The physical security of companies, hapert, making the digital safety is at stake, according to research by Dutch security firm LBVD. At the request of nineteen companies tried LBVD physically to penetrate and a router in the network to plug in.
In eighteen of the nineteen cases succeeded in that, suggests spokeswoman Sharon Mangkoewihardjo of LBVD opposite Tweakers. Researchers from the company dressed themselves, for example, as an inspector of the fire brigade, technician or remover. Then they were left alone and allowed them to the router with success places. Then he managed in three-quarters of the cases, to remotely via wi-fi to gain access to the internal network.
A security guard of one of the surveyed companies confirms that the company is successfully invaded. “We have the footage back and saw that someone in the parking lot had come through behind another car to drive,” said the employee. Then walked the researcher behind another employee, so that he access to the building. Thus excluded, he the entrance gates. In an empty office he installed the router and once back at the car park, he had access to the network. “He had no username and password, but if he had wanted, he was certainly come.”
The company being investigated, that does not want the company name or the industry in which the asset is known, had the researchers themselves asked to do the security testing. The company will take measures to prevent a recurrence. As a security measure introduced which is not just any other router in the network can be placed. “One hundred percent security does not exist, so you should always assume that there are strangers on your network,” said the guard. Social engineering remains a weakness. “People hold the door open for you when your hands are full.”
Also with other organizations, there were security measures, but that were in practice not well complied with. So there was an organisation in which to access each room will need a pass. When that organization was one of the meeting rooms, however, held open by a chair, giving the researcher the space could enter, and the router could connect.
Only one company smoke danger. Although the researcher managed to gain access to the building, he was unmasked when he went to router installation. Because the researchers in command of the companies themselves were doing research, there were no legal consequences.