Modern field guide to security and privacy

Researchers: We can crack a smart safe in less than 60 seconds

Bishop Fox researcher Dan Petro and senior security associate Oscar Salazar plan to demonstrate how an attacker can break into the CompuSafe Galileo next week at the Def Con security conference. 

All you need is a small flash drive – and 60 seconds – to break into a safe commonly used in businesses such as grocery stores and diners.

That’s according to researcher Dan Petro and senior security associate Oscar Salazar from information security consulting firm Bishop Fox. The pair promises to demonstrate how an attacker can break into the smart safe next week at the Def Con security conference, one of the largest hacker conventions held in Las Vegas, Nevada.

Connecting the safes to the Internet, Mr. Salazar said, “compromises security in an incredible way.”

“It used to take an hour to break into something like this,” Salazar told Passcode ahead of the planned demonstration. “[Now] it takes under a minute.”

The safe the researchers claim they can hack is a CompuSafe Galileo made by Brink’s, Inc., a globally recognized safe seller based in the US. Brink’s sold more than 20,000 CompuSafe units last year, including some 16,000 in the US, according to its annual filings. The Galileo model is one of several in the CompuSafe line.

Usually mounted under a cash register at a checkout line, the safe stores cash, money orders, and food stamps. It calculates the amount inside, which are wirelessly deposited into the business’ online bank accounts. Each CompuSafe Galileo safe can hold up to a quarter of a million dollars in cash at a time.

Brink’s did not respond to Passcode’s multiple calls and e-mail requests for comment about the alleged vulnerability by the time of publication. Salazar and Petro say they came across the vulnerability while conducting penetration tests on a client’s security systems and reported it to Brink's, the safe seller. 

“The safe was not designed with security in mind from the ground up,” Petro said.

Petro and Salazar claim the CompuSafe Galileo is vulnerable because of its physical construction. On the front of the safe, there is a USB port. The researchers were able to insert a flash drive that mimicked a mouse and keyboard and run about 100 lines of code to make the safe open.

It’s a fairly unsophisticated attack, but the researchers claim it works because the safe runs on the Windows XP operating system. Salazar and Petro say they accessed the Microsoft computer operating system in the safe with the flash drive they inserted, and were able to log in to the accounts used to service the safe, which have full administrative privileges.  

With that kind of access, the researchers say they were able to gain complete control over the contents of the safe. They could, Petro and Salazar said, conceivably change the logs to appear as if there was never any money in the safe in the first place – or even frame someone for stealing by altering the amount of cash reported. They could also infect the machine with malware to open the safe later.

The Def Con conference next week is known for featuring hackers who reveal vulnerabilities in devices on stage before the companies actually fix them. And Petro and Salazar say they reported the vulnerability to Brink's – now, more than a year ago – and believe the company is still determining how to fix it. 

Securing the safe in light of the vulnerability, Petro acknowledged, isn’t as simple as a software patch. Since the problem is in part due to the external construction of the safe, Petro and Salazar said CompuSafe Galileo users would need to disable the USB port using something like super glue. They could also put in place other extra security measures to keep potential attackers away – such as security cameras, lock checks, or even a bigger safe.

However, as Petro said, “it almost defeats the purpose of having the safe if you have to buy a bigger safe to put your safe into.”

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Researchers: We can crack a smart safe in less than 60 seconds
Read this article in
https://www.csmonitor.com/World/Passcode/2015/0728/Researchers-We-can-crack-a-smart-safe-in-less-than-60-seconds
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe