Why your hotel deadbolt doesn’t matter.
It doesn’t matter how expensive the lock is if there is a quarter-inch gap underneath it. Here is how the “Under-the-Door” attack works.
THE COUNTERMEASURE
Dispatch #010
Picture this: You are in a hotel room. You are traveling for work (or maybe you’re on the run).
You close the door. You hear the electronic lock click. You throw the deadbolt. You feel safe.
You shouldn’t.
If Niko Webb wants into that room, he doesn’t care about the key card encryption. He doesn’t care about the pick-resistance of the keyhole.
He is looking at the gap.
Most commercial doors (hotels, offices, server rooms) have a gap of about 1/4 to 1/2 inch between the bottom of the door and the floor.
That gap is a highway.
Today, we are looking at the Under-the-Door Tool (UDT), the reason why physical penetration testers always carry a weirdly shaped piece of wire in their bag.
The “Keeling” Technique
The Target: The Lever Handle
This hack works on almost any door that has a lever handle on the inside.
By law (fire code), almost every commercial door must allow you to exit freely. You simply push the handle down, and the door opens, even if it’s locked from the outside.
This is a great safety feature for fires. It is a terrible feature for security.
The Tool: The Hook
The “Under-the-Door Tool” looks like a long, thin “J” made of stiff piano wire or flexible plastic. It has a string or a cable attached to the short end.
The Attack:
The Slide: Niko slides the tool through the gap under the door.
The Twist: Once the tool is inside the room, he twists it. The “J” hook flips upright.
The Grab: He lifts the tool until he feels the hook catch onto the inside lever handle.
The Pull: He pulls on the string attached to the tool.
This pulls the lever handle down from the inside.
Click.
The latch retracts. The deadbolt retracts. The door opens.
Niko walks in.
The whole process takes less than 15 seconds. It is quiet. It leaves absolutely no trace. It works on $500 locks just as easily as $50 ones.
The Countermeasure: How to Stop It
So, how do you sleep at night knowing this?
The vulnerability isn’t the lock; it’s the vision. The attacker has to be able to “feel” or see the handle to hook it.
The Fix:
The Towel Trick: If you are in a hotel and you are paranoid (like me), roll up a bath towel and shove it tightly against the gap at the bottom of the door. If they can’t slide the tool in, they can’t hook the handle.
Door Sweeps: Security-conscious offices install “security door sweeps” or “astragals” that block that bottom gap with metal or hard rubber.
The Shroud: Some high-security handles have a plastic box (a shroud) over them that prevents a wire from hooking onto the lever.
Why This Matters
In Stone Cold Webb, Niko often bypasses security not by being a super-hacker, but by understanding geometry.
Security architects think about the lock.
Thieves think about the door.
If you focus too much on the technology (the smart card, the biometric scanner), you miss the physical reality. A door is just a moving wall. If you can move the handle, you can move the wall.
Next time you are in an office, look at the door. Look at the gap. If you can see light coming through, Niko Webb can get in.
Stay dangerous,
Alex Holt