Access Prohibited: The Physical Security Tool Guide to Hacks, Cracks and Recon
e-book Author: Eric Michaud
Review by Tom Updegrove*
Where I grew up in Philadelphia, Pennsylvania, there was a gang known for their high end burglary jobs. They would travel up and down the east coast, breaking into homes of the wealthy and stealing their valuables, especially jewelery. I was never a part of the gang, but I shared an apartment with an ex member for a while and he showed me how to bypass most door locks using a credit card or using anything similar. The credit card worked because it was thin and could slide between the keep and latch of most doors. That was many years ago, but I use the technique at least once a month, either because I locked myself out, or a friend has been locked out of his house. As simple as the trick is it surprises most people as quick I can do it. Usually it takes less than 15 seconds. Of course if the dead bolt is on, it doesn’t work and if the card was installed correctly the anti-slip latch would prevent me from doing it. In most cases neither the dead bolt is on or the latch didn’t seat correctly and I can slip the lock. Although the credit card isn’t in “Access Prohibited’ the “Latch Loading” technique is along with a number of other “MacGyver” type tools. This E-book is written in a modern yet simplistic format, combining text and pictures which illustrate how each tool works.
The tools are mostly lock bypass oriented, but there is a general category of tools that should be in any tool box e.g. tape and a flashlight. In some ways, the book reminds me of “The Anarchist Cookbook”, which also gave very succinct instructions on lock picking and phone breaking along with bomb making instruction, but without illustrations. What makes “Access Prohibited” exceptional is the illustrations and how much fun it is to read. Each tool can be understood in the 5 minutes - it takes to read and view the illustrations. I found myself going “yeah! that would work”.
The author, Eric Michaud has a reputation for physical pentesting and he is a professional physical security advisor; an R&D, test and analysis expert, he has advised on physical security, lockpicking, and hackerspaces for over a decade. His opening paragraph is written in a narrative fashion comparing the Hollywood style “Dream Team” with the realities of physical pentesting. He pulls you in because we all can relate to and dream of being like James Bond. Opening locks and bypassing security effortlessly. He explains it like it is, that it takes time to open access and it is never like it is in the movies.
My favorite tool in the book is the “Under the Door Tool”. Basically he fashions a wire to go under a door and then angle up and hook on to a door latch, then pulling on a string loop to open the door. This is where the pictures come in to fuse the idea. I have never seen the tool, but I have used wire coat hangers for everything from fishing wires through the ceiling to getting into my car after I locked my key in it, so it was pretty cool the way he used it to open door handles in a totally blind way. It will take me some time to get the technique down, but I’m sure I’ll need to use the method in the near future.
Mr. Michaud states that the book is a complete compendium of hacks, cracks and physical bypasses used by the World’s top urban infiltrators. He calls it his black bag of physical pentesting tools. There are 26 tricks in the book, but this is not an encyclopedia of physical pentesting. There is more collections of his favorite tricks. Let’s face it, someone could write 26 pages on lock picks alone, the variations of lock types, rakes, key types and so on. So with only 35 pages in the book, I’d like to see more from Eric Michaud on the subject, especially in the same style.
The tools and techniques used in the book are as follows; (I reorganized them)
UNDER THE DOOR TOOL
ELEVATOR FIRE KEYS
PUSH TO EXIT BAR TOOL
CLAMSHELL KEY CLONE KIT
7 & 8 PIN TUBULAR PICK
BADGE COVERS AND LANYARDS
“Access Prohibited” is a fun and informative read and it got a couple of us thinking about ways to improve on the tools as well as how to better protect our homes and businesses by plugging the holes that these tolls exploit.
Buy the book form Rift Recon or on Amazon
Tom is an ITC expert in the Philadelphia/DC Metro area. He is CEO of Philadelphia based “Internetwork Service & Security” where he manages a number of business networks and provides advice for network design, work flow and performance optimization and security. He is also an EC Council certified trainer and conducts classes in Ethical Hacking in the Washington DC area. Tom has recently been featured in a video series along with partner Larry Greenblatt in the program they created “Cyber Kung Fu”. This has been released on Secure Ninja TV and it shows all of the concepts and tools that the Pro’s use for Pen Testing.
See SecureNinja TV Cyber Kung Fu on YouTube