Hacker Unlocks ‘High Security’ Electronic Safes Without a Trace

From Wired:

“High security” consumer electronic safes could certainly be pried open with power tools, but they’re marketed as reasonably robust for daily-life scenarios. On Friday, though, a hacker known as Plore presented strategies for identifying a safe custom-selected keycode and then using it to unlock the safe normally, without any damage or indication that the code has been compromised.

At Defcon, researchers regularly give talks about picking and hacking locks, and there’s even a whole “lock picking village” where people can learn basic skills or share sophisticated techniques. But there are always new locks to investigate and what makes Plore’s techniques interesting is what they lack: any physical or even algorithmic sabotage.

Plore used side-channel attacks to pull it off. These are ways of exploiting physical indicators from a cryptographic system to get around its protections. Here, all Plore had to do was monitor power consumption in the case of one safe, and the amount of time operations took in other, and voila, he was able to figure out the keycodes for locks that are designated by independent third-party testing company Underwriter’s Laboratory as Type 1 High Security. These aren’t the most robust locks on the market by any means, but they are known to be pretty secure. Safes with these locks are the kind of thing you might have in your house.

In practice, Plore was able to defeat the security of two different safe locks made by Sargent and Greenleaf, each of which uses a six-digit code. “I chose Sargent and Greenleaf locks due to their popularity. They are the lock manufacturer of choice on Liberty brand gun safes, among others, and safes featuring those locks are widely available at major stores,” Plore told WIRED. Plore said he didn’t have time before Defcon to …

Continue Reading