As typically portrayed in action movies, breaking into an ostensibly impenetrable safe often requires a world class lock-picker or, barring that, an array or C4 explosives positioned in just the right orientation.
But in the real world, surprisingly enough, defeating the security mechanisms on a top-notch Brinks safe can be done with nothing more than a USB stick and 100 lines of code. At the always entertaining Def Con Hacking Conference set to kick off in Las Vegas next week, researchers Daniel Petro and Oscar Salazar of Bishop Fox will detail how they were able to skirt around the defenses of the Brinks CompuSafe Galileo with relative ease.
As a quick point of interest, the CompuSafe Galileo is much more than your run of the mill safe with a combination lock. Rather, the safe is a modern behemoth geared for use in businesses as it can accept cash, count cash, and even provide detailed monetary reports to banking institutions. As noted by PC World, the safe “helps stores eliminate deposit discrepancies, reduce theft and free staff from recounting and auditing cash.”
At the same time, the safe comes equipped with a USB port, which is all the researchers needed to get to work and compromise the system.
The CompuSafe has a nine-inch touchscreen that runs an application that is used for entering authentication credentials. They found a way to escape that application—known as a kiosk-bypass attack—through a help menu, gaining access to the backend Windows XP embedded operating system.
With full access to the machine’s database, the researchers note that they can monitor user accounts, transactions, and last but not least, even open up the safe.
What’s more, Salazar adds that full system access also makes it possible for hackers to engage in a number of other types of frauds.
“You could very easily make the safe lie about the cash total it has,” Salazar explained. “It would be very difficult to track that theft down because the bank would receive exactly how much money it thinks it should be getting.”
As for a fix, both Salazar and Petro have been in touch with Brinks regarding the aforementioned software vulnerability. Unfortunately, actually implementing a fix has proven to be more cumbersome and time consuming that one would otherwise imagine.
But the fixes aren’t easy, and will likely require physical visits to safes, as the CompuSafe needs BIOS updates and other changes. Even then, it’s questionable whether the safes would be fully secure.
After all, Petro says coyly, “there’s still an exposed USB port.. and it’s still running Windows XP.
Lastly, the safe in question looks a little something like this.