Literal Backdoor Security Flaw



  • I own a condo which I rent. My tenant just moved out and at the end of the walkthrough she gave me the keys. She was unsure of which key the back door went with (generally only used as a fire escape) so she started trying keys and discovered that it was... the front door key. Meaning, the key to the front door of the building everyone uses.

    Incredulous, I tried the same key for the neighbor's back door. It turned.

    As it turns out last year as part of renovations the management company had changed all the building front doors, and with them the locks. We were given all new keys. What they didn't tell us was they had also changed all of the locks to the unit doors in the fire escapes to use that same key.

    This is a management company who I could write a WTF story on a daily basis for years, but this was by far the most heinous. This past November the HOA finally voted to not only choose another management company, but also prematurely break/cancel the contract in the process due to what they feel was the management company not holding up their end of the bargain (which was probably one of the few unanimous voting sessions our HOA ever had). Basically, they fucked up garbage collection, snow removal, they left a roof leak in the common area get worse and worse, ignoring repeated complaints by residents until finally part of the stairwell caved in... How this management company has survived this long without getting sued into oblivion is beyond my comprehension. And it's not like these condos are slums. They are middle class condos built 11 years ago.

    I'm also perplexed as to how they even were able to change the backdoor locks, as they supposedly didn't have access to the units before, and in order to change the lock you need to enter the unit, lest you break the door down, which they didn't.

    So, now I have to make sure the situation is rectified before I get another tenant. I could switch the locks myself, but I'd rather them do it for all of the units anyways, since otherwise, there's a lot of liability involved. The new management company seem much more competent, although I think they'll find my discovery hard to believe, and seeing that it was April 1st when I sent the email, I'll have to do some extra convincing that this is not a joke.

    I could use this as an analogy to the whole Apple-FBI thing, but it's too easy.



  • On the bright side, if you lose your key you can always ask one of the neighbours. This way, there's no need to make copies and give them to trusted neighbours.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.