 The best kind of doors are the doors you have to explain. Welcome to Unhinge. Today, we do have a very special nerd. Gary, hopefully it's okay, I call you a nerd or I guess Gappy, last but not least. I don't know if this one's up your alley. This is more of a life safety concern, but I thought it was funny and this one I took myself, so. Hold on, there's like way more pictures here. Yeah, sorry. That's a door that's turned into a coffee sign. Yeah, I thought that was cool. I thought that was cool. But then right behind it, you can see the exit sign in the first picture. That's the first thing that caught my eye was this, by the way, fantastic coffee, wonderful coffee. The barista, like really new stuff. So that was really nice. And I thought the coffee sign was very creative, you know, repurposing an old door. But then right behind it, there's this dingy little residential. Do not turn this latch ever. Emergency egress probably shouldn't have the door locked always. It also opens in because of the hinges. Also not supposed to happen, that should go out. So you don't have another Chicago fire episode where everybody pushes on the door and all burns. That one in particular, I used to get that one wrong all the time. If the occupancy of the building is under 50 or the surrounding area is less than it doesn't require, but I mean, this is a pretty large coffee shop. I don't know what the rated occupancy was, but you could probably put a good chunk of people in here. I don't know my codes that well. Is that the business occupancy or the building occupancy itself? It would be of the area surrounding, yeah. So like the... That's max occupancy, right? You know what the nice thing is? Well, no, I was thinking it might be a bolt, but I don't think it is a bolt. Yeah, it's like a residential lock. Like they've got a pin pad from the outside. So it's just a latch. There's no bolt there. No, I mean, I'm sure it has a auxiliary latch on it, but it's just a latch. There's no bolt on it. Yeah. You want coffee? Coffee looks nice. I mean, what are the chances that there's gonna be a fire and they're not gonna be able to get out because it's locked and they gotta pull out? What are the chances? Very slim. But... I'm just telling you what my clients tell me all the time. What are the chances? The four pieces of red tape that are below the lock. What was there before? And then is there a peephole that a sign is over or am I just imagining that? Oh, right there. Is that... Yeah. I mean, it could be a peephole, but... And is the fire extinguisher actually there or is the sign... I was gonna say, yeah. Where's the invisible and fire extinguisher? Is this Wonder Woman's fire extinguisher? Like what? It looks like they're missing the magnet for their reed switch too. So they don't have an alarm on the back door. Oh, yeah. Good eye. So not only is the latch easily defeatable, but there won't be an alarm system going off when you break in and set up a Wi-Fi hotspot. Coffee shop, people log on there and looking for Wi-Fi. There might be... That was a thing. I'll show you the tool that we use for that. It's called a pineapple, what this is. They actually make these, you can go smaller than this. This is a big one for enterprise type stuff just for a distance, but where people will put smaller versions of the pineapples and they'll put it in a coffee cup and then they'll put the smaller antenna here to make it look like it's a straw and then they'll walk around the coffee shop and you just, you basically set up your own network. How many times you've been to Starbucks and you see Starbucks and then Starbucks one or Starbucks two, one network gets slow, but you just walk in and you just make Starbucks three and then everybody will connect and you just man in the middle everything and you can get their credentials, you can like all sorts of fun stuff. Don't use probably a Wi-Fi unless you're using a VPN and unless you're on something that you just don't care about and you're not, you know, connecting to your bank account or something. Good advice. I could see a coffee shop being somewhat of a hacker's gold mine because people are looking for Wi-Fi. I can tell you firsthand that when you are first starting out, coffee shops are the way to go. If you set up a Wi-Fi, right? As long as you're not doing it to steal something from somebody, like you're not doing anything wrong. And so a lot of budding hackers and younger hackers, they'll do it just to have people connect and then, ooh, look what I did. People are connected. Oh, I could bone them. And it doesn't take much. Like you just have to connect. I hate when I have to go into a store like Lowe's, right? And they force you to use their Wi-Fi if you wanna search for anything. Yep. Cause they'll just, they cut off cell service. And I'm like, no, unless it's like dire, I can't find the thing I came there for. I'm like, no, I'm not connecting to your whatever is happening here. There's a gentleman, his name is Luke McComey and he's a pretty kind of old-schooly hacker. And he's part of this initiative where they're putting a bunch of QR codes all over. We've got stickers that you put over. And the whole point of it is to run it, I think for a year or two and see how many people look at those QR codes. And then they're going to show people what data you can pull just from looking at somebody's QR code. It's scary what people can get from your devices. They can track you after that. There's just a million different things that they can do. So yeah, there's a reason that companies do that because they want that metadata because they can sell it for money. That's how Facebook exists. Facebook sells your data. That's what they do. They don't make any money because you decided to make a webpage. Like they make nothing from that outside of advertisement, but through advertisement and then that metadata and what they do with that and who they sell it to, that's where the big money is. So yeah, big box stores like that, they absolutely want you to connect there. And our viewers came on here thinking they were just going to learn about door hardware today. One of the things that I like to preach more than anything when I stand on my soapbox is there is a discrepancy and security that is widening right now, I think, in a big way. And it's that people look at physical security differently from logical security or different from human security. And it's just not the same. It's just, it's security. You see the security officers. You see VP's of security, VP's of facilities maintenance. You see all these high level executives that are responsible for security and they don't put two and two together. Like they don't realize that your call list, that sitting on somebody's desk that has everybody's names, numbers and extensions is data. And that if somebody like me tailgates behind someone into a building and I start taking pictures of everything, that's data loss. Your job is to make sure that I can't get in the building CISO, you know? And if you don't have a CISO, then whoever's in charge of your security, it might be your VP of IT, it might be your VP of physical security. But man, like physical security people really, really, really are laxed in their ability to protect and safeguard data, right? Or using the air quotes as far as data, which is everything, because they don't understand that your network security needs to be protected. I shouldn't be able to plug in to your drop in the conference room. And then my IT guy will be like, well, how am I supposed to fix the doors? That's not my realm of responsibility. And then the physical guy turns around and says, well, how am I supposed to protect RFID readers? That's not my responsibility. I don't have the ability to make cards. That's IT. And they just sit there and they point fingers back and forth and nothing gets done. And then people like me walk in. Literally, just walk in. You know what our win rate is, Benji? How many times we've been stopped? How many? Zero. Zero times. Every facility that we've ever done a red team on or done some sort of physical assessment, we've gotten into every single one. We've never been blanked. Wow. We'll set off alarms. Guards will come running. We've done military bases where CERT team has come in with M4s and stuff looking for us. But because we didn't set the lights on in the room because it was all on motion sensors that they didn't check the rooms where the lights weren't on because they figured we weren't in there because the motion sensors didn't get tripped. So that's how they cleared the room, which obviously that protocol has been changed now. But yeah, they're just sitting in there like this, typing on a computer, not moving to make sure that they didn't set the sensors off in the room while the CERT team was running back and forth, you know, screaming and yelling like, room clear, this room clear, far corner clear, dear corner clear. I hope they don't come in here. That's fun. I'm something new every day. Hey, if we were going to give this an acting score, what do you think? Again, more like fire and safety. But I would say, depending on the building and what its total occupancy was, like you were learning me earlier, if it's opening in and it's supposed to open out, that's a really bad thing. There's no fire extinguisher. Where's the fire extinguisher at? The door's locked at all times. They've got it taped. So, I mean, the way that that door handle probably should work is if you pull on the door handle then it should unlock itself. But they've got tape all over it to try to make sure that if somebody pulls on it, it doesn't unlock itself, which means you can't get out. People panic and they do dumb things. I don't know. I'd say this is probably a critical. Maybe a high somewhere in there. Security-wise, it's definitely a critical. It's terrible, but you know, you're protecting coffee. I think there's one key takeaway from this episode. It's never just protecting coffee, right? There's other opportunities in here to get other information. I feel like it has to be a 10 for multiple reasons. Number one, the door is permalocked, which is unsafe, but also we're using a residential grade hardware set. So it's also not super secure. We don't have a fire extinguisher. There's a metal wrap around the frame. Door's been compromised already. And then we obviously don't know the occupancy thing. So I feel like it's a 10. We missed something. The exit light is not lit. Because if you look all the way to the left, it feels like it might be slightly lit and it just might be the angle that you're at. Oh, maybe. I feel like if you're standing in front of the door, you shouldn't be able to tell if it's lit or not. Yeah. Lights go out, smoke's flying. It's gotta be obvious. But then it's almost better that it is off because if the lights do go out to this, don't go to this exit. Please tell. Although I'm pretty sure if you yanked hard enough, you could just break that lock. There's some plastic parts in there just saying so. I've got a question. What's going on with the electric to the left of the door? Because it kind of looks like it goes up there for the exit light, but then there's another up above the exit light. And then if you go to the right side, there's another cord there. And yeah, what is going on? They definitely need a fire extinguisher over there, I'm thinking. Especially with all those exposed cords, you never know. I got a question for you because I don't know. And you're the doordner. If you have minimum amount of exit points for a building, right? And you are over that minimum amount, can you bar the door? So you could as long as it's not clearly marked as an exit. If you have an extra exit, you could remove the exit sign and use that door for something else as long as you have enough exits still available for people to leave. So they could, if they had another exit, take this exit sign down and then just bar the damn thing. Because it doesn't look like they ever want anybody going through it in the first place. Yeah, no, that's actually bring up a good point. Like maybe the light isn't on because they dismantled this as an exit, but really it's still an exit. People are going to assume it's an exit because they're going to panic and look for the sign. If that is the case in this here, they're still not code compliant because they would have to remove that sign. Exit sign? Yeah, see, learning stuff. I think we got schooled today, right, Benji? Yeah. Well, Gary, thank you again so much for joining us on the show. I appreciate your time and insights. And I know I'm a little more scared than I was hopping on. So you did your job. It's been fun looking at these installs through your eyes. So thank you for your time. Appreciate you hopping on. Absolutely, anytime. Thanks for having me. I appreciate it. Yeah, and for you viewers out there, make sure you join us for the next episode of Unhinged. Our doors are always open because they're unhinged. If you want to be featured on a future episode of Unhinged or if you have a picture to submit, you can email me at Mia at doorhardwarenerds.com. Thanks for watching.