The most important concern for any individual or a huge datacentre holding thousands of gigabytes of data is security. With the advancement of technology, many security tools are used by companies to keep their data secure. But one security expert has found a unique “leak” in one of the datacentres, which allowed him to gain access to precious data. The security expert, Andrew Tierney, posted a detailed thread on Twitter to explain how he gained physical access to the datacentre using “piss corridor”. Mr Tierney, who works at security firm Pen Test Partners, claimed in the tweets that this was one of his most notable exploits.
He posted a diagram to demonstrate the unidentified facility’s distinct restroom areas for the general office space and the secure portion where the IT infrastructure is situated. However, the two restrooms were connected, and Mr Tierney discovered a shared access passage for servicing the toilets that ran behind both sets of cubicles. These, according to the security expert, were the “piss corridor.”
He found the access to be reachable via a disguised door in an accessible cubicle which is a bigger room built for wheelchair access, on either side of the secure/insecure border, according to Mr Tierney’s tweets. He entered the bathrooms on the general office area side and then to the “piss corridor” via the accessible cubicle, reaching the supposedly secure side in the same manner.
One of my favourite physical access jobs to a datacenter involved toilets.
Let me explain.
I needed to gain access from the less-secure side of a sub basement floor to the more-secure side.
General office space to data centre. pic.twitter.com/5C4yXD1Yeq
— Cybergibbons (@cybergibbons) July 4, 2022
Mr Tierney didn’t mention whether the concealed doors were secured to prevent curious restroom visitors from entering the access space, or whether he had to pick the locks to allow the access, according to Register that carried a report on his discovery.
Mr Tierney claimed that he only did this after making sure “there wasn’t anyone else in the other accessible cubicle”.
The security expert was overjoyed with his success, noting that he managed to escape the datacenter’s security measures, which included mantrap entrance gates that required staff to surrender any digital devices upon entry.
He further said that the bathroom arrangement was visible on public planning records, indicating that anyone might have worked out how to escape protection.