The Escape

December 15, 2014


The hacker mindset is one of curiosity and intrigue into how systems and various things work. We try to understand how a particular system works and then look for ways that it could be manipulated, repurposed, improved, or exploited. This curiosity is not limited to computer systems but encompasses all things we may have the chance to run into. As application security professionals we apply our hacker mindset to computer applications but often our curiosity leads us to look into many other things. At Security Compass we are often talking about ways new devices or systems could be manipulated. Some of our recent tangents include lock picking, getting out of hand cuffs, insulin pumps, finding as many possible ways to break into our office, convincing bar tenders to give us free stuff, and hacking each other’s laptops so that the victim can let the whole office know how much they love innocuous items like baggy pants.

In a recent trip to Quebec City for the Hackfest 2014 conference I had the opportunity to apply my hacker mindset to a new challenge: Escaping a straitjacket. Here I will outline my approach to the problem and walk you through what is going on as I perform this escape. The video you are watching is the first time I had ever been detained in a device of that type.

Before Getting Strapped In

I had the chance to look at the jacket to examine the buckles and safe operating instructions before being put in it. The weight rating for that jacket was set up to a maximum of 155 pounds. My weight is about 40–50 pounds over that which actually should have made the jacket much harder to escape as it would be more restrictive. Aside: I later noticed that it was particularly tight in my shoulders. Sizing is pretty important when it comes to these as a slimmer person can get out of this jacket really easily. The lesson from this is that if someone is going to put you in a strait jacket and asks you your weight; lie and tell them you are heavier then you really are.

While Being Strapped In

The strategy here is to give your-self as much space in the coat as possible. As the jacket is being applied I was puffing out my shoulders and holding my arms in a way that kept my elbows out a little further from each other then they should have been. This meant that I would have a little more room to move my arms when it came time to escape. If you are ever in a position where someone is putting a straitjacket on you, always complain about how tight it is and they may go a little easier on you by a belt loop notch or two.

First Move: Left wrist above right elbow

As a result of having socially engineered my way into a looser than normal binding, this step was easily completed in a matter of seconds. In subsequent attempts I had the straps a little tighter and to perform this step I had to use a wall to force my left hand and wrist above the right elbow.

Second Move: Left wrist above shoulder and head

For this I used the wall to push my hand and the jacket sleeves up over my shoulder. An important thing to remember is that your right hand is low behind your back and it is attached to the left hand you are trying to raise over your shoulder so you also need to suck your stomach in and try to raise your right hand as high as possible. In subsequent attempts with the jacket on the tightest settings I had to use the wall and props around me to push the sleeves over my shoulders. I’ve been told that straight back chairs and door handles are easily used to hook into the point where the sleeves connect behind your back and use the chair or door handle to lift the sleeves up over your head.

Third Move: Unhooking the straps

Once the tension is released from the sleeves they are easily unhooked with your teeth or by jiggling them out of place. This step is pretty trivial and by this point you are almost free. If you have a door handle that you can use to help you with the next step you don’t even need to do this step.

Fourth Move: Pulling the jacket off

If you have broad shoulders or a disproportionate body, this step can be a little challenging. One strategy is to skip the previous step and just hook the sleeves onto a door handle and use it to pull your-self out of the jacket. Most people can remove it like a T-shirt over their head without too much difficulty but it tends to depend on the fit of the jacket and your particular body type. You may have noticed that in this case the through the legs strap on this device was not done up. This is easily removed by reaching behind your back and pinching your hands on the strap to pull it out of place.

Now that you’re free we can ask the question, how the heck did you find yourself in that situation in the first place? I hope you enjoyed this guide however impractical it may be. Just a fun tidbit of information you can tuck away in your brain on the off chance you may need it to escape a mental health institute or impress a crowd full of people at your next cocktail party.

Thanks to Sparrows Lock Picks for loaning us their straitjacket for the purpose of this demo (and to play with around our office). Thanks to Nicolas-Loïc Fortin for filming this video.

Previous Article
4 Reasons Why You Should Define Software Security Requirements for Mature Applications
4 Reasons Why You Should Define Software Security Requirements for Mature Applications

There’s a common misconception that security requirements are only useful for net new applications. Most pe...

Next Article
Women in Tech: Sintia Maria Sanches
Women in Tech: Sintia Maria Sanches

These blogs are about remarkable employees that contribute to Security Compass’s culture in more ways than ...

Learn how you can use SD Elements to integrate security into software development.

Watch Video