Feeds

BOFH: Fun with automatic doors

If it can recognise the Boss...

  • alert
  • submit to reddit

Mobile application security vulnerability report

Episode 11

"Really, I thought they'd be right up your alley!" the Boss sniffs disappointedly.

"They're just sliding doors!" I comment.

"Yes, but they're intelligent sliding doors – they've got scanners and a computer interface and everything!"

"That's as may be, but they're not secure doors."

"Yes they are, they use face recognition for access control."

"Yes, but they're not secure."

"You could make them secure - you could program it to be secure!"

"No, You can't program them to weigh about three times as much as they do now, have etched smash-proof glass and pry-proof mountings. They're just lightweight access doors designed to be used as a first line of defence – to be backed up by security personnel."

"I see."

"I mean were these doors even purchased with server room access in mind?"

"I..."

"So you admit they weren't? You put your hand up for something that was going free, didn't you?"

"They weren't exactly free - we had to pay security the purchase price when it was decided that they shouldn't go on the front of the building."

"Why."

"Uhhhmmmm, I think Security had some concerns about the door's... robustness."

"I rest my case!"

"Perhaps you could put them somewhere more useful – like controlling entry to the cafeteria?" the PFY suggests.

"Why?"

"I dunno, prevent people coming back for seconds, stopping outsiders like our engineers snaffling all the onion Bhajis – maybe controlling access to the bar?"

"Actually," the Boss says, thinking about it a bit. "That might actually be a good idea! I'll put it to the catering staff."

...Moments later when the Boss has departed...

"You've been rather quiet on all this?" I ask the PFY.

"Yes," he responds. "I've been reading through the installation guide. Micro thin door glass and TV-dinner-grade aluminium extrusions aside these doors are pretty good!"

"In what way?"

"They have an inbuilt processor which isn't too shabby, a face processing offload engine which uses 18 facial regions for recognition from up to 60 degrees from head on and they even have expression templates."

"Expression templates?"

"Yeah, you can let the doors make decisions on both on whether the face is known or unknown and what sort of mood they're in."

"So you could block someone who has access if they look irate?" I say, starting to like this idea a bit.

"Oh that's just the tip of the iceberg! You can create door profiles with operational settings for a particular person in a particular mood."

"Really?"

"Oh yes," the PFY blathers. "Any one of the configuration settings can be matched to a profile - opening/closing speed, opening/closing distance, opening/closing force, open time, door-held behaviour, multiple person acceptance. Say the Boss has just had a crap day - you can make the door open at light speed when he's x metres from the door, slam again at light speed when he's y metres from the door, not open if his wife's with him, you name it, it can be done. AND there's hierarchies so that if the door's not opening for the Boss and his wife it WILL open for the CEO - and slam shut if the Boss and his wife try and sneak in behind him!"

"So... in the interests of... uh... cafeteria security... we should investigate the full gamut of door control options."

"As an aid to the... analysis of the... facial recognition door controller... genre," the PFY finishes.

"OK then, lets do it!"

...Three days later...

"Have you, uh, got a moment to speak with security about the sliding doors you had installed in the cafeteria?" the Boss asks.

"Sure, what do they want to know?"

"Oh, not a lot, they just want to hear from you about your experiences with the programming of the access control program thing."

"What do they want to know precisely?" the PFY asks helpfully.

"Uuhhhm, just how it works. How to use it."

"So they're thinking of getting some of them for the building then?"

"Not exactly," the Boss responds.

"?"

"They've decided that they do want to remove the doors from the cafeteria - but at least they've reimbursed us for the purchase price."

"Don't tell me, they're not happy with the way they've been programmed?"

"It's not that exactly - although I have heard through the grapevine that they weren't impressed with the daily sweepstake on who'd get a cup of scalding hot coffee down their front when the doors slammed closed as they were about to exit."

"Just a glitch in the facial recognition software," the PFY comments.

"The same glitch that slammed the door repeatedly on the Head Accountant's laptop just before he was due to give his presentation on right-sizing the company?"

"Quite probably," the PFY says. "Tricky business, debugging facial recognition code - it's all in assembler for speed you know. So the door's are to be dumbed down and taken away then?"

"Not exactly."

"?"

"They want them on the front of the building with the hot-coffee thing armed with a button on the desk."

"And you said yes," the PFY says disgustedly.

"I was hanging over the side of the building with a hood over my head at the time!"

"Ah right, good point!" the PFY says, packing the installation guide and his notes into a brown envelope and handing them to the Boss.

. . .

Well, we've had our fun I suppose. Besides, I'm sure the PFY's USB Wi-Fi adapter is still plugged into the controller...

Plenty of time to help security... uh... downsize...

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
THUD! WD plonks down SIX TERABYTE 'consumer NAS' fatboy
Now that's a LOT of porn or pirated movies. Or, you know, other consumer stuff
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
FLAPE – the next BIG THING in storage
Find cold data with flash, transmit it from tape
Seagate chances ARM with NAS boxes for the SOHO crowd
There's an Atom-powered offering, too
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.