We all use, and trust, door locks on a daily basis. Our homes, offices and commercial real estate holdings are all protected by door locks, and these locks are surprisingly sophisticated devices. This sophistication is a result of the need to combine security with ease-of-use. Unfortunately, this sophistication also brings with it the need to carefully install locks, or they may not function as intended.
The most common door lock includes a handle, a key mechanism, a latch plate with a hole in it and a latch with an anti-shim pin. In future articles, we will explore how door handles and key mechanisms can be exploited. For this edition’s article, we are going to focus on perhaps the most overlooked, and essential part of the lock, the anti-shim pin, a.k.a. the dead latch.
The anti-shim pin/deadlatch is the narrow, half-cylinder piece that sets next to the door latch. The anti-shim pin’s role is to prevent the lock from being susceptible to shimming. Shimming is often referred to as the credit-card trick, wherein the criminal uses a credit card (or similarly semi-flexible piece of plastic), to depress the door the latch and open a locked door.
When the door is closed, the latch passes through the hole in the strike plate, but the anti-shim pin should be resting on the face of the strike plate in its retracted position. It is essential the anti-shim pin remain in its retracted position in order to prevent shimming.
In our security test engagements, we often find deadlatches are either mis-aligned during installation or door alignments have changed over time due to things like the building settling or rubber doorframe bumpers decaying. When mis-installation or building changes occur, the deadlatch often ends up extended (like in the picture above), which renders it useless.
If you want to prohibit easy physical attacks against your properties, pay close attention to door alignment and make sure all you anti-shim pins are in the proper retracted position when doors are closed.
David Trepp is a Partner in BPM’s Information Security Assessment Services Practice. Contact David at firstname.lastname@example.org or 541-687-5222.