Security is the most important concern for any individual or for a huge data center containing thousands of gigabytes of data. With advances in technology, many security tools are used by companies to secure their data. But a security expert discovered a unique “leak” in one of the data centers, which gave him access to valuable data. Security expert Andrew Tierney posted a detailed Twitter thread explaining how he gained physical access to the data center using the “piss corridor”. Mr Tierney, who works for security firm Pen Test Partners, claimed in tweets that it was one of his most notable feats.
He posted a diagram to demonstrate the separate restroom areas of the unidentified facility for the general office space and the secure portion where the IT infrastructure is located. However, the two toilets were connected and Mr. Tierney discovered a shared access passage to service the toilets that ran behind the two sets of cubicles. These, according to the security expert, were the “piss corridor”.
He found access was accessed via a disguised door in an accessible cabin which is a larger room built for wheelchair access, on either side of the secure/unsecure border, according to Mr Tierney’s tweets . He entered the restroom from the side of the general office area, then the “piss corridor” via the accessible stall, reaching the supposedly secure side the same way.
One of my favorite physical access jobs at a data center involved a restroom.
Let me explain.
I needed access from the less secure side of a basement to the more secure side.
General office space at data center. pic.twitter.com/5C4yXD1Yeq
— Cybergibbons (@cybergibbons) July 4, 2022
Mr Tierney did not mention whether the concealed doors were secured to prevent curious restroom visitors from entering the access space, or whether he had to pick the locks to allow access, according to Register which carried a report of its discovery.
Mr Tierney claimed he only did so after making sure ‘there was no one else in the other accessible cabin’.
The security expert was delighted with his success, noting that he managed to evade data center security measures, which included mantrap entry doors that required staff to hand over any digital devices upon entry.
He further stated that the bathroom layout was visible on public planning records, indicating that anyone could have found a way to escape protection.