During a recent search for new networking equipment I stumbled upon “locking” RJ-45 jacks. Due to a round of lost in translation the word “locking” as in fixating or fastening was translated to “abschließbar” - “lockable” as you’d do with a door. The description also stated enhanced security for areas with higher security requirements such as banks, airports and schools. Costing only 4€ and an extra 4€ for the “key” I just couldn’t resist to give the security benefits a test drive.
What to expect?
Having bought a system with a single master key design the security impact can obviously only be rather low, especially when taking a skilled and motivated attacker into regard, who would simply buy a key. Still the approach can still be valid to stop normal users and walk-ins from attaching to a network port. Although security through obscurity is usually used in a very negative way, in the physical world it’s often the only possible solution. As such, the question isn’t whether the jacks are secure or not but rather if they stop an attacker from directly accessing the port.
The part I bought actually is a CAT6 Coupler and as such gave me two chances for breaking it. To be able to “unlock” the jack I also needed a “key”. The overall system is produced by a company called “Intellinet Network Solutions”. They sell single sockets, couplers and complete patch panels with the locking feature. Next to the security benefits the sockets are also intended for use in moving environments, where the plug might become loose over time. This aspect is easily proven after having inserted a cable for the first time, it cannot be pulled from the jack, not even with a reasonable amount of force.
The locking feature consists of a small metal plate in the top of the jack with a hole for the clip on the plug. After inserting the plug, the metal plate locks in between two metal wires at the back and can as such not be pulled out.
To remove the plug one needs a special tool to spread the two wires at the back of the jack apart and release the plate.
When releasing the plate the right side is used. It comes with a dummy plug which will hook into the plate and pull it out. The other side is to be used, when releasing a plug.
When not having a plug inserted, the plate will also prevent a new plug from entering, as the clip will not be able to slide in.
A deeper dive
The coupler and the jacks themselves are quickly dismantled.
The metal plate actually just is a metal frame, and the two wires in the back practically are a single one, but, close enough. The picture nicely shows the arrow-head shaped back of the plate which squeezes in between the wires and cannot be pulled out. Due to the rather tight casing it is also not possible to twist the metal plate in place.
As the mechanism obviously relies on the clip on the plug, I decided to try inserting a “hotplug” cable, basically one of the many RJ plugs with the clip broken off.
After being able to insert a cable, the next challenge is to remove a cable. To do so, I decided to measure the necessary force for pulling a plug from the socket. As I sadly didn’t have a proper gauge available, I decided to go for a bucket and water!
Turns out, after filling just about 13L of water into the bucket the plug ripped from the socket -> it’ll hold just over 13kg of pull. And, obviously, the metal wires holding the plate were the weak point.
The metal plate actually stayed in place, as such a plug will slightly stick out after inserting it. But it’ll work!
Well, they will probably keep away bored people just wanting to check out a port! Above this a prepared attacker will have a key and unprepared attacker might be able to figure out the hotplug approach or just rip the plug from the socket.