With companies banning smoking inside their offices, smokers are forced outside -- usually to specific smoking areas in the back of the building. The doors leading out to them are a major security hole, according to a social engineering study undertaken by NTA Monitor Ltd. a U.K.-based Internet security tester.
NTA's tester was able to easily get inside a corporate building through a back door that was left open so smokers could easily and quickly get out and then back in to work, according to the company. Once inside, the tester asked an employee to take him to a meeting room, claiming that the IT department had sent him. Even without a pass, he reportedly gained access unchallenged and was then able to connect his laptop to the company's VoIP network.
"It used to be that companies 'left the back door open' in terms of Internet security," said Roy Hills, technical director at NTA Monitor, in a written statement. "Now, they are literally leaving their buildings open to accommodate smokers. We are experiencing a surge in demand for social engineering tests as hackers are turning to social techniques to infiltrate corporate networks. This latest social engineering test has proved that once inside a corporate building, an attacker can use social methods on employees to gain access to restricted areas and information if a rigid staff pass system is not in place."
Social engineering, in this sense, refers to con artists or hackers bypassing computer security by manipulating people to disregard normal security rules.