Ability to Compromise Security Equipment

 

Many types of security equipment can be easily compromised by an intruder who gains access to the facility during normal business hours. Often, this is done by an “insider” – someone who has a legitimate reason to be in the facility, such as an employee, contractor or delivery driver. Also, in some larger facilities, such as warehouse clubs or museums, it is possible for a member of the public to go to a remote part of the facility and tamper with some portion of the security system without being noticed.

 

Usually, the intent is to disable the security system so that the criminal can come back later and commit a burglary or other crime. While some level of knowledge is required to bypass security devices – it is not rocket science. In most cases the bypass can be accomplished by simply shorting together a couple of wires, or by placing something in front of a sensing device. These techniques can be learned from fellow criminals, or by doing a little searching on the internet.

 

Here is an example of a few real-world cases where this consultant has seen tampering with security equipment:

​

• Employees bypass magnetic contact switches on emergency exit doors at back of warehouse by shorting together wiring at junction box. Merchandise is removed from warehouse during operating hours and stacked just outside of exit door for later retrieval by the thieves.

​

• Unknown person defeats outdoor photoelectric beams by tampering with wiring at photoelectric receiver. Trailers in outdoor storage yard later burglarized without being detected by the intrusion alarm.

​

• Passive infrared motion detector in art studio defeated by someone who put masking tape on the inside of motion detector lens. The studio was later burglarized, resulting in the theft of art work, as well as significant vandalism damage to the facility.

​

In addition to tampering with alarm devices, criminals may also tamper with things such as card readers. Many “hacks” of card readers require access to the card reader wiring. For example, there is one small device that attaches to the card reader connections and automatically captures the number of proximity access cards as they are being read. The hacker simply remove the card reader from the wall, attaches the device to the wiring, and then reinstalls the reader. As legitimate users swipe their card, the card's digital card number is captured by the hacker’s device. The hacker can then come back later, connect to the device with a smartphone app using a Bluetooth connection, and then download the captured card numbers. The hacker can also use the smartphone app to retransmit a legitimate card number over the card reader wiring, allowing the door to be opened just as if a valid access card had been used.

 

Purpose of Tamper Switches

 

In all of the cases outlined above, the criminal needed to gain access to the inside of the security equipment and/or gain access to the wiring in order to compromise the device. To allow the detection of people tampering with security equipment, devices known as “tamper switches” are often used. Tamper switches are built-in to many types of security equipment, and external tamper switches can be used if the equipment does not contain a built-in switch.

Mechanical micro switch or plunger type tamper switches are most commonly used, but optical or magnetic types of switches may also be used. Tamper switches are usually installed to detect when the cover of the device is removed. For example, removing the front cover of a motion detector would cause activation of the tamper switch. On some pieces of equipment, such as alarm control panels, tamper switches may be installed on the front of the panel to detect when the panel door is opened, as well as on the back of the panel to detect when the panel is removed from the wall.

 

In order to be effective, tamper switches should be connected so that they send an alert both when the facility is open and closed. Most attempts to tamper with equipment will occur when the facility is open, so connecting a tamper switch to send an alert only when the intrusion alarm system is armed is not very effective. In some cases, tamper switches are connected to a dedicated “tamper input” on the alarm or access control system. In other cases, several tamper switches may be wired together on a dedicated “tamper loop” that is also connected to the alarm or access control system. When a tamper switch is activated, it usually causes an alarm signal to be immediately sent to the security control room or off-site alarm monitoring center. Notification that a tamper switch has been activated may also be displayed on alarm system keypads.

 

In some cases, a dedicated tamper input may not be available on the alarm or access control system. In these situations, tamper switches can often be wired in series with a supervised alarm input so that a “trouble” signal is sent when the tamper switch is activated.

 

Where Should Tamper Switches be Used?

 

We recommend that the built-in tamper switches on all equipment be used, regardless of where the equipment is installed. When a piece of equipment is available with or without a tamper switch, we always recommend that a version with a tamper switch be chosen. This usually results in only a small additional cost.

 

External tamper switches should be added to all control panels and power supplies that don’t already have them. External tamper switches should also be added to any junction boxes that contain connections to security equipment. For example, it is common to make connections to magnetic contact switches on overhead doors using an electrical junction box. This type of box should always have a tamper switch.

 

Reluctance of Professional Installers to Use Tamper Switches

 

Surprisingly, many professional alarm and security systems installers fail to use tamper switches on security devices. In at least 75% of the security systems that we examine during assessments, we find that tamper switches are present but have not been connected by the installer. We attribute this to ignorance on the part of the installer as to the importance of tamper switches, or just plain laziness.

 

We recommend that all end-users ask the company that installed their security systems whether or not tamper switches have been properly installed and wired on their security devices. If not, the security company should be asked to take corrective action. All RFPs and specifications for new security systems should always include a requirement for tamper switches, and the testing of tamper switches on all devices should be included as a part of the final security systems acceptance testing process.

 

Have questions about the proper use of tamper switches? If so, please contact us.