Knox Box
This article needs additional citations for verification. (November 2008) |
This article relies largely or entirely on a single source. (July 2014) |
A Knox-Box, known officially as the KNOX-BOX Rapid Entry System, is a small, wall-mounted safe that holds building keys for fire departments, emergency medical services, and sometimes police to retrieve in emergency situations. Local fire companies can hold master keys to all boxes in their response area, so that they can quickly enter a building without having to force entry or find individual keys held in deposit at the station. Sometimes the Knox Master Key is stored in a key retention device such as Sentralok or KeySecure. Knox Master Key retention devices provide accountability on access to the key. KeySecure records an audit trail of when the key is accessed while Sentralok requires a dispatcher to release the key with DTMF tones.
A Knox-Box can simplify key control for local fire departments. It can also cut fire losses for building owners since firefighters can enter buildings without breaking doors or windows. It can also reduce the potential of a firefighter being injured forcing entry.
The disadvantage of the system is that it provides a single point of failure for security. If the key to a district's Knox-Box is stolen or copied, a thief can enter any building that has a Knox-Box. Sometimes a building manager wires the building's Knox-Box into a burglar alarm system so that opening the box trips the alarm, negating its use in facilitating clandestine entry. All Knox commercial boxes have a standard tamper switch for this purpose.
The keys for Knox KeySecure are the same throughout a district (the extent of which depends on the district). At the February 2013 RSA Conference, a researcher publicized a possible exploit, claiming that he had successfully ordered a box, disassembled it, and used the information from disassembling the lock cylinder to create his own master key.[1]
External links
- ^ "Security Expert Warns Fire Department Lockboxes Can Be Hacked", Reuters, February 28, 2013, http://www.reuters.com/article/2013/03/01/us-security-lockbox-idUSBRE92004T20130301