Piggybacking (security)

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Do Not Tailgate sign at Apple Inc. office

In security, piggybacking refers to when a person tags along with another person who is authorized to gain entry into a restricted area, or pass a certain checkpoint.[1] The act may be legal or illegal, authorized or unauthorized, depending on the circumstances. However, the term more often has the connotation of being an illegal or unauthorized act.

To describe the act of an unauthorized person who follows someone to a restricted area without the consent of the authorized person, the term tailgating is also used. "Tailgating" implies without consent (similar to a car tailgating another vehicle on the freeway), while "piggybacking" usually implies consent of the authorized person.

Piggybacking came to the public's attention particularly in 1999, when a series of weaknesses were exposed in airport security. While a study showed that the majority of undercover agents attempting to pass through checkpoints, bring banned items on planes, or board planes without tickets were successful, piggybacking was revealed as one of the methods that was used in order to enter off-limits areas.[2]

Methods[edit]

Piggybackers have various methods of breaching security. These may include:

  • Surreptitiously following an individual authorized to enter a location, giving the appearance of being legitimately escorted
  • Joining a large crowd authorized to enter, and pretending to be a member of the crowd that is largely unchecked
  • Finding an authorized person who either carelessly disregards the law or the rules of the facility, or is tricked into believing the piggybacker is authorized, and agreeably allows the piggybacker to tag along

Piggybacking can be regarded as one of the simpler forms of social engineering.[3]

Reasons[edit]

Many locations are too secure to allow simple piggybacking[citation needed]. These may include those with intense human surveillance or three-dimensional computer vision detection systems, such as those at airports, apartments with doormen, or turnstiles.

Others, with weaker controls, are more likely to allow such a breach. These may include unmanned entries with the use of a card or entry code, or locations where an attendant can be easily distracted by high traffic or other duties.

High-security facilities typically use secure revolving doors or "mantraps" to prevent tailgating. Revolving doors may have a smaller segment space between the door leaves, and can be fitted with electronic sensors using infrared beams and computer vision systems which cause the door's powered rotation to reverse if more than one person is detected in a segment space. Alternatively, a Gatekeeper system can be used which applies photonics technology to measure the volume occupied by one person; two persons occupy a larger space and as such are not allowed to enter.[4]

See also[edit]

References[edit]

  1. ^ Honeywell Press release[dead link]
  2. ^ Kettle, Martin (1999-12-03). "Inspectors walk through US airport security". The Guardian (London). Retrieved 2010-05-22. 
  3. ^ Siobhan Chapman (2009-05-11). "How a man used social engineering to trick a FTSE-listed financial firm". Computerworlduk. 
  4. ^ "Gatekeeper". Mactwinspecials.com. Retrieved 2011-12-09.