealed doors were locked to prevent any curious toilet patrons from entering the access space, or whether he had to pick the locks to gain entry.
- Smart homes are hackable homes if not equipped with updated, supported tech
- Secure boot for UK electric car chargers isn't mandatory until 2023 – but why the delay?
- Pen Test Partners: Anyone could view Gumtree users' GPS location by pressing F12
- Infosec bods: After more than a year, Sky gets round to squashing hijacking bug in 6m home broadband routers
The only awkward moment might have come had the accessible cubicle on the secure side been occupied when Tierney opened the concealed door, and so he claims that he only did this after "*really* making sure there wasn't someone else in the other accessible cubicle."
Flushed with his success, Tierney noted that he had just managed to defeat the datacenter's security protection which involved mantrap entry gates where personnel had to "surrender all digital devices" upon entry. Even worse, the toilet layout was visible for all to see on public planning documents, meaning that anyone could have figured out how to bypass security.
The lesson for operators of secure facilities is take great care that you are not caught short with such obvious ways of bypassing physical security controls, and remember it is always about more than just IP access. ®
- Advanced persistent threat
- Black Hat
- Bug Bounty
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Remote Access Trojan
- RSA Conference
- Software defined data center
- Trusted Platform Module
- Zero trust