Security Review: Apartment Complex Rent Drop-boxes

By levya at 4:53 pm on March 13, 2009 | 1 Comment

Most people renting an apartment use a common drop-box to pay the rent. Most often this is located in an easily accessible common are like the mailboxes or near the manager’s office. The setup to be discussed here is a box with a key lock. The box has a flap that opens with just enough room to slip in a folded check but, presumable, not enough to reach in.

Assets/Security Goals

  • The money in the checks
  • The personal information and signatures on the checks

Adversaries

  • Non residents interested in stealing money or identity
  • Residents interested in the same
  • Residents interested in forcing neighbors into late fees or the like

Weaknesses

  • The checks are left in the box often for days. This means there is a significant amount of time during which the box can be compromised without anyone noticing.
  • Common areas are accessible not only by residents, but quite easily by non-residents: guests, or strangers who follow a resident through the main door.
  • The key lock is often a very weak lock which is easily picked or broken.
  • The box itself is often cheap a flimsy or is fastened together with regular screws. Using a screw driver in the easiest case, or to the extreme a crow bar or brute force.

Potential Defenses/Conclusion
There are several solutions which could alleviate to a large extent these security risks. An overriding weakness of these solutions is that they are relatively expensive compared to the cheap cost of existing drop boxes and the biggest stake holders (the residents paying rent) are not in charge of choosing the solution (the building managers). Nevertheless, I will discuss some possible solutions. There are two basic levels of the solution. Limiting access to the box: general complex security measures like double door entrances, keys on more doors before getting to the drop-box area and the like, as well as only leaving checks out for a shorter period of time (perhaps collecting several times a day during payment periods. Making the drop box more secure: stronger boxes and locks would prevent access to the checks. Moreover, other methods such as direct delivery (in person) to the managers would eliminate most of these vulnerabilities. These solutions either compromise convenience (for example delivering directly to manager means that more coordination is required) or money (for example more expensive boxes or locks).

Filed under: Physical Security,Privacy,Security Reviews1 Comment »

1 Comment

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Evil Rocks

    March 14, 2009 @ 6:12 pm

    All of this is moot until the good autocrats coders at Google decide to upgrade my GrandCentral account to Google Voice. Which, it’s been freaking days now and I’m still stuck on the old system.

RSS feed for comments on this post