Security is the most important concern for any individual or a huge data center holding thousands of gigabytes of data. With the advancement of technology, many security tools are used by the companies to keep their data secure. But a security expert has found a unique “leak” in one of the data centers that allowed him to gain access to precious data. Security expert, Andrew Tierney, posted a detailed thread on Twitter describing how he gained physical access to the datacenter using a “pee corridor”. Mr Tierney, who works at security firm Pen Test Partners, claimed in the tweet that it was one of his most notable exploits.
He posted a diagram to demonstrate the specific restroom areas of the facility unknown to general office space and the secure portion of the IT infrastructure located. However, the two restrooms were intertwined, and Mr. Tierney discovered a shared access route for servicing the toilets, which ran past both sets of cubicles. These, according to the security expert, were “pee corridors”.
According to Mr Tierney’s tweet, he found it accessible through a hidden door in an accessible cubicle, a large room designed for wheelchair access, on either side of the safe/unsecured boundary. He entered the bathroom through the accessible room towards the general office area and then to the “pee corridor”, the same way supposedly reaching the safe side.
One of my favorite physical access jobs for a datacenter involves toilets.
Let me explain
I needed to gain access from the less-secure side of a sub-basement floor to the more-secure side.
Common office space for the data center. pic.twitter.com/5C4yXD1Yeq
— cybergibbons (@cybergibbons) 4 July 2022
Mr Tierney did not mention whether the secret doors were secured to prevent curious restroom visitors from entering the access space, or whether they had to choose locks to allow access, according to register who gave a report on his discovery.
Mr Tierney claimed he did so only after making sure there was “no one else in the other accessible room”.
The security expert was overjoyed with his success, noting that he had managed to evade the datacenter’s security measures, including mantrap gateways that required employees to surrender any digital devices upon entry.
He further said that the bathroom arrangement was visible on public planning records, indicating that someone must have worked out a way to escape from security.