Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Squid Computer Virus |
| Hacking Cars Through Wireless Tire-Pressure Sensors »
August 16, 2010
Breaking into a Garage
Garage doors with automatic openers have always seemed like a lot of security theater to me.
Posted on August 16, 2010 at 6:51 AM
• 48 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
This was posted on the Lifehacker website this summer, and the uniqueness of the attack conditions (window to see the mechanism and accessibility of the mechanism's protruding lever) were noted, as was the more likely case of the window being broken out to gain access.
This attack can be defeated simply by putting a piece of tape over the release lever to prevent it being snagged by a piece of wire while still allowing actuation.
My favorite is the electronic combination lock safes found in hotel rooms with the door seams allowing you to slip a piece of metal from a hanging folder in to hit the reset button. The button provided for ready access to change the combination for that extra feeling of security. (Or is that theater?)
1. Cover your garage windows (if you have them)
2. Replace your garage door opener with one that uses a release that is pulled away from the door or straight down, not towards it.
Regardless of which garage door opener you have, don't depend on it to secure your garage. A garage is designed to protect your vehicle from the weather, not secure valuable items.
This looks like a VERY situational attack indeed... a plastic cover over the switch lever or frosted glass would mitigate that easily. Nonetheless, if this door is a standard installation version of a major manufacturer, you might find a lot of "vulnerable" targets.
I have seen similar stupid installations around here as well. The most popular issue seems to be with classic swing doors to install the manual-close/emergency-open switch in a place that is visible through the crack and reachable with a piece of wire.
I thought security theater was a term for security measures that may _seem_ to improve security, but do not really.
An electronic garage door opener is not intended to improve security, but convenience. As a side-effect, it _decreases_ security.
Also, I once worked in an office where a token would unlock the front door, which you could then push open.
For convenience, this door would unlock automatically when a person walked up to it from the inside.
This was nice, except that this meant that the door could be unlocked 24/7 without a token simply by slipping a piece of paper through the narrow gap between the door and it's frame, and having it land in front of the sensor. This would usually require only a few tries.
@Thinkerer thanks for the tip I'm getting my roll of duct tape out right now.
Two years ago, my brother's home was burglarized with this method. Turns out it was a ring of thieves in his town. They'd pull a car up in the drive after everyone went to work, open the garage, drive into the garage as if they lived there, close the garage door, then, pick the door lock connecting the garage to the house and take their time cleaning out what they wanted, loading up their vehicle as they went.
Ironically, my brother had three dogs sleeping on the sofa (pretty tame labs/goldens) they just ignored the thieves. He was offended as the criminals didn't take his old hunting rifle. They ignored his printer too. Guess they could pick and choose what they wanted to fence. The police caught the group.
So now my brother goes hunting with the guys and they all say "dude is that the gun the criminals didn't take?"
I think part of it is function creep. As was already pointed out, garage door openers were designed as a convenient way to open and close one's garage door when moving the car in and out of it's shelter. Now it is being used to secre any valuables stored in the garage, something it was never designed to do.
The fact is that locks generally won't stop a determined thief/intruder - they will only slow them down, sometimes for a few seconds if you're lucky. At least you might have enough time to pick up your handy Louisville Slugger to do some serious perp-bashing. Also, having a cell phone to hand to call the police (no land line to cut) is probably not a bad idea. As for garage break-ins, good insurance coverage is your best protection.
Made slightly more difficult if you don't have windows on your garage door.
A simple fix by the manufacturer could avoid this, of course, by making the latch flip the other way. Then there's nothing to hook on to.
This is a standard law enforcement covert entry technique. Garage doors with emergency open pulls on ropes are opened similarly - but you need a different tool. For an idea of what that looks like, see the first picture in the article at http://web.mit.edu/zacka/www/nlias.html. Law enforcement agencies can get their gear at sites like http://www.theben-jim.com/. I am not affiliated with either site. Questions ==> @sharpesecurity on Twitter.
My dad used to love to drive down the street, seeing how many garage doors his remote would open. I used to get annoyed saying "reminds me of all the times you punished me for leaving the garage door opened when I swore I didn't do it."
My garage door release mechanism has this exact vulnerability. Except it's not actually vulnerable at all.
Just like defeating the paper-to-trip-the-IR-door-latch it simply has no way to get a wire in the top of the door. There's a signficant overlap, and stuff (floor joists, electrical wire conduit, etc.) right above it. I've played with it before this and you can't get in there.
As far as locks: anyone looked at classic garage door locks? Both the ones in the center of the rotating lever, and one that my house came with as an external, pre-keypad convenience entry are the cheapest little grade school bike lock key sorts of things. And poorly built. You can pick them with a paperclip, or just hit them with a stick and often knock them out of position.
Before there were electric openers, residential garage doors were insecure as hell.
I like the one comment on the video:
my son watched this and then zip tied it so it couldn't be done.. easy 5 minutes and 5 cent fix to safeguard your belongings.."
Easy fix. I also think this would be much harder without windows in the door...
"...a lot of security theater..."
Not at all. It's first and foremost job is to keep me in the car while opening the garage door. The alternative is that I have to park the car, get out, open the garage door, get in the car, drive in, get out, close the garage door. Garage door openers are a convenience. That is all.
Now, we have this convenience that's potentially less secure than some other kind of lock. How do we address these weaknesses? In various ways with sundry results it seems.
The IR-triggered door opener (I was in an office that had one and a gap under the door for sliding in a piece of paper) has another security flaw as well:
1) Evildoer starts messing with the door or ringing doorbell after hours.
2) Lone employee staying late comes to see what the noise is.
3) Door opens automatically.
I just always buy a crappy looking car and keep a really good engine under it...
My father told me of automatic garage doors that would open with the honk of the car horn. He claimed to drive the stree, honking his horn, causing rows of garage doors to open. This, of course, was at a time when security was not the main concern. It was convenience.
To the people who say that a garage door is not a security issue, it now is. Many garages are now part of the main structure, and access to the garage is equal to access to the house. In my neighborhood this is an issue because the garages are not visible to the street and persons have way more than six seconds to work out how to break in. Some houses with attached garages are designed to acknoledge the added security risk, many are not.
The trick to not worrying about garage theft is to load your garage so full of crap that one of the following will occur
A) The thief will run away in horror.
B) The thief will steal something you had forgot you'd put in there 10 years ago.
C) The thief will die in a garage avalanche.
Hmm. I have a garage-door switch button on the outside of the garage, so the UPS and FedEx drivers can open the door to leave packages inside. Or pick up packages from inside.
Like many others have said - the garage is not where you should keep valuables. Treat the garage according to its mission; protect your car from weather. Nothing else. If you want a secure garage, you have to build it like a house - locks, alarms, steel core door and all the trimmings.
Should be elementary... but isn't, I suppose.
We stay up late at my house. One night, we had just gone to bed so we were still awake and we heard the garage door opening. We turned on the lights to check what was going on, and no one was there. We thought a cat might have stepped on a remote left on the kitchen counter, but then we noticed that the dome light in the car (parked outside) was on. No one was in the car and the remote was still there.
We called the police and asked them to have a patrol car drive by, but we didn't worry too much. We figured it was kids stealing change from cars, who had accidentally pressed the remote.
But it turned out that thieves were using this trick to target our neighborhood. Later that same night, they got into a house three doors down from ours, and stole a bunch of stuff, and this had been the third or fourth such incident in our sub that month. I learned this from a police detective who called because he was working on the case and he found our call in the dispatch logs. He wanted to talk to us because we were the only who had woken up when our garage opened. Unfortunately we didn't have anything for him.
But we've been more careful about leaving remotes in cars parked outside, since then.
I know this is a US door opener but...
Just about every garage door I have seen on a resedential property in a "WASP nation" has a significant weakness that allows it to be opened in seconds.
The worst offending doors are the "up-n-overs" be they a single pressed metal door or made of jointed pannels (such as the one in the vid).
The mechanisms are always very weak in design often using little more than a spring loaded bolt/latch at the doors edge and a simple pull wire or bar to the mechanical lock / handle on the door.
Almost invariably the bolt / latch is in a very standard place so the position of the pull wire or bar is easily determined by eye from the outside (no windows required).
As you will apreciate the length of the pull wire or bar is long with respect to its diameter therefore requires only very minor deformation to release the bolt.
So somebody quite inept even compared to "Jo Couchpotato" can walk up to the door with a battery powered 3mm (1/10th inch) drill and make a small hole in the door and push through a thin steel rod (piano wire) up against the pull wire / bar and the spring loaded bolt/latch will be pulled back and the door opened.
I won't go into details but you can slide a length of "coat hanger wire" through at the side of most doors where there is a conveniant gap and do the same thing.
Thus the security of the average "up-n-over" garage door is somewhat less than that of a 1960's car door (see refrences to repo "slim jim's" to see why).
Oddly in Europe the southern (predominantly Catholic) nations have better garage door locks than most US home "secure front doors". I saw one in Italy which would put the lock mechanisum in most A60 safes to shame. On chatting with the owner I was told it was fairly standard in Italy. I subsequently saw similar in Portugal and Spain.
The solution to the problem of WASP nation "up-n-over" doors is usually quite simple such as a good quality external "jamb bolt" and padlock at the bottom corners. Or if you still want "electrical opening" add two of those electrical "fire door" holders to either the top or bottom corners depending on your door style.
To those advocating taping, tying, or otherwise securing the chain-release mechanism: In detached garages, such as at condominium complexes, the overhead door may be the only access. If there's a power failure, the door-opener motor dies, (about every five years, actually), etc., you're car-less. That's why there's a key lock attached to that pull-cord, so you can turn the key, pull out the entire cylinder with cord attached, and release the door from the drive. Defeating this mechanism defeats this emergency access.
*This* is why the release mechanism *must* release toward the door, not away from it.
I just double-checked my own door. It would be much harder to shim an opening that wide -- door is reinforced metal, with hardwood frame -- and attacker would be working completely in the blind. Would need to get very lucky to snag the wire, then pull all the slack out and trip the release without running into obstacles (the metal arms, etc. attaching door to the "carrier" that rides the screw or chain drive).
Of course, he could also just pick the lock. (*not* a standard lock; local hw store was unable to make a copy. Would have to be special-ordered from OEM. Got an extremely skilled locksmith to engineer a spare key from the existing one.)
*Or* drill holes in the door, cut it with power tools, etc., and pull out the emergency lock, with the cylinder still inside. But that would make a lot of noise and take more than six seconds.
There isn't a (locked) handle-turn opener, not for security, but for cheapness.
For garages attached to homes, the door between the two should have the same deadbolt lock as any exterior entrance door to the home. Won't stop a true pro, of course, but it gets rid of the opportunists, like the attackers portrayed here are likely to be.
I've seen garage doors with one or two windows, but not in years, and not one so totally transparent as that depicted.
IIUC, modern wireless openers have three settings per switch ("middle" is one, not just "up" or "down"), so the number of possible combos goes from 2^8 = 256 to 3^8 = 6,561 combos. Much less chance of random match.
Also, IIUC, modern ones have "rolling' codes, in the same manner that the encryption between my wireless laptop and my router has a single pre-shared key, but the actual encryption key is changed every X minutes. I don't pretend to be an expert on either: wireless door openers or WPA2.
The garage door also has an external keypad so that you can leave the opener in the car and not have to carry it with you back and forth. Thanks to this column, I do clean the fingerprints and smudges off of the buttons occasionally, and do change the code occasionally.
None of this is to disagree with the other posters: The garage is not the place to store Grandma's heirloom 2-carat diamond wedding ring.
I think I should trump him by posting a 1 second garage opening with a sheet charge. Of course, a minute and a half with a thermal lance might be more interesting. You just kick the bottoms afterward and peel it off. Both attract a lot of attention, though. Should only be used for quick (and terribly fun) heists.
"A simple fix by the manufacturer could avoid this of course, by making the latch flip the other way Then there's nothing to hook on to"
It still leaves the "pull cord", hooking that and pulling it back will more than likley still open the door.
Thinking for "secure design" can be either "fun" or "soul destroying" depending on why you have to do it and how quickly.
And then there's those other little niceties like manufacturing cost, reliability, maintanence cost, compatability with other systems etc etc getting in the way...
And before any body says "think of the pluss points" come up with atleast five first...
@Clive: I doubt you could open my garage door that way. Then again, the opener often doesn't have enough power, because it's badly installed.
I agree with others that the garage isn't a great place to keep valuables (other than your cars), but in any attached garage, there's going to be a door to the house. So getting in the garage gets the thief access to all your stuff.
From what one remembers, it has been advised that the door between a home and an attached garage be treated in the manner of an exterior door i.e. of strong construction with a keyed deadbolt.
In other news: A British anti-terror ad was banned due to concerns that legitimate behavior was portrayed as being suspicious, among other things.
@ A Reader,
"A British anti-terror ad was banned due to concerns that legitimate behavior was portrayed as being suspicious, among other things."
When I first heard it anounced on the radio "that the UK Advertising Standards Authority had banned the add", my first thought was "it's the 1st of April".
I then started laughing so much I was asked by my breakfast companion what was so funny. She did not see the funny side of it as I explained it was a sign that sanity was returning in UK officialdom against the security theater that has resulted from the Orwellian "war on terror" we are in.
For those more interested the ASA has put up a summary of it's findings at,
You will see the "usuall suspects" behind the ad of London's Met Police Service (MPS) and the UK self appointed clique of vested police interests the Association of Chief Police Officers (ACPO). Both of whom to user their vernacular "have previous" on this sort of behaviour having been found guilty in the past.
Saddly a lot of the behaviour described in the add is very common in London and other metropolitan areas these days,
Drawn curtains happens not only if you live on a buss route but also in areas of high street crime. This behaviour is seen in significantly more law abiding citizens than criminals. The few criminals that do do it are often growing canabis plants (could be a clue as to why ACPO included it).
Paying by cash is becomming very common since the bank crisis and attendent high unemployment, it's also more common since Internet / home shoping has taken over on bulk buys etc. Also carrying only a limited amount of cash and no cards is usually the advice given in areas of high street crime. It is also a fairly safe way to ensure you don't go over budget when you have very limited income as an unemployed person or likewise who might nolonger have access to the banking system due to bad debt etc. Thus many law abiding citizens are doing it. Also there is little evidence that the "suicide terrorists" of the past decade don't use credit cards etc.
However there are also all those "criminals" in the black economy (tax avoiders) who pay cash the Govenment wish to target as well as drug dealers and those in the sex trades (could be a clue as to why ACPO included it).
As for being male and living on your own something like 25% of households in the UK are single occupant and girls tend to flat share more than boys. This figure rises to as much as half the population in some areas such as run down metropolitan areas where drug usage is more visable. There is little publicaly available evidence that terrorists are living on their own, in fact the opposite appears to be true.
However there is significant evidence that the police "target" young adult males of ethnic minorities especialy in areas where they are more likly to live on their own in low cost one room flats / bedsits (this might be a clue as to why ACPO included it).
Thus I feel the MPS evidence to the ASA on behalf of ACPO to be a nonsensical smoke screen that they can hide behind. But importantly if chalenged by the ASA or others the MPS can fall back on the old "If you knew what we know but can't tell you for security reasons", so they know they can get away with it...
Its also stupid because even if there are as many as ten (!) real terrorists hiding in the U.K. right now, which I HIGHLY doubt, the described behaviour still applies to thousands, probably tens of thousands of citizens who are all basically law-abiding citizens (some might be petty criminals, but the point is that they aren't real terrorists).
So its nonsensical to ask ordinary citizens--who are not trained in behavioural profiling or any of that junk--to snitch on "likely terrorists", because the false-positive rate is going to be like 99.9%. Its far too Orwellian and I hope the new government is going to make an effort to curtail such ineffective measures. The police resources spent responding to those random citizen snitch reports would be much better spent doing actual police work.
Add to the ACpo's list (because it's a trend and been seen in court)
Standing, sitting, looking, seeing, being seen, talking, listening, breathing.
All incontrovertibly things that terrorists do.
The first post noted: "This was posted on the Lifehacker website this summer, and the uniqueness of the attack conditions (window to see the mechanism and accessibility of the mechanism's protruding lever) were noted, as was the more likely case of the window being broken out to gain access."
Several years ago a friend of mine had a sports car stolen from his garage in exactly this way while he was on vacation. They taped over the glass to prevent shattering (and maybe keep down noise, I don't know), broke the whole window out, released the door, and entered.
Given that this technique has been in use by criminals for many years, I'm surprised to learn that it's still not very well known
I think it's unduly harsh to call garage doors security theater. And I disagree with some posters above who say the garage is only for keeping the car out of the weather.
There's a spectrum. Is it reasonable to keep grandma's wedding ring in the garage? Probably not (though people are unlikely to look for it there). Is it reasonable to keep a bicycle and some tools? Probably yes.
I believe that anyone who wanted to put some effort into it could break into my garage. There are no windows, but there's a standard door (with a pickable lock) and an automatic garage door (with a hackable remote). Sometime with time, resources, and skill could certainly get in.
So what does the garage protect against? Crimes of opportunity. Someone who wanders up won't be able to get in to have a look around. And for the dedicated criminal, they'd have an easier time getting into the house (by breaking a window) than the garage, so it's not like that's more secure anyway.
For many people, home and garage security doesn't even attempt to keep everyone out. It just keeps random passersby from walking through an open door.
Also, when I go on vacation, I flip the circuit breaker that powers the garage. Someone could still get in through the side door, but hacks based on the opener won't work without power.
When I rewired my garage, one of the things I included was a light switch that turns off power to the door. I mounted the switch high up on the wall, where it won't get accidentally flipped by someone fumbling for the lights. The main reason I did this was so that I could make sure the door didn't get opened accidentally when I was working on something in there. But I have also used it to disable power to the garage door when we are out of town.
I feel this was incorrect use of "security theater"
I'd like to add a few things. First the paper under the door tripping the motion detector trick is usually a configuration problem in the card access control system. The motion detector in this case is known as a request to exit. There is a check box in the user app of the access control system that says something like unlock on REX?
Actually unlocking the door on exit is only required when mag locks are used. Properly designed access control systems specify locks that are mechanical free exit. In other words you can always operate the knob, lever, or push bar to exit.
I found the ben jim site interesting. although I couldn't directly see their product as it was restricted to government agencies, a quick google search and viewing cache told me everything I need to know about ben jim.
Lastly, I was assaulted at my garage door. My old flat had double swing garage doors with no opener. I had to pull out in the morning, get out my car, and close the door. One morning after closing the garage door and leaving through the side door, I was attacked. The whole manual operation is vulnerable because I couldn’t see what was outside the door. I have moved and now have an electric opener on my garage.
I use a physical interlock that prevents the garage door itself from being raised, regardless of the condition of the drive mechanism or override lock. Which raises the game to the next higher level, that being how much the thieves are willing to bust or break to get in. At least, someone may notice (or hear the commotion).
Basically, my garage door/opener is to keep out lazy thieves/bored kids/raccoons.
All a thief needs to do to defeat ANY of these devices is back his van/pickup/SUV to your garage door - and just not stop backing up. Bang, the whole door w/frame pops off, he is free to take what he wishes - just toss it in the truck, its right there. From the outside it doesn't look all that different to someone backing up to the door who hit the wrong pedal; use a Toyota truck and they'll assume it was the mfr's fault.
@ bob (the original bob)
They can also break into almost any home by smashing a glass window, but not so many occur that way. Noise attracts attention, neighbors, call cops, etc.
Also, if there is actually a *vehicle* in the garage, and its rear bumper isn't more than a foot or so from the door, you'd dent the door, but I doubt it would suffer as you've described. Works on partially-empty garages, but I can also take an ax and chop your front door down, no matter how many exotic locks you have on it. Yet, that doesn't happen that often either....
Buy a big dog. I recommend Great Pyrenees.
Quote: [So what does the garage protect against? Crimes of opportunity. Someone who wanders up won't be able to get in to have a look around. And for the dedicated criminal, they'd have an easier time getting into the house (by breaking a window) than the garage, so it's not like that's more secure anyway. ]
Security professionals often recommend a simple sign that says something to the effect that an alarm system is installed and will be responded to (when the customer says "I can't afford that"). If someone wants something that YOU have (and no one else does), they WILL get it. If someone wants something to fence, they will go NEXT DOOR.
Everyone knows the garage is less secure than the rest of the house. (That's why the door from the garage to the house locks. Most people don't realize how easily *that* lock can be picked. Smart people at least put a deadbolt on it.)
It's useful to have some minimal security on the garage door, to keep indolent neighborhood kids from screwing around in there too much, but given the convenience profile of being able to easily drive an entire car in and out, it's generally not worth trying to make it secure against devoted career criminals. Frankly, devoted career criminals usually have better things to do with their time than merely break into your garage. They'd much rather get into the house.
Hopefully you don't keep your most valuable stuff in the garage. Well, except for the car, but the alternative is keeping it in the driveway, and car thieves can just as well find cars on the street or in parking lots, so.
Incidentally, having a detached garage (possibly with a connecting roof overhang) improves the overall security of the house, because there's no door from the garage straight into the house. (Neighbors and other potential witnesses can't see what's going on inside a garage, but they *can* see what's going on outside.) Of course, having a detached garage also means in the winter you have to step briefly through a cold space between your warm car and your cozy house, so not everyone wants that.
Reinforcing your garage/home boundary door is fairly worthless; a firm kick will gain an intruder entry into the house through the (interior-built, albeit occasionally insulated) shared wall between the garage and the house. Increased threshold arguments don't apply to this entry method, either; they're already inside your garage, so they've already chosen you, and assuming that their entry method allows them to close the garage door behind themselves, they effectively have unlimited time to spend breaching any subsequent boundaries.
This reminds me of security at the datacenter I work at. When I describe the steps needed to access the facilities, people will often concoct a scheme whereby I am manipulated into being a tool for their access. For example, for a hand-scan, they'll say, "Okay, so I chop off your hand and carry it with me.". At which point my trump card is always, "The guards are not amused by those who attempt to bring bloody hand-stumps into the datacenter." It's certainly possible to build an excellent security model without it, and there are many ways to be less secure with it (due to poor procedure/training/action constraints, for example), but to be truly secure, you have to loop in a human brain somewhere.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.