What is a Physical Penetration Test?

If there is one type of assessment that is not like the others, it is the physical penetration test. A physical penetration tests assesses the risk to your organization of an attacker physically breaking in. This blog will explore the physical penetration test, what questions it answers, what type of clients typically seek physical penetration tests, and the common techniques we use during a physical penetration test.

What is it?

A physical penetration test is an assessment of the physical security controls of an organization. Physical security controls include locks, fences, security guards, cameras, and others. During a physical penetration test, a skilled engineer will attempt to circumvent these controls and gain physical access to restricted areas, identify sensitive information, and gain a foothold on the network.

What Questions Does it Answer?

  • What is the risk of someone breaking into my organization?
  • Before I buy this new physical security control, is it even necessary?
  • What information can an attacker gain access to if they break in (PII, Credit Cards, Employee Passwords, etc.)?
  • What happens if someone gains access to my data center?
  • Can an attacker slip into a conference room and take over my network?
  • Will my employees challenge a stranger inside the office?

What Types of Companies Typically Purchase Physical Penetration Tests?

There is a myriad of reasons why an organization may want to assess their physical security. Some organizations who have had physical penetration tests performed include:

  • Utility providers who want to evaluate the risk to substations or ICS/SCADA systems, etc.
  • Healthcare call centers who want to evaluate whether customer health information can be obtained.
  • Organizations seeking to justify an upgrade to their physical security or evaluate the effectiveness of recent upgrades.
  • Retailers who wish to evaluate the risk of an attacker at a store or branch location.

What are Some of the Techniques used in a Physical Penetration Test?

While this list is not all-encompassing, some of the techniques that an engineer may use on a physical penetration test include:

  • RFID-Cloning – Using an RFID-cloner, the engineer will attempt to get close enough to employee’s badges to read and copy them. Once a valid card is obtained, the engineer will use it to attempt to gain access to the facility.
  • Tailgating – Tailgating simply means using social engineering to try to get an employee to hold the door open for you or just grab the door before it closes. This works far more often than it should.
  • Circumventing access controls – Many times, other techniques are used to gain access such as crawling under or over fences, using a metal rod to reach under the door and pull the handle, etc.
  • Lock Picking – Most modern doors have protections that make it difficult to pick the lock and gain access. However, many times shredding services do not, and gaining access to shred bins can be relatively easy and fruitful for an attacker.

A physical penetration test is far different from the other types of assessments we perform. With that being said, the basic concept is the same: have a skilled ethical hacker test your organization’s security to find the holes before an attacker does. If you would like more information on physical penetration tests, or would like to get one started, please contact us.