Weaknesses of Elevator Access Control
Like this article?
Visit our Security Tips page for more than 75 additional articles on a variety of topics related to physical security
Follow us on Twitter to be notified when new Security Tips are published
Controlling Access Using Elevators
Security at many high-rise buildings is provided using a card access control system in the elevator. This system typically involves installing a card reader in the elevator, and making connections between the access control system and the elevator control system. The system is designed so that an access card is required to operate some or all of the floor selection buttons in the elevator car.
The access control system is typically programmed so that a user's card only works on the specific floors to which he or she requires access. For example, employees who work in the Accounting Department have access only to the Third Floor, while employees working in the Advertising Department have access only to the Fifth Floor. Floors that contain things such as the Cafeteria or Fitness Center would typically be accessible to all employees. Some employees, such as senior executives or facilities maintenance personnel, might be given access to all floors.
Security control of the elevators may be implemented at all times, or only during specific times. For example, it is common to allow free access to all floors during normal business hours, but restrict access at nights and on weekends. Some floors, such as those containing the Data Center or Executive Offices, may be kept secured at all times.
Elevator access control can be used in conjunction with other types of access control or can be used alone. For example, in many cases, using an access card in the elevator only allows you to travel to the elevator lobby on the selected floor. Once in the elevator lobby, you must use your card a second time on a controlled door between the elevator lobby and the secured interior area of the floor. In other cases, the elevator provides direct access to the interior area of the floor - once you step off of the elevator, you are within the secured area.
Social Aspects of Elevators
Most people who ride elevators unknowingly follow a set of unwritten rules regarding their use. These rules affect how you board the elevator, how you stand when in the elevator, and how you exit the elevator. A number of articles have been written on the proper etiquette to be followed when using elevators, such as holding a door open for a person rushing to get on the elevator, or offering to push the floor select button for another person when standing next to the elevator button panel.
Providing security controls on elevators is contrary to social norms and may create conflicts between doing what is good for security and doing what seems natural. In most cases, the desire to be polite overpowers any concerns about security, greatly weakening the level of security that can be provided by an elevator access control system.
Security Vulnerabilities of Elevators
There are numerous security vulnerabilities that exist when using elevator access control. Some of the ways that an intruder can compromise elevator security include:
Join the Group
People without a valid access card can enter the elevator car and ride to secured floors along with other passengers. Stepping on and off of elevators with other people is completely natural, and it is rare that anyone will stop and challenge a person getting off of an elevator on a secured floor. The busier the elevators, the bigger this problem becomes.
Go For a Ride
People rarely notice when another person stays on an elevator, assuming that they must be continuing on to another floor. This often allows an intruder to gain access to a specific secured floor by simply boarding an elevator and waiting until it is called to the desired floor. In a busy building, this can usually be accomplished by riding the elevator for just a few minutes.
Share a Card Swipe
Most interfaces between access control systems and elevator control systems are one-way only and don't provide feedback to the access control system when a floor selection button is pressed. When a user who has multi-floor access privileges uses his card, the selection buttons for all authorized floors become activated and remain activated for several seconds after his card is used. This allows a second person to "piggyback" on the access privileges of the first person by selecting a secured floor immediately after the first person has used his card.
Use Fire Service Override
Elevator security controls are completely over-ridden when the elevator is placed in "Fire Service Mode". This mode of operation is required by building codes to permit use of the elevators by firefighters during emergencies. The elevator is placed into Fire Service Mode using key-operated switches in the lobby and in the elevator car.
Unfortunately, the keys used with these switches are often standardized between all elevators of the same brand, and in some cases, all elevators within a specific geographical area are all keyed alike. This allows anyone who has a fire service key to any elevator to have a key that operates all elevators. Most fire service keys are also available for purchase online from a variety of sources. Anyone who has a fire service key has access to any floor without needing to have an access card.
Tips for Improved Elevator Security
Recognize that access controlled elevators provide only a moderate level of security and can be compromised in many ways. Because of this, elevators should never be used as the only means of controlling access into high-security areas.
If at all possible, provide barrier walls with card reader controlled doors between elevator lobbies and interior areas on every secured floor. This technique should always be used to control access to high-security floors.
When appropriate, use optical turnstiles or other similar devices to control access into the main elevator banks in the building lobby.
Consider using card readers at hall call stations at some or all floors. This requires users to first use their access card to call the elevator, and then use it a second time in the elevator car to select their floor.
If your access control system supports it, consider connecting outputs from the elevator floor select buttons as inputs to the access control system. This can be used to immediately reset the card reader output when a user presses a floor select button, preventing a second user from piggybacking on the first user’s card swipe. This also permits the access control system to know which floor select button was pressed when a card was used, allowing more accurate activity reporting.
The topic of elevator security and the ways in which an intruder may attempt to circumvent security measures using the elevator should be included in Employee Security Awareness training sessions. Employees should be taught to not give unknown people access to controlled floors and to immediately report anyone that they feel may be suspicious.
Ask your elevator company if they can provide a dry-contact output from the elevator control system that closes anytime that the elevator is placed into Fire Service Mode. This output should be connected as an input to your access control or security management system so that security and/or facilities personnel are immediately notified when any elevator is switched to Fire Service Mode.
Consider providing video surveillance cameras at all elevator lobbies and in each elevator car. These cameras can permit security personnel to observe suspicious activity (such as lingering in an elevator waiting for it to be called to a specific floor). Cameras can also be used to provide a visual record of who accessed each floor and when.
If you have any questions about this article, or need help in providing improved security for your elevators, please contact us.